GPG support
Closed this issue · 8 comments
Is GPG support still on the roadmap ?
Is the only problem here man hours, or is there an unsolved technical problem ? Issue #7 was never answered, but asks this question as well.
I have just received my Onlykey and would love to be able to use it as the GPG key for pass(1).
@Superpat GPG support is definitely doable, its mostly a matter of man hours although there are some technical challenges. It's still on the road map just behind some other things. If any python developers out there are up for a challenge I would be happy to work with them to implement this feature.
I'm also very interested in GPG support. Is this something we can port from trezor-agent? Where would one begin? If you could define the work to be done in smaller steps that would be super helpful.
@haplo Yes, we can and that was originally the plan. Trezor-agent will accept a PR to add OnlyKey support in - romanz#303
To start, I think this would involve:
-
Add new agent for OnlyKey here - https://github.com/romanz/trezor-agent/tree/master/agents
-
Add python-onlykey dependency as this is what is used to communicate with the OnlyKey
-
Get SSH working, there is basically a get public key function and a sign function that signs a blob. We do a similar thing to what trezor agent does but there are a couple of differences like we support specifying key type of p256 or ed25519. And we have slot variable (default 132) where you could choose a different key to use, so we would just need to merge this and have something where if the agent is OnlyKey you do it this way, else do it the way it currently is:
Our method -onlykey-agent/onlykey_agent/client.py
Line 53 in b0ddb68
trezor-agent - https://github.com/romanz/trezor-agent/blob/master/libagent/ssh/client.py -
Finally get GPG working, if we get to this point I will be happy to do this. It will take some changes to both the OnlyKey firmware and python-onlykey but looks to be pretty straight forward just have to implement pubkey, sign, and ECDH - https://github.com/romanz/trezor-agent/blob/master/libagent/gpg/client.py
Thanks again for your willingness to look into this, it would be a great improvement to get this working.
I have implemented support for OnlyKey, including:
SSH (ed25519 and nist256p1)
GPG Sign (ed25519 and nist256p1)
GPG Decrypt (curve25519 and nist256p1)
@onlykey I am interested in beta testing. I mainly want to GPG-sign git commits. My current GPG key is RSA, so I will need to create a new one.
@haplo The GPG will work the same as the SSH so you would not need to create a key (although I am adding feature to were you can use custom key). You don't have to create a key, this is one of the main benefits to the agent, unique key is generated based on input, this is how SSH can support an unlimited number of keys - https://docs.crp.to/onlykey-agent.html
onlykey-agent test@test.com
creates a different key then
onlykey-agent test2@test.com
It is the same by default for the GPG agent. You create an identity such as <name "user@domain.com"> and a unique key is created.
GPG support has been implemented - https://docs.crp.to/upgradeguide.html