[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DSA GnuPG signatures
From: |
Vladimir 'φ-coder/phcoder' Serbinenko |
Subject: |
Re: DSA GnuPG signatures |
Date: |
Sun, 13 Jan 2013 17:47:22 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.11) Gecko/20121122 Icedove/10.0.11 |
On 13.01.2013 09:33, Andrey Borzenkov wrote:
> В Fri, 11 Jan 2013 21:54:22 +0100
> Vladimir 'φ-coder/phcoder' Serbinenko <address@hidden> пишет:
>
>> Hello, all. I've just committed import of libgcrypt and implementation
>> of related code to check signatures. Short usage:
>> verify_detached FILE FILE.sig [pubkey.gpg]
>
> Just to be sure. Signature is created using
>
> gpg --detach-sign FILE
>
> correct?
>
Yes
>> trust KEY.gpg
>> distruct KEYID
>
> distrust?
>
The opposite of trust
>> check_signatures=[enforce|no]
>>
>
> There is no command to list currently trusted keys. Would it be
> useful? key_list or "trust --list"?
>
Added.
>> grub-mkimage -k KEY gcry_dsa verify [...]
>>
>> When check_signatures=enforce every time anthing tries to open a file
>> its signature (file.sig) is looked for and the open fails if signature
>> is absent or invalid.
>
> This means - *any* file, including grub.cfg, themes etc? Or does it
> apply to modules only?
>
All files.
>
>
> _______________________________________________
> Grub-devel mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/grub-devel
--
Regards
Vladimir 'φ-coder/phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature