Using Trezor as hardware SSH/GPG agent

agent, crypto, gnupg, gpg, hardware, keepkey, ledger, pgp, python, ssh, trezor
pip install trezor-agent==0.10.0


Hardware-based SSH/GPG agent

Build Status Chat

This project allows you to use various hardware security devices to operate GPG and SSH. Instead of keeping your key on your computer and decrypting it with a passphrase when you want to use it, the key is generated and stored on the device and never reaches your computer. Read more about the design here.

You can do things like sign your emails, git commits, and software packages, manage your passwords (with pass and gopass, among others), authenticate web tunnels and file transfers, and more.

See the following blog posts about this tool:

Currently TREZOR One, TREZOR Model T, Keepkey, and Ledger Nano S are supported.


  • Installation instructions are here

  • SSH instructions and common use cases are here

    Note: If you're using Windows, see trezor-ssh-agent by Martin Lízner.

  • GPG instructions and common use cases are here

  • Instructions to configure a Trezor-style PIN entry program are here