From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1TuJ0k-0005wj-9q
	for mharc-grub-devel@gnu.org; Sun, 13 Jan 2013 03:33:46 -0500
Received: from eggs.gnu.org ([208.118.235.92]:46141)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1TuJ0d-0005vi-My
	for grub-devel@gnu.org; Sun, 13 Jan 2013 03:33:45 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1TuJ0Z-0001zs-Fb
	for grub-devel@gnu.org; Sun, 13 Jan 2013 03:33:39 -0500
Received: from mail-la0-f42.google.com ([209.85.215.42]:60686)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arvidjaar@gmail.com>) id 1TuJ0Z-0001zo-8c
	for grub-devel@gnu.org; Sun, 13 Jan 2013 03:33:35 -0500
Received: by mail-la0-f42.google.com with SMTP id fe20so2967679lab.29
	for <grub-devel@gnu.org>; Sun, 13 Jan 2013 00:33:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=x-received:date:from:to:subject:message-id:in-reply-to:references
	:x-mailer:mime-version:content-type;
	bh=HG9vjiQRnkv/IadaRTEy7VUPDkM+SQp24RxOsJapZOU=;
	b=clwG3ePdaCkVFaFneGvxMBGb+F+1nKCJSFrlqbI9MyawYQ0+Bf1l6yMNzu2rmcYoQN
	eEMstZQmgMZOsEjn3QNgKK/gin9HsRB4CACxavo9rdpLS89sZ/gh9SWAuk2WcRZWtXd+
	gSseEyQksbq+6svKsBx+/xsHzv8pSnyi4F51dLMSzWYt2MSwVQUqqFoNB1IQPgW4Ev+C
	mxHMFB04w88OFFhA75bIHzeiUSZlTPsVvlok7rCkwEY6q0C1czrtWJWKEqp1psl2X1xl
	OzYaHaxhK1SFfjg+1yjIALQKnKJtJjToe2xn3/cb0sI8Kq39HAb82OUpsHayMp4O11Sw
	vlJg==
X-Received: by 10.152.144.71 with SMTP id sk7mr78065859lab.29.1358066013848;
	Sun, 13 Jan 2013 00:33:33 -0800 (PST)
Received: from opensuse.site (ppp91-78-198-46.pppoe.mtu-net.ru. [91.78.198.46])
	by mx.google.com with ESMTPS id s9sm3866343lbc.12.2013.01.13.00.33.32
	(version=SSLv3 cipher=RC4-SHA bits=128/128);
	Sun, 13 Jan 2013 00:33:33 -0800 (PST)
Date: Sun, 13 Jan 2013 12:33:30 +0400
From: Andrey Borzenkov <arvidjaar@gmail.com>
To: grub-devel@gnu.org
Subject: Re: DSA GnuPG signatures
Message-ID: <20130113123330.32f5d374@opensuse.site>
In-Reply-To: <50F07BFE.4050800@gmail.com>
References: <50F07BFE.4050800@gmail.com>
X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.10; x86_64-suse-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=PGP-SHA1;
	boundary="Sig_/sQSbksv2D8WLvRip9uJ_Z6s";
	protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 209.85.215.42
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jan 2013 08:33:45 -0000

--Sig_/sQSbksv2D8WLvRip9uJ_Z6s
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

=D0=92 Fri, 11 Jan 2013 21:54:22 +0100
Vladimir '=CF=86-coder/phcoder' Serbinenko <phcoder@gmail.com> =D0=BF=D0=B8=
=D1=88=D0=B5=D1=82:

> Hello, all. I've just committed import of libgcrypt and implementation
> of related code to check signatures. Short usage:
> verify_detached FILE FILE.sig [pubkey.gpg]

Just to be sure. Signature is created using

gpg --detach-sign FILE

correct?

> trust KEY.gpg
> distruct KEYID

distrust?

> check_signatures=3D[enforce|no]
>

There is no command to list currently trusted keys. Would it be
useful? key_list or "trust --list"?
=20
> grub-mkimage -k KEY gcry_dsa verify [...]
>=20
> When check_signatures=3Denforce every time anthing tries to open a file
> its signature (file.sig) is looked for and the open fails if signature
> is absent or invalid.

This means - *any* file, including grub.cfg, themes etc? Or does it
apply to modules only?

--Sig_/sQSbksv2D8WLvRip9uJ_Z6s
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlDycVoACgkQR6LMutpd94z64gCfdDZZQMeSPsjsttdwAWteZvSz
810AoMbm4L7r5wCTxDr7ywIWsDgHnVZH
=HGxR
-----END PGP SIGNATURE-----

--Sig_/sQSbksv2D8WLvRip9uJ_Z6s--