Issue #2070: Mention gpg complexity in [[ReleasesKey]] - Replicant

Actions

Copy link

Issue #2070

open

Mention gpg complexity in [[ReleasesKey]]

Added by Denis 'GNUtoo' Carikli almost 4 years ago. Updated about 3 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Website and wiki content

Target version:

Start date:

07/01/2020

Due date:

% Done:

Estimated time:

Resolution:

Device:

Unknown

Grant:

Type of work:

Unknown, Wiki editions

Actions

Copy link

Updated by Denis 'GNUtoo' Carikli almost 4 years ago

This only needs to be mentioned as a tradeoff as we'd need more rationale than that for moving away from gpg for signing releases (we would need a replacement tool that would work for Replicant).

References:

https://tools.ietf.org/html/rfc4880

Signatures have many parts in their packet:

$ gpg  --list-packets recovery-i9300.img.asc
# off=0 ctb=89 tag=2 hlen=3 plen=563
:signature packet: algo 1, keyid 5F5DFCC14177E263
    version 4, created 1578784783, md5len 0, sigclass 0x00
    digest algo 8, begin of digest 78 ba
    hashed subpkt 33 len 21 (issuer fpr v4 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263)
    hashed subpkt 2 len 4 (sig created 2020-01-11)
    subpkt 16 len 8 (issuer key ID 5F5DFCC14177E263)
    data: [4096 bits]

Actions

Copy link

Updated by _I3^ RELATIVISM about 3 years ago

Type of work Unknown, Wiki editions added

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Replicant

Issue #2070

Mention gpg complexity in [[ReleasesKey]]

Updated by Denis 'GNUtoo' Carikli almost 4 years ago

Updated by _I3^ RELATIVISM about 3 years ago