Re: [RFC] Authenticate push via PGP signature, not SSH

[Pierre Habouzit <madcoder@debian.org>]

[-- Attachment #1: Type: text/plain, Size: 2438 bytes --]

On Tue, Jan 29, 2008 at 04:10:00AM +0000, Shawn O. Pearce wrote:
> * PGP public key storage:
> 
>   Use a "hidden" ref called "refs/access-keys" to store a commit.
>   The access control change log is a normal Git commit chain.
> 
>   The tree under this commit stores a file per <email> string.
>   Public keys for auth line validation are located by <email>,
>   from the tip of this branch.
> 
>   This branch could be a symlink to another repository (e.g.
>   a site-wide "admin" repository) and the ODB for that other
>   repository could be an alternate for this repository.

  This won't work well, because I don't think GnuPG is able to check
some signature against an armored GPG public Key (at least I didn't
found a way to do that). You have to create one pubring per submitter,
wich is kind of a waste in fact, and the format is horribly binary.

  I don't even know if you really need the versionning of this
pseudo-keyring, and if a .git/keyring.gpg isn't enough.

  As a side note, you don't really need to use GIT_PUSH_*. It doesn't
make anything safer (as the UIDs of a given public key are public
information anyways), you just want to know which key signed that data,
and the signature holds that information. Hence if you still want to
have a flat-file based keyring (which I repeat I don't think gpg
supports directly -- and that's really a shame) you'd better index them
per key fingerprint than by author name.

  And then you just need to call gpg this way:

$ gpg --keyring path/to/the/keyring.gpg --quiet --batch --status-fd 1 --verify some-file.tar.gz.gpg 2>|/dev/null
[GNUPG:] SIG_ID dw0VliO0DFjOQA3HUSHijYekQYY 2008-01-29 1201633002
[GNUPG:] GOODSIG BC6AFB5BA1EE761C Pierre Habouzit <pierre.habouzit@polytechnique.edu>
[GNUPG:] VALIDSIG 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C 2008-01-29 1201633002 0 3 0 17 2 00 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C
[GNUPG:] TRUST_ULTIMATE

  And if the key is not in your keyring this looks like:
$ GNUPGHOME=/tmp gpg --verify --status-fd 1 some-file.tar.gz.gpg 2>/dev/null
[GNUPG:] ERRSIG BC6AFB5BA1EE761C 17 2 00 1201633002 9
[GNUPG:] NO_PUBKEY BC6AFB5BA1EE761C
                   ^^^^^^^^^^^^^^^^
            that's the key id you look for.


-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]