From: Sam Vilain <sam@vilain.net>
To: "Shawn O. Pearce" <spearce@spearce.org>
Cc: Pierre Habouzit <madcoder@debian.org>, git@vger.kernel.org
Subject: Re: [RFC] Authenticate push via PGP signature, not SSH
Date: Wed, 30 Jan 2008 18:55:46 +1300 [thread overview]
Message-ID: <47A01162.7070503@vilain.net> (raw)
In-Reply-To: <20080130042201.GO24004@spearce.org>
Shawn O. Pearce wrote:
> I just read the GnuPG manual and you are obviously correct. The only
> way to get GnuPG to process a key is to load it onto a keyring.
> We could extract the armored (or binary) public key and load it
> onto a temporary keyring created just for the purpose of verifying
> this connection, but that's rather messy.
It should be fine just to throw the lot into a single keyring, and just
check which key verified it after the fact and whether that key was allowed.
The Perl Crypt::OpenPGP module doesn't suffer from this problem (and is
performant), though it suffers from a dependency stack that will hurt
everyone except Debian users ;-).
I think this is a non-issue.
>> $ gpg --keyring path/to/the/keyring.gpg --quiet --batch --status-fd 1 --verify some-file.tar.gz.gpg 2>|/dev/null
>> [GNUPG:] SIG_ID dw0VliO0DFjOQA3HUSHijYekQYY 2008-01-29 1201633002
>> [GNUPG:] GOODSIG BC6AFB5BA1EE761C Pierre Habouzit <pierre.habouzit@polytechnique.edu>
>> [GNUPG:] VALIDSIG 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C 2008-01-29 1201633002 0 3 0 17 2 00 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C
^^^ there GPG just told you which key was used.
>> [GNUPG:] TRUST_ULTIMATE
Sam.
next prev parent reply other threads:[~2008-01-30 5:56 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 4:12 [RFC] Authenticate push via PGP signature, not SSH Sam Vilain
2008-01-28 8:12 ` Shawn O. Pearce
2008-01-28 21:06 ` Jan Hudec
2008-01-28 21:58 ` Sam Vilain
2008-01-29 2:57 ` Shawn O. Pearce
2008-01-29 4:10 ` Shawn O. Pearce
2008-01-29 19:08 ` Pierre Habouzit
2008-01-30 4:22 ` Shawn O. Pearce
2008-01-30 5:55 ` Sam Vilain [this message]
2008-01-30 6:16 ` Shawn O. Pearce
2008-01-30 8:35 ` Pierre Habouzit
2008-01-30 20:22 ` Sam Vilain
2008-01-30 8:00 ` Johannes Sixt
2008-01-31 5:43 ` Shawn O. Pearce
2008-01-30 8:33 ` Pierre Habouzit
2008-01-31 4:30 ` Shawn O. Pearce
2008-01-31 9:25 ` Pierre Habouzit
2008-01-30 6:29 ` Sam Vilain
2008-01-30 7:47 ` Shawn O. Pearce
2008-01-31 1:18 ` Sam Vilain
2008-01-28 8:48 ` Pierre Habouzit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A01162.7070503@vilain.net \
--to=sam@vilain.net \
--cc=git@vger.kernel.org \
--cc=madcoder@debian.org \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.