Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Subkey generation cannot proceed past GNUPGHOME directory check #341

Open
N4M3Z opened this issue Dec 14, 2020 · 5 comments · May be fixed by #446
Open

Subkey generation cannot proceed past GNUPGHOME directory check #341

N4M3Z opened this issue Dec 14, 2020 · 5 comments · May be fixed by #446
Assignees

Comments

@N4M3Z
Copy link

N4M3Z commented Dec 14, 2020

Hello and thank you for developing this tool. I've encountered an issue with subkey generation. It appears the tool incorrectly resolves the existence of GNUPGHOME on macOS (11.0.1).

> trezor-gpg init "First Last" --verbose --subkey
...
2020-12-14 17:15:06,093 INFO         device name: trezor                                                                                  [__init__.py:126]
2020-12-14 17:15:06,093 INFO         GPG home directory: /Users/user/.gnupg/trezor                                                              [__init__.py:131]
2020-12-14 17:15:06,093 ERROR        GPG home directory /Users/user/.gnupg/trezor exists, remove it manually if required                        [__init__.py:134]

Am I missing something here? The directory exists because the master key generation created it. Master key generation worked as expected, though setting up a separate keyring in a subfolder seems counter-intuitive. If you remove the directory, the subkey mode generation proceeds and stop later after failing to find the master key (for obvious reasons). I'm guessing there is an issue with the subkey mode of the app, perhaps the fact that I'm using long names for user_id (which should be supported). Version:

> trezor-gpg --version
trezor-agent=0.11.0 libagent=0.14.1
@drbeefsupreme
Copy link

drbeefsupreme commented Dec 14, 2020

In my experience, to generate any Trezor key you need there to not be a .gnupg/trezor directory. So here is what I would try as a workaround. If you're trying to add a Trezor subkey to a Trezor master key, I would first generate the master key, then export the public key + private key stub, then rename the trezor directory and import the public/private key into the .gnupg keyring by setting GPGHOME=.gnupg and running gpg --import, and then run the subkey command.

@N4M3Z
Copy link
Author

N4M3Z commented Dec 14, 2020

@syzygyzer Thanks, now I have the same problem as you in #340. If I get lucky to create the subkey in the first place, I end up in the "no secret key found" as you did. My goal here was to set up a dedicated key for encryption, another for signing and another one for authentication to use this similarly to how one would use Yubikey (see https://github.com/drduh/YubiKey-Guide), which ties in to #313 and presumably a lot of work and resources required.

@prusnak Have you guys considered putting this project under https://github.com/satoshilabs wing officially to make tighter integration part of the product offer? It would make it even more appealing for widespread adoption.

@prusnak
Copy link
Contributor

prusnak commented Dec 14, 2020

@prusnak Have you guys considered putting this project under https://github.com/satoshilabs wing officially to make tighter integration part of the product offer? It would make it even more appealing for widespread adoption.

We don't have resources to help Roman with the development at the moment, so this move does not make any sense. Also I feel Roman deserves full credit for his work on this, so it is only right if the repo stays here.

@N4M3Z
Copy link
Author

N4M3Z commented Dec 14, 2020

@syzygyzer Could you please clarify how exactly you export including the private key stubs?

@romanz romanz self-assigned this Dec 21, 2020
@SlugFiller
Copy link
Contributor

Subkey generation is intended for when the master key is a non-Trezor key, located in a different home folder.

Having both a (manually created) subkey and a primary be Trezor keys does not make sense. The reason is that the keys themselves are derived from the user id, which will necessarily be the same for all keys. The implication is that even if you create a whole bunch of subkeys, they will all have the same key. If one of them leaks, revoking it with the master key would be useless, because you wouldn't be able to create a new subkey with a new key.

The only way this could be resolved is if there was an option to set a custom derivation path for a key that is different from the user id. Note that this has implications - the derivation path is what appears on the hardware device's screen when asked to confirm a signature.

Another option is to modify the --time parameter. However, this only changes the key's fingerprint, not its encryption keys. So if the private key somehow leaks, getting a new fingerprint with the same key is not going to be particularly helpful.

From the get-go, splitting keys like that is not particularly useful for a hardware device, where leaking just one key (without leaking the master recovery phrase) is a nigh-impossible scenario.

@SlugFiller SlugFiller linked a pull request Sep 14, 2023 that will close this issue
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants