From: Sam Vilain <sam@vilain.net>
To: "Shawn O. Pearce" <spearce@spearce.org>
Cc: Pierre Habouzit <madcoder@debian.org>, git@vger.kernel.org
Subject: Re: [RFC] Authenticate push via PGP signature, not SSH
Date: Wed, 30 Jan 2008 18:55:46 +1300 [thread overview]
Message-ID: <47A01162.7070503@vilain.net> (raw)
In-Reply-To: <20080130042201.GO24004@spearce.org>
Shawn O. Pearce wrote:
> I just read the GnuPG manual and you are obviously correct. The only
> way to get GnuPG to process a key is to load it onto a keyring.
> We could extract the armored (or binary) public key and load it
> onto a temporary keyring created just for the purpose of verifying
> this connection, but that's rather messy.
It should be fine just to throw the lot into a single keyring, and just
check which key verified it after the fact and whether that key was allowed.
The Perl Crypt::OpenPGP module doesn't suffer from this problem (and is
performant), though it suffers from a dependency stack that will hurt
everyone except Debian users ;-).
I think this is a non-issue.
>> $ gpg --keyring path/to/the/keyring.gpg --quiet --batch --status-fd 1 --verify some-file.tar.gz.gpg 2>|/dev/null
>> [GNUPG:] SIG_ID dw0VliO0DFjOQA3HUSHijYekQYY 2008-01-29 1201633002
>> [GNUPG:] GOODSIG BC6AFB5BA1EE761C Pierre Habouzit <pierre.habouzit@polytechnique.edu>
>> [GNUPG:] VALIDSIG 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C 2008-01-29 1201633002 0 3 0 17 2 00 72B4C59ADA78D70E055C129EBC6AFB5BA1EE761C
^^^ there GPG just told you which key was used.
>> [GNUPG:] TRUST_ULTIMATE
Sam.
next prev parent reply other threads:[~2008-01-30 5:56 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 4:12 [RFC] Authenticate push via PGP signature, not SSH Sam Vilain
2008-01-28 8:12 ` Shawn O. Pearce
2008-01-28 21:06 ` Jan Hudec
2008-01-28 21:58 ` Sam Vilain
2008-01-29 2:57 ` Shawn O. Pearce
2008-01-29 4:10 ` Shawn O. Pearce
2008-01-29 19:08 ` Pierre Habouzit
2008-01-30 4:22 ` Shawn O. Pearce
2008-01-30 5:55 ` Sam Vilain [this message]
2008-01-30 6:16 ` Shawn O. Pearce
2008-01-30 8:35 ` Pierre Habouzit
2008-01-30 20:22 ` Sam Vilain
2008-01-30 8:00 ` Johannes Sixt
2008-01-31 5:43 ` Shawn O. Pearce
2008-01-30 8:33 ` Pierre Habouzit
2008-01-31 4:30 ` Shawn O. Pearce
2008-01-31 9:25 ` Pierre Habouzit
2008-01-30 6:29 ` Sam Vilain
2008-01-30 7:47 ` Shawn O. Pearce
2008-01-31 1:18 ` Sam Vilain
2008-01-28 8:48 ` Pierre Habouzit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A01162.7070503@vilain.net \
--to=sam@vilain.net \
--cc=git@vger.kernel.org \
--cc=madcoder@debian.org \
--cc=spearce@spearce.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).