From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1TuQip-0006vZ-98
	for mharc-grub-devel@gnu.org; Sun, 13 Jan 2013 11:47:47 -0500
Received: from eggs.gnu.org ([208.118.235.92]:50555)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1TuQih-0006ow-VD
	for grub-devel@gnu.org; Sun, 13 Jan 2013 11:47:46 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1TuQib-0000x1-BE
	for grub-devel@gnu.org; Sun, 13 Jan 2013 11:47:39 -0500
Received: from mail-wg0-f50.google.com ([74.125.82.50]:63778)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1TuQib-0000wk-50
	for grub-devel@gnu.org; Sun, 13 Jan 2013 11:47:33 -0500
Received: by mail-wg0-f50.google.com with SMTP id es5so1666308wgb.29
	for <grub-devel@gnu.org>; Sun, 13 Jan 2013 08:47:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=x-received:message-id:date:from:user-agent:mime-version:to:subject
	:references:in-reply-to:x-enigmail-version:content-type;
	bh=7c47yDOOY1+7uLQpimDvjVV3jUX3refIZEgsqdDtG54=;
	b=SXZp5A+nB/QBe/FhpYszisNDxlgvy3BD/V8p7hxEyjnTSkNRiKNhgPESf55vfJCBWS
	LgvIeQJKOjwSDH22ZU39Kxb2PylOJloQPvx1+RiFvtjvyz2QC2MvRLwQViU0uMSdbDUc
	+nhR5pZaBEBovAydVW/gdAYuuPzc+rdtsTzVvwREt/1KvCzs3FPrUuVdX4LWCMBm/kDY
	c93jixWHP/5KBZgI6V5eFTNIsynLYoHH8vngIdV1FsLGst9GNKUc+KpDiZHe3fwP1387
	uNaYJWzk2kjjGV3yzZT4SunhGMcezV1nzPyCvH/cP/MpKu2yNemEkP3jJ4ikRp+E7C5h
	IpzQ==
X-Received: by 10.180.39.143 with SMTP id p15mr8207372wik.14.1358095651668;
	Sun, 13 Jan 2013 08:47:31 -0800 (PST)
Received: from debian.x201.phnet (90-242.203-62.cust.bluewin.ch.
	[62.203.242.90])
	by mx.google.com with ESMTPS id gz3sm8878614wib.2.2013.01.13.08.47.30
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Sun, 13 Jan 2013 08:47:30 -0800 (PST)
Message-ID: <50F2E51A.8000409@gmail.com>
Date: Sun, 13 Jan 2013 17:47:22 +0100
From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?=
	<phcoder@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:10.0.11) Gecko/20121122 Icedove/10.0.11
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: Re: DSA GnuPG signatures
References: <50F07BFE.4050800@gmail.com>
	<20130113123330.32f5d374@opensuse.site>
In-Reply-To: <20130113123330.32f5d374@opensuse.site>
X-Enigmail-Version: 1.4.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="------------enig6B5903044DCC8E180B2B7A9E"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 74.125.82.50
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jan 2013 16:47:46 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6B5903044DCC8E180B2B7A9E
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 13.01.2013 09:33, Andrey Borzenkov wrote:

> =D0=92 Fri, 11 Jan 2013 21:54:22 +0100
> Vladimir '=CF=86-coder/phcoder' Serbinenko <phcoder@gmail.com> =D0=BF=D0=
=B8=D1=88=D0=B5=D1=82:
>=20
>> Hello, all. I've just committed import of libgcrypt and implementation=

>> of related code to check signatures. Short usage:
>> verify_detached FILE FILE.sig [pubkey.gpg]
>=20
> Just to be sure. Signature is created using
>=20
> gpg --detach-sign FILE
>=20
> correct?
>=20



Yes

>> trust KEY.gpg
>> distruct KEYID
>=20
> distrust?
>=20



The opposite of trust

>> check_signatures=3D[enforce|no]
>>
>=20
> There is no command to list currently trusted keys. Would it be
> useful? key_list or "trust --list"?
> =20

Added.


>> grub-mkimage -k KEY gcry_dsa verify [...]
>>
>> When check_signatures=3Denforce every time anthing tries to open a fil=
e
>> its signature (file.sig) is looked for and the open fails if signature=

>> is absent or invalid.
>=20
> This means - *any* file, including grub.cfg, themes etc? Or does it
> apply to modules only?
>=20

All files.

>=20
>=20
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel





--=20
Regards
Vladimir '=CF=86-coder/phcoder' Serbinenko


--------------enig6B5903044DCC8E180B2B7A9E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iF4EAREKAAYFAlDy5RsACgkQNak7dOguQgnreQEAmSraw54WCuopmVm+JFC/aTsn
CCyIierh/bpyCTHr3xYBAIkr4Npe8CZqXqmmwK111ZjdujihyWm4wIpyKJxQl1bS
=thf1
-----END PGP SIGNATURE-----

--------------enig6B5903044DCC8E180B2B7A9E--