hey all

now there is a project on github that I'm interested in

the project author is including his finger print and the public key in a .asc file

i want to relate things together as I new to the space

how i make use of both, the public key and the finger print, to verify the authenticity of the project

I will be cloning the repository and using the show signature flag of git

please note that i am still new to the space and would like to learn more and understand what i am doing, i am willing to have long detailed answers to dive more in this topic

thank you all in advance

Digital signature: The author might encrypt documents with the private key. You decrypt them with the public key and can be certain that the document was encrypted by this person. See also https://git-scm.com/book/en/v2/Git-T...ning-Your-Work.

Encrypted email: You can use the public key to encrypt email that you send the author, which s/he is then able to decrypt with the private key.

General encryption: Like email, but for any document.

thank you for your fast reply

if you don't mind, could you tell me exact steps of what shall i do with the finger print and the .asc file to verify the authenticity of the cloned repository

i want to make use of both, the finger print and the .asc public key file

Sorry, I don't know how to check a signed git repo. I hoped this was covered in the reference I provided, or perhaps in Github's documentation?

Based on this page: https://help.github.com/en/github/au...e-verification, you do nothing with the keys. Github then marks commits as verified, if the signature is correct.