Project

General

Profile

Actions

Issue #2070

open

Mention gpg complexity in [[ReleasesKey]]

Added by Denis 'GNUtoo' Carikli over 4 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Website and wiki content
Target version:
-
Start date:
07/01/2020
Due date:
% Done:

0%

Estimated time:
Resolution:
Device:
Unknown
Grant:
Type of work:
Unknown, Wiki editions
Actions #1

Updated by Denis 'GNUtoo' Carikli over 4 years ago

This only needs to be mentioned as a tradeoff as we'd need more rationale than that for moving away from gpg for signing releases (we would need a replacement tool that would work for Replicant).

References:
  • https://tools.ietf.org/html/rfc4880
  • Signatures have many parts in their packet:
    $ gpg  --list-packets recovery-i9300.img.asc
    # off=0 ctb=89 tag=2 hlen=3 plen=563
    :signature packet: algo 1, keyid 5F5DFCC14177E263
        version 4, created 1578784783, md5len 0, sigclass 0x00
        digest algo 8, begin of digest 78 ba
        hashed subpkt 33 len 21 (issuer fpr v4 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263)
        hashed subpkt 2 len 4 (sig created 2020-01-11)
        subpkt 16 len 8 (issuer key ID 5F5DFCC14177E263)
        data: [4096 bits]
    
Actions #2

Updated by _I3^ RELATIVISM over 3 years ago

  • Type of work Unknown, Wiki editions added
Actions

Also available in: Atom PDF