Message: 4<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Date: Mon, 26 Jul 2010 22:54:29 +0200<br>
From: Frank Karlitschek <<a href="mailto:karlitschek@kde.org">karlitschek@kde.org</a>><br>
Subject: Re: [Open-collaboration-services] [REQUEST] Extend API to<br>
support gpg signature<br>
To: Frederik Gladhorn <<a href="mailto:gladhorn@kde.org">gladhorn@kde.org</a>><br>
Cc: <a href="mailto:open-collaboration-services@kde.org">open-collaboration-services@kde.org</a><br>
Message-ID: <<a href="mailto:BA9E5BAF-D425-4563-A5D2-FE88C2C73FC9@kde.org">BA9E5BAF-D425-4563-A5D2-FE88C2C73FC9@kde.org</a>><br>
Content-Type: text/plain; charset=iso-8859-1<br>
<br>
<br>
On 26.07.2010, at 22:10, Frederik Gladhorn wrote:<br>
...<br>
>> What's your opinion about it? Does it makes sense?<br>
><br>
> Sounds pretty good to me. Signatures are about 200 byte if I'm not mistaken. I<br>
> would almost favor to inline them in the content/get request, so we don't need<br>
> to make a separate call. Any reason not to?<br>
<br>
I agree. It?s funny, we discussed adding a similar signature field 3 weeks ago at Akademy and it is already in the OCS 1.6 draft<br>
<a href="http://www.freedesktop.org/wiki/Specifications/open-collaboration-services-draft" target="_blank">http://www.freedesktop.org/wiki/Specifications/open-collaboration-services-draft</a><br>
<br>
<br>
What do you think? Is this what you need?<br></blockquote><div><br>Seems like in the draft is mentioned the only fingerprint of the signer, but I need the signature field too which will contain the ascii-armored signature of the companion file. Without the signature, authentication won't work.<br>
</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
<br>
><br>
> For those as gpg-ignorant as I am:<br>
> Create a signature with<br>
> gpg -ab attica.tbz2<br>
> And get a file attica.tbz2.asc out of that.<br>
> That is the signature, ascii-armored.<br>
> gpg --verify attica.tbz2.asc checks the signature.<br>
> For knewstuff we'll instead use lib...something.<br>
><br>
> Signature looks like this:<br>
> -----BEGIN PGP SIGNATURE-----<br>
> Version: GnuPG v1.4.10 (GNU/Linux)<br>
><br>
> iEYEABECAAYFAkxN6ewACgkQcZKJUyELiPfZlwCgipEZJjUgf9z3HembEYpVtX9h<br>
> pfwAn39WOGGcVBYCBaM92xDRStffL7zY<br>
> =Hudq<br>
> -----END PGP SIGNATURE-----<br>
><br>
> Just to say it again: I'm happy to see this happening :D<br>
><br>
<br>
Indeed! Very cool stuff!!<br>
<br>
<br>
> Greetings<br>
> Frederik<br>
><br>
><br>
<br>
Cheers<br>
Frank<br><br></blockquote></div>-- <br>H: Who is Watson without Sherlock Holmes?<br>G: Watson was a genius in his own right.<br>