Skip to content

Latest commit

 

History

History
69 lines (43 loc) · 2.13 KB

README-PINENTRY.md

File metadata and controls

69 lines (43 loc) · 2.13 KB

Custom PIN entry

In order to use the default GPG pinentry program, install one of the following Linux packages:

$ apt install pinentry-{curses,gnome3,qt}

or (on macOS):

$ brew install pinentry

By default a standard GPG PIN entry program is used when entering your Trezor PIN, but it's difficult to use if you don't have a numeric keypad or want to use your mouse.

You can specify a custom PIN entry program such as trezor-gpg-pinentry-tk (and separately, a passphrase entry program) to match your workflow.

The below examples use trezor-gpg-pinentry-tk but any GPG compatible PIN entry can be used.

1. Install the PIN entry

Run

pip install trezor-gpg-pinentry-tk
2. SSH

Add the flag --pin-entry-binary trezor-gpg-pinentry-tk to all calls to trezor-agent.

To automatically use this flag, add the line pinentry=trezor-gpg-pinentry-tk to ~/.ssh/agent.config. Note this is currently broken due to this dependency issue.

If you run the SSH agent with Systemd you'll need to add --pin-entry-binary to the ExecStart command. You may also need to add this line:

Environment="DISPLAY=:0"

to the [Service] section to tell the PIN entry program how to connect to the X11 server.

3. GPG

If you haven't completed initialization yet, run:

$ (trezor|keepkey|ledger)-gpg init --pin-entry-binary trezor-gpg-pinentry-tk "Roman Zeyde <roman.zeyde@gmail.com>"

to configure the PIN entry at the same time.

Otherwise, open $GNUPGHOME/trezor/run-agent.sh and change the --pin-entry-binary option to trezor-gpg-pinentry-tk and run:

killall trezor-gpg-agent
4. Troubleshooting

Any problems running the PIN entry program with GPG should appear in $HOME/.gnupg/trezor/gpg-agent.log.

You can get similar logs for SSH by specifying --log-file in the SSH command line.

The passphrase is cached by the agent (after its first entry), which needs to be restarted in order to reset the passphrase:

$ killall trezor-agent  	# (for SSH)
$ killall trezor-gpg-agent	# (for GPG)