From Trezor Wiki
Jump to: navigation, search

GNU Privacy Guard (GPG, also GnuPG) is free encryption software that is compliant with the OpenPGP (RFC4880) standard. Using GPG, it is possible to encrypt (and decrypt) files that contain sensitive data or sign / verify the documents.

The Trezor device can be used to operate GPG. Read more on this github page

See also NIST256P1, Ed25519

Install and use Trezor GPG signing on Linux[edit]

NoteYou can find this guide on the Roman Zeyde's abovementioned GitHub page as well, to whom we owe thanks.

1. Update and Install dependencies

sudo apt-get update
sudo apt-get install python3-pip python3-dev python3-tk libusb-1.0-0-dev libudev-dev

2. Install GPG

sudo apt install gnupg2

3. Install Cython hidapi

pip3 install setuptools
pip3 install Cython 
sudo pip3 install hidapi

4. Install trezor agent

sudo pip3 install trezor_agent

5. Install Trezor bridge

6. Initialize the agent GPG directory

trezor-gpg init "Name <[email protected]>" -v

7. Add GNUPGHOME path to your .bashrc

export GNUPGHOME=~/.gnupg/trezor 

This GNUPGHOME contains your hardware keyring and agent settings. The agent software assumes all keys are backed by hardware devices, so you cannot use standard GPG keys in GNUPGHOME (if you do mix keys, you will receive an error when you attempt to use them).

8. Sign or encrypt document with Trezor

gpg2 --sign <your document>
gpg2 --encrypt <your document>

9. Verify or decrypt the document

gpg2 --verify <your document>
gpg2 --decrypt <your document>
Like Trezor? Get one here!