AttributeError: 'Namespace' object has no attribute 'run'

[tscs37]

Installed trezor-agent as per readme, then as per readme for the gpg module on a clean Ubuntu 16 VM.

I'm not quite sure what I broke but the ssh-agent works fine.

[romanz]

Thanks for reporting this issue!
It's probably my fault - please try to update trezor-agent to the latest development version:

$ git clone https://github.com/romanz/trezor-agent
$ cd trezor-agent
$ pip install -e .

This way, you can update your trezor-agent version, simply by running git pull :)

[romanz]

BTW, could you please run pip freeze inside the virtual environment?
It should print all the installed packages, with their versions...

[romanz]

I see that you are using Python 3.
Please try the following installation instructions: #11 (comment)

[tscs37]

Regarding #11, my environment is basically Ubuntu + those commands inside venv.

pip freeze output:

I tried installing with the given instructions from source, but the error remains.

edit: Also tried to install the develop version of the python-trezor package

[romanz]

Thanks for the reply!
Please try calling trezor-gpg create (to create new TREZOR-based GPG key) or trezor-gpg sign (to sign a file using the TREZOR).

The error you are getting is indeed not descriptive - I will fix it out.

[romanz]

BTW, Python 3 GPG support may be broken now...
I am working on this, and will update when it will be fixed.
Sorry for the inconvenience :(

[tscs37]

trezor-gpg create seems to create a key but HCF's later on.

trezor-gpg sign doesn't work without a key that I can't get without create.

edit: if support on python3 is broken, than so be it. I'll just wait a bit.

[romanz]

Please take a look on the latest version decd3dd.
It seems to be working :)

[tscs37]

Getting closer now.

I commented out the assert and it seems to work just fine, however, GPG returns an error, which I worked around by using allow-non-selfsigned-uid in the gpg.conf.

I can import the key into GPG, but trezor-gpg refuses to sign subkeys or messages due to a ecdsa BadSignature error:

[romanz]

It seems that you are not using the correct TREZOR firmware for this feature - currently, a custom firmware version needs to be built (see here for an example build).

[romanz]

It's getting late here - so let's continue tomorrow :)

[tscs37]

Yeah, I'll see tomorrow, I'll test the custom version then and see if it works.

[tscs37]

With the newest firmware release, Key Creation works flawless with one exception:

Creating a subkey yields this:

2016-05-23 10:09:07,016 DEBUG      loaded public key "b'Example <mail@example.org>'"
2016-05-23 10:09:07,123 DEBUG      nist256p1 ECDSA signature is OK (True)
2016-05-23 10:09:07,123 DEBUG      GPG public key is OK
2016-05-23 10:09:07,123 INFO       adding subkey to primary GPG key "Example <mail@example.org>" (27BD587FECB36028)
2016-05-23 10:09:07,123 INFO       confirm signing subkey with hardware device
2016-05-23 10:09:07,124 DEBUG      hashing 188 bytes
2016-05-23 10:09:07,124 INFO       signing digest: BF09A909798CD0C0F6B105D73248F51C488E2B416A840EBA1554583803FB60D1
2016-05-23 10:09:09,805 INFO       confirm signing subkey with gpg-agent
2016-05-23 10:09:09,816 DEBUG      hashing 191 bytes
2016-05-23 10:09:09,816 INFO       signing digest: BA6A14132AF1EA58135B4AE1FCD83268EB613ABE95E1A42B6832DC51589CD074
Traceback (most recent call last):
  File "/usr/sbin/trezor-gpg", line 9, in <module>
    load_entry_point('trezor-agent', 'console_scripts', 'trezor-gpg')()
  File "/home/x/projects/others/trezor-agent/trezor_agent/gpg/signer.py", line 84, in main
    args.run(args)
  File "/home/x/projects/others/trezor-agent/trezor_agent/gpg/signer.py", line 24, in run_create
    subkey = f.create_subkey()
  File "/home/x/projects/others/trezor-agent/trezor_agent/gpg/encode.py", line 178, in create_subkey
    unhashed_subpackets=unhashed_subpackets)
  File "/home/x/projects/others/trezor-agent/trezor_agent/gpg/proto.py", line 176, in make_signature
    sig = signer_func(digest=digest)
  File "/home/x/projects/others/trezor-agent/trezor_agent/gpg/encode.py", line 61, in sign
    keygrip=self.keygrip, digest=digest)
  File "/home/tim/projects/others/trezor-agent/trezor_agent/gpg/keyring.py", line 109, in sign_digest
    assert _communicate(sock, 'RESET').startswith('OK')
  File "/home/x/projects/others/trezor-agent/trezor_agent/gpg/keyring.py", line 27, in _communicate
    sock.sendall(msg + '\n')
TypeError: a bytes-like object is required, not 'str'

I wish my python-fu was good enough to fix it.

Signing works perfect.

[romanz]

Great to hear :)
I will take a look on the subkey error later this week.
Thanks again!

[tscs37]

Thanks a lot for fixing things! I can work with this from here I think and see if I can somehow sign the subkey myself.

[romanz]

Please try the latest version, it should support creating GPG subkeys with Python 3.

[tscs37]

2016-05-23 22:35:32,168 INFO       nist256p1 GPG public key <A6115DE621401821> created at 2016-05-23 22:35:28 for "Example <mail@example.org"
2016-05-23 22:35:32,171 DEBUG      prefix byte: 0b10011000
2016-05-23 22:35:32,172 DEBUG      packet length: 82
2016-05-23 22:35:32,172 DEBUG      parsing elliptic curve key
2016-05-23 22:35:32,172 DEBUG      mpi: 4eef2b4c8579962b01cd93536547e4f18ddd5ddc97d67956de0407c44e78cb9ffbb467aa8574da30f67bf2a6b2a247ecc3a22fe33f4d0a6941456ccc684638d2b (515 bits)
2016-05-23 22:35:32,222 DEBUG      key ID: 9FCAA3A23D84D289
2016-05-23 22:35:32,222 DEBUG      packet "pubkey": {'created': 1464034956, 'algo': 19, 'verifying_key': <ecdsa.keys.VerifyingKey object at 0x7f894eeb0748>, 'version': 4, 'tag': 6, 'key_id': b'\x9f\xca\xa3\xa2=\x84\xd2\x89', '_to_hash': b'\x99\x00R\x04WCf\x8c\x13\x08*\x86H\xce=\x03\x01\x07\x02\x03\x04\xee\xf2\xb4\xc8W\x99b\xb0\x1c\xd956T~O\x18\xdd\xd5\xdd\xc9}g\x95m\xe0@|D\xe7\x8c\xb9\xff\xbbFz\xa8WM\xa3\x0fg\xbf*k*$~\xcc:"\xfe3\xf4\xd0\xa6\x94\x14V\xcc\xc6\x84c\x8d+', 'type': 'pubkey', 'verifier': <function _parse_nist256p1_verifier.<locals>._nist256p1_verify at 0x7f89516c9f28>}
2016-05-23 22:35:32,222 DEBUG      prefix byte: 0b10110100
2016-05-23 22:35:32,222 DEBUG      packet length: 36
2016-05-23 22:35:32,222 DEBUG      packet "user_id": {'tag': 13, 'value': b'Example <mail@example.org', 'type': 'user_id', '_to_hash': b'\xb4\x00\x00\x00$Example <mail@example.org'}
2016-05-23 22:35:32,223 DEBUG      prefix byte: 0b10001000
2016-05-23 22:35:32,223 DEBUG      packet length: 118
2016-05-23 22:35:32,223 DEBUG      packet "signature": {'sig_type': 19, 'pubkey_alg': 19, 'hashed_subpackets': [b'\x02WCf\x8c', b'\x1b\x03', b'\x15\x08', b'\x16\x00', b'\x17\x80'], 'tag': 2, '_to_hash': b'\x04\x13\x13\x08\x00\x12\x05\x02WCf\x8c\x02\x1b\x03\x02\x15\x08\x02\x16\x00\x02\x17\x80\x04\xff\x00\x00\x00\x18', 'type': 'signature', 'unhashed_subpackets': [b'\x10\x9f\xca\xa3\xa2=\x84\xd2\x89', b'dTREZOR-GPG'], 'hash_prefix': b'\xcbd', '_is_custom': True, 'version': 4, 'sig': (112975367590693324628121630948389192915285721825359899457165967785745349316987, 54335387481863295612862438798654169215091731748096905814903738433835751544376), 'hash_alg': 8}
2016-05-23 22:35:32,223 DEBUG      prefix byte: 0b10011000
2016-05-23 22:35:32,223 DEBUG      packet length: 82
2016-05-23 22:35:32,223 DEBUG      parsing elliptic curve key
2016-05-23 22:35:32,223 DEBUG      mpi: 4eef2b4c8579962b01cd93536547e4f18ddd5ddc97d67956de0407c44e78cb9ffbb467aa8574da30f67bf2a6b2a247ecc3a22fe33f4d0a6941456ccc684638d2b (515 bits)
2016-05-23 22:35:32,273 DEBUG      key ID: 0721805E6CDBC234
2016-05-23 22:35:32,273 DEBUG      packet "pubkey": {'created': 1464035673, 'algo': 19, 'verifying_key': <ecdsa.keys.VerifyingKey object at 0x7f894eeb08d0>, 'version': 4, 'tag': 6, 'key_id': b'\x07!\x80^l\xdb\xc24', '_to_hash': b'\x99\x00R\x04WCiY\x13\x08*\x86H\xce=\x03\x01\x07\x02\x03\x04\xee\xf2\xb4\xc8W\x99b\xb0\x1c\xd956T~O\x18\xdd\xd5\xdd\xc9}g\x95m\xe0@|D\xe7\x8c\xb9\xff\xbbFz\xa8WM\xa3\x0fg\xbf*k*$~\xcc:"\xfe3\xf4\xd0\xa6\x94\x14V\xcc\xc6\x84c\x8d+', 'type': 'pubkey', 'verifier': <function _parse_nist256p1_verifier.<locals>._nist256p1_verify at 0x7f894eea98c8>}
2016-05-23 22:35:32,273 DEBUG      prefix byte: 0b10110100
2016-05-23 22:35:32,274 DEBUG      packet length: 36
2016-05-23 22:35:32,274 DEBUG      packet "user_id": {'tag': 13, 'value': b'Example <mail@example.org', 'type': 'user_id', '_to_hash': b'\xb4\x00\x00\x00$Example <mail@example.org'}
2016-05-23 22:35:32,274 DEBUG      prefix byte: 0b10001000
2016-05-23 22:35:32,274 DEBUG      packet length: 118
2016-05-23 22:35:32,274 DEBUG      packet "signature": {'sig_type': 19, 'pubkey_alg': 19, 'hashed_subpackets': [b'\x02WCiY', b'\x1b\x03', b'\x15\x08', b'\x16\x00', b'\x17\x80'], 'tag': 2, '_to_hash': b'\x04\x13\x13\x08\x00\x12\x05\x02WCiY\x02\x1b\x03\x02\x15\x08\x02\x16\x00\x02\x17\x80\x04\xff\x00\x00\x00\x18', 'type': 'signature', 'unhashed_subpackets': [b'\x10\x07!\x80^l\xdb\xc24', b'dTREZOR-GPG'], 'hash_prefix': b',\xbf', '_is_custom': True, 'version': 4, 'sig': (106877658691645883777068073616205587862276190091757119346334359910803888380135, 32673668421044222458212113974906366297179012326241090224109809054039055546513), 'hash_alg': 8}
2016-05-23 22:35:32,274 DEBUG      loaded public key "b'Example <mail@example.org'"
2016-05-23 22:35:32,382 DEBUG      nist256p1 ECDSA signature is OK (True)
2016-05-23 22:35:32,382 DEBUG      GPG public key is OK
2016-05-23 22:35:32,383 INFO       adding subkey to primary GPG key "Example <mail@example.org" (9FCAA3A23D84D289)
2016-05-23 22:35:32,383 INFO       confirm signing subkey with hardware device
2016-05-23 22:35:32,383 DEBUG      hashing 188 bytes
2016-05-23 22:35:32,383 INFO       signing digest: C0C2F43C5028CC3CD35F3676B2EB5ED66CAF8C7FB6E01E8A1154A1B3DB6A97A8
2016-05-23 22:35:34,827 INFO       confirm signing subkey with gpg-agent
2016-05-23 22:35:34,839 DEBUG      hashing 191 bytes
2016-05-23 22:35:34,839 INFO       signing digest: 34B8B2EBF2A5F155EC42B211FE1A29C34044B092EDAFC084F18D7534072419B8
2016-05-23 22:35:34,840 DEBUG      -> 'RESET\n'
2016-05-23 22:35:34,840 DEBUG      <- b'OK Pleased to meet you, process 9487'
2016-05-23 22:35:34,842 DEBUG      -> "OPTION ttyname=b'/dev/pts/0'\n"
2016-05-23 22:35:34,843 DEBUG      <- b'OK'
2016-05-23 22:35:34,843 DEBUG      -> 'SIGKEY E6F1CE63D36416E7BCD3D1272F9669A95FE31214\n'
2016-05-23 22:35:34,844 DEBUG      <- b'OK'
2016-05-23 22:35:34,844 DEBUG      -> 'SETHASH 8 34B8B2EBF2A5F155EC42B211FE1A29C34044B092EDAFC084F18D7534072419B8\n'
2016-05-23 22:35:34,845 DEBUG      <- b'OK'
2016-05-23 22:35:34,845 DEBUG      -> 'SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP%0Asecret+key,+to+sign+a+new+TREZOR-based+subkey\n'
2016-05-23 22:35:34,845 DEBUG      <- b'OK'
2016-05-23 22:35:34,845 DEBUG      -> 'PKSIGN\n'
2016-05-23 22:35:34,846 DEBUG      <- b'OK'
2016-05-23 22:35:34,846 DEBUG      <- b'ERR 67108881 Kein geheimer Schl\xc3\xbcssel <GPG Agent>'
2016-05-23 22:35:34,846 DEBUG      unescaped: b'ERR 67108881 Kein geheimer Schl\xc3\xbcssel <GPG Agent>'
Traceback (most recent call last):
  File "/usr/sbin/trezor-gpg", line 9, in <module>
    load_entry_point('trezor-agent', 'console_scripts', 'trezor-gpg')()
  File "/home/tim/projects/others/trezor-agent/trezor_agent/gpg/signer.py", line 84, in main
    args.run(args)
  File "/home/tim/projects/others/trezor-agent/trezor_agent/gpg/signer.py", line 24, in run_create
    subkey = f.create_subkey()
  File "/home/tim/projects/others/trezor-agent/trezor_agent/gpg/encode.py", line 178, in create_subkey
    unhashed_subpackets=unhashed_subpackets)
  File "/home/tim/projects/others/trezor-agent/trezor_agent/gpg/proto.py", line 176, in make_signature
    sig = signer_func(digest=digest)
  File "/home/tim/projects/others/trezor-agent/trezor_agent/gpg/encode.py", line 61, in sign
    keygrip=self.keygrip, digest=digest)
  File "/home/tim/projects/others/trezor-agent/trezor_agent/gpg/keyring.py", line 133, in sign_digest
    raise ValueError(prefix)
ValueError: b'ERR'

It looks like the subkey creation is somehow using the wrong key id for signing and the gpg agent dislikes that a lot.

ERR 67108881 Kein geheimer Schl\xc3\xbcssel <GPG Agent>' => ERR 67108881 No secret key <GPG Agent>

[romanz]

Could you please run "gpg2 -K" on your machine?
It seems that somehow the script got confused...

[tscs37]

Empty.

I cleared the key storage and created a new master key, then ran gpg -K which gives me this (translated):

gpg: Checking "Trust-DB"...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: Depth: 0 Valid. 1 signed: 0 Trust, 0-,0q,0n,0m,0f,1u

Running the subkey creation again yields again an empty output.

Verbose output yields this:

gpg: using trustmodel pgp

If I'm missing anything I'll check tomorrow.

[romanz]

Are you trying to add a TREZOR-based subkey to a TREZOR-based primary key?
If you do, it does not currently work - since the current code assumes the primary key is a regular one (i.e. stored on your machine and can be accessed via gpg-agent).
Please try to use gpg2 --gen-key to generate a regular primary key.
Then, use trezor-agent create --subkey to add a TREZOR-based subkey to it (see here for details).

[tscs37]

Ah, ok. Yeah, tried to do that.

Guess the issue can be closed then, probably got confused somewhere in the readme and skipped the crucial bit of text...

Thanks a lot for your help!

[romanz]

You're welcome :)