trezor-agent
trezor-agent copied to clipboard
romanz
Any chances for windows support?
Trezor is fantastic device, but it still misses proper GPG support on windows.
Any chances that Windows version will be created in near future? Perhaps we can crowdfund implementation?
Only choice i have is to use ledger nano as smart card, but trezor UX is much better. Just lacks proper GPG support on windows :)
It is possible to add GPG support on Windows, but unfortunately I don't have the time for doing that during the near future. Any PR in this direction will be welcome!
@martin-lizner is it possible to extend https://github.com/martin-lizner/trezor-ssh-agent to support GPG on Windows?
I'm currently trying this agent on windows using WSL. SSH works well but I haven't been able to get gpg to work. One thing to note using this method is that requests for action from the trezor take noticeably longer, as in 30 seconds vs less than a second on native Linux.
I tried again to contact @martin-lizner ... it would be nice if he can compile for windows a new version which will support also trezor model T and PGP. Last months is trezor-agent not working with model one nor model T. His project is very cool and very important for windows users.
is it possible to run this inside a docker container and have it connect to the trezor bridge running on the host. However this would mean the pin prompt would need to appear on the host machine...
@TomBPotochek i got it work for ssh connections as well on wsl, but it doesn't work for git commands. The pin entry prompt does not appear
Martin answered to me, that he is fully dependent on the API of Gary Rowe. We need to push on Gary to improve his API: https://github.com/gary-rowe/trezor-java/issues/3 After that Martin can re-create again fully working version of ssh-agent...
@TomBPotochek @ta32 Sorry to bother, did you get it running using wsl1 or 2? I've tried both, but no luck so far. According to documentation WSL2 doesn't support USB devices yet so I assume 1 is the way to go, but I haven't been able to make it detect any USB devices either so far. The project by martin-lizner doesn't seem to work anymore and hasn't been updated in forever.
@marza91 It was WSL1, though I didn't have to do anything weird to get it to work. Do you have trezor bridge, udev rule and everything set up?
@TomBPotochek I managed to install everything using WSL2, but it didn't discover the USB device (because it isn't supported). I've had some trouble getting a proper WSL1 system up and running since then, so I might just have to do a completely new clean install. Right now I can't get trezor-bridge deb file installed because of this message:
Failed to connect to bus: No such file or directory
But that might be an underlying issue in the WSL system I installed using LxRunOffline to have both running side by side.
Just to clarify one more thing, you had bridge, udev and everything set up on the WSL side? I saw some comments on another project about having the Bridge running on the windows side, but I haven't had any luck with that either. Will update here if I get everything up and running.
Got it running(!) by:
- Installing and running the Trezor-bridge on the windows side (trezord.exe running in task manager).
- Downgrading my original WSL system from 2 to 1.
- Removing and reinstalling Cython, hidapi and trezor_agent inside the downgraded wsl.
After unplugging and replugging the trezor device everything (finally) works!
@marza91 That's great! Were you also able to get gpg to work? I get an error when I run trezor-gpg init after confirming everything on the trezor.
@TomBPotochek Haven't tried yet, GPG is on my list of stuff I should probably start using sooner or later :upside_down_face:
Can do a test when I get the time for it!
openssh 8.2 supports features (FIDO) incl. trezor, we are waiting for Windows powershell version 8.2, linux is OK right now
Since WSL2 doesn't have USB support and it doesn't look like this is planned any time soon https://github.com/microsoft/WSL/issues/5158 I am trying to look and see if Cygwin might work for now. Has anyone here tried using that or maybe other ideas for trezor-agent Windows support?
Rather that going the WSL route, has anyone attempted to use GPG4Win directly, and avoid the "container" problem? As far as I can tell, all the necessary binaries are available natively for Windows. Has anyone attempted this, or know of any blocking issues in this direction?
If I have time I might give this a shot. Any suggestions or concerns are welcome.
@jediry That may work for GPG, would need another solution for SSH agent though. Very interested if you make any progress here I may be able to assist in test and development.
I got it working in WSL2 using usbipd for USB comms. I'll try to work a writeup on it later or put in a PR to update the project documents to outline it.
@brianddk I have a write up here for using usbipd https://docs.onlykey.io/wsl
Also there is a GUI. Unfortunately, the developer does not have the application signed so there is security warnings with that. I have an issue open with the developer to try and resolve that https://gitlab.com/alelec/wsl-usb-gui/-/issues/9
Would be interested in how well this works for you.
I'll try to work a writeup on it later or put in a PR to update the project documents to outline it.
@romanz , I got this working in WSL2 with usbipd. Once the Trezor is attached, you can do GPG commands directly from the windows console. For example, this would launch the Ubuntu pass command (password manager) and ask it to use trezor_agent with GPG to decrypt the entry for brianddk@github
wsl -d Ubuntu GNUPGHOME=~/.gnupg/trezor pass show "brianddk@github"
This assumes you have Trezor attached through usbipd to your Ubuntu installation, and that you've already installed and initialized trezor_agent in Ubuntu.
If you want a documentation PR, I can workup some markdown to detail the process.
Sounds great, thanks! Please update https://github.com/romanz/trezor-agent/blob/master/doc/README-GPG.md
Sounds great
NP, also, I got SSH working as well looks something like this
wsl -d Ubuntu TREZOR_PASSPHRASE=something trezor-agent -e ed25519 $USER@$NAME --shell
I can suggest an update to trezor.py to support sessions through TREZOR_SESSION_ID. But I'll go ahead and split the PRs. Not sure how you do the video clips, but that may be outside my wheelhouse.
Not sure how you do the video clips
I can suggest using https://asciinema.org.
has anyone attempted to use GPG4Win directly
@jediry, I've looked at it, and in a world where Windows would handle script executables like Linux does, this would work. Problem is Windows doesn't. In Linux there is no distinction between .bat and .exe. Most of this stuff works by calling into files that spin up python. To do that in Windows the programs would have to be python trezor-gpg-agent instead of trezor-gpg-agent. That might seem like a simple change, but I don't have confidence that the GPG4Win program will work with something like agent-program python.exe trezor-gpg-agent. Most the docs imply that this would result in the agent-program getting set to python.exe not trezor-gpg-agent.
I might poke around with it later this year to test it out, but it might mean that for windows, there has to be a trezor-gpg-agent file and a trezor-gpg-agent.bat file that calls python.exe trezor-gpg-agent. IDK.
