[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Thomas Zander |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Mon, 8 Dec 2003 15:54:58 +0100 |
User-agent: |
KMail/1.5.4 |
On Sunday 07 December 2003 21:49, Tom Lord wrote:
> > From: Robert Collins <address@hidden>
> > For auditing, a smart server will need to keep the gpg signed
> > tarballs and log files. So, while it may generate whatever it
> > wants on the fly, and sign it with a server key, to show that
> > address@hidden commited patch-45, it will /need/ the
> > original tarball, and the original signature.
>
> That's not true. It can verify the incoming data, protect it, and
> discard the original tar-ball and signature.
>
> > How do you suggest that key selection be implemented then?
>
> So far, pass-thrus from command-line to transport seem the best option
> to me. Alternatively, we could have some persistent data (some
> .arch-params thing) that only the transport layer looks at.
The external file-signing method that you proposed is only used for whole
files. With that I mean the compressed versions.
Its not really good to sign the content of the tar with a file that is not
_inside_ the tar itself since that means gpg --verify will not work.
The common method is to sign the stream you put into the tar before it is
being ran through the compression. The generated signature would then be
attached to the stream after which the whole will be signed.
I believe you will find this method on google with something like: "inline
signing".
--
Thomas Zander
- [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Charles Duffy, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch,
Thomas Zander <=
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Andrew Suffield, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07