[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: trezor-agent: using trezor as gpg key
From: |
Danny Milosavljevic |
Subject: |
Re: trezor-agent: using trezor as gpg key |
Date: |
Fri, 3 Sep 2021 18:35:12 +0200 |
Hi,
On Fri, 03 Sep 2021 07:55:19 +0000
Attila Lendvai <attila@lendvai.name> wrote:
> i'm failing to configure my gnupg to use Trezor (an USB hw key store).
> $ ls -l /dev/usb/
[...]
> crw-rw---- 1 root plugdev 180, 0 Sep 3 09:25 hiddev0
>
> $ groups
> users plugdev [...]
>
> $ trezor-gpg-agent &
> [1] 11223
>
> $ gpg --sign /tmp/x
> 2021-09-03 09:41:19,129 ERROR Failed to enumerate WebUsbTransport.
> USBErrorAccess: LIBUSB_ERROR_ACCESS [-3] [__init__.py:126]
> 2021-09-03 09:41:19,132 ERROR handler failed: Trezor not connected
> [__init__.py:273]
[...]
> libagent.device.interface.NotFoundError: Trezor not connected
> gpg: Warning: not using 'Attila Lendvai <attila@lendvai.name>' as default
> key: No secret key
> gpg: all values passed to '--default-key' ignored
> gpg: keydb_search failed: Broken pipe
> gpg: no default secret key: Broken pipe
> gpg: signing failed: Broken pipe
>
> how can i see/debug here which file has the wrong permissions? the python
> backtrace is not very useful without printing the variable values.
You can
strace -f gpg --sign /tmp/x 2>&1 |grep /dev
but I suspect that that won't show anything interesting because it's actually
trezor-gpg-agent doing the access.
Maybe
strace -f trezor-gpg-agent 2>&1 |grep /dev
?
In any case, since I did pretty much the same with a Ledger Nano, check the
permissions of /dev/hidraw*. After fixing the permissions to the latter file,
it works fine as a regular user.
See also https://github.com/LedgerHQ/udev-rules/pull/8 for how to make the
change permanent.
Even then, it only works fine once one logs out and back in, and at the time of
login have the usb device already be connected. I think that's a bug in our
elogind (sigh).