LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-29-2020, 12:53 AM   #1
the-bitcoiner
LQ Newbie
 
Registered: Jun 2020
Posts: 2

Rep: Reputation: Disabled
problem in understanding gpg


hey all

now there is a project on github that I'm interested in

the project author is including his finger print and the public key in a .asc file

i want to relate things together as I new to the space

how i make use of both, the public key and the finger print, to verify the authenticity of the project

I will be cloning the repository and using the show signature flag of git

please note that i am still new to the space and would like to learn more and understand what i am doing, i am willing to have long detailed answers to dive more in this topic

thank you all in advance
 
Old 06-29-2020, 12:58 AM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Digital signature: The author might encrypt documents with the private key. You decrypt them with the public key and can be certain that the document was encrypted by this person. See also https://git-scm.com/book/en/v2/Git-T...ning-Your-Work.

Encrypted email: You can use the public key to encrypt email that you send the author, which s/he is then able to decrypt with the private key.

General encryption: Like email, but for any document.
 
Old 06-29-2020, 01:02 AM   #3
the-bitcoiner
LQ Newbie
 
Registered: Jun 2020
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by berndbausch View Post
Digital signature: The author might encrypt documents with the private key. You decrypt them with the public key and can be certain that the document was encrypted by this person. See also https://git-scm.com/book/en/v2/Git-T...ning-Your-Work.

Encrypted email: You can use the public key to encrypt email that you send the author, which s/he is then able to decrypt with the private key.

General encryption: Like email, but for any document.
thank you for your fast reply

if you don't mind, could you tell me exact steps of what shall i do with the finger print and the .asc file to verify the authenticity of the cloned repository

i want to make use of both, the finger print and the .asc public key file
 
Old 06-29-2020, 01:52 AM   #4
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Quote:
Originally Posted by the-bitcoiner View Post
thank you for your fast reply

if you don't mind, could you tell me exact steps of what shall i do with the finger print and the .asc file to verify the authenticity of the cloned repository

i want to make use of both, the finger print and the .asc public key file
Sorry, I don't know how to check a signed git repo. I hoped this was covered in the reference I provided, or perhaps in Github's documentation?
 
Old 06-29-2020, 03:14 AM   #5
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Based on this page: https://help.github.com/en/github/au...e-verification, you do nothing with the keys. Github then marks commits as verified, if the signature is correct.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
gpg / gpg-agent -- Can't connect to /root/.gnupg/S.gpg-agent jrtayloriv Linux - Security 9 06-03-2019 10:06 AM
[SOLVED] gpg: WARNING: unsafe permissions on configuration file `/home/b/.gnupg/options' gpg: widda Mandriva 9 07-30-2018 07:49 AM
GPG issues - gpg: signing failed: Permission denied ilesterg Linux - Software 3 02-07-2017 08:19 AM
[SOLVED] Questions on GPG keyrings for debain apt-get? (fixing problem with gpg) frog-o Debian 2 05-12-2013 10:50 AM
GPG: Bad session key gpg between gpg on linux and gpg gui on windows XP konqi Linux - Software 1 07-21-2009 09:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration