Use gpg's --status-fd or --status-file to verify

grant-olson / rubygems-openpgp

This allows you to cryptographically sign ruby gems, so that a user can later verify that they've downloaded a copy that hasn't been tampered with or hacked.

http://www.rubygems-openpgp-ca.org

Other

32 stars 4 forks source link

Use gpg's --status-fd or --status-file to verify #13

Closed grant-olson closed 11 years ago

grant-olson commented 11 years ago

To implement #12 we need text that can be parsed by a computer and works in any locale. The option --status-fd provides computer-parsable defined text to extract this information in a safe way.

The gpg back-end should be migrated to use this feature. We can then add functionality that we can't do right now, such as #12.

grant-olson commented 11 years ago

Usage is covered in the gnupg source distribution under doc/DETAILS.

grant-olson commented 11 years ago

Wrote a new gem gpg_status_parser and am using that.

grant-olson commented 11 years ago

0.4.0 released