[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ELPA security
From: |
Ted Zlatanov |
Subject: |
Re: ELPA security |
Date: |
Fri, 28 Jun 2013 11:32:25 -0400 |
User-agent: |
Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) |
On Mon, 24 Jun 2013 12:44:47 +0900 Daiki Ueno <address@hidden> wrote:
DU> Ted Zlatanov <address@hidden> writes:
TZ> Using EPG functions, however, I could not figure out how to verify with
TZ> an external public GPG key. I don't see that option with any of the
TZ> context functions. Perhaps someone knows? Without that option, the
TZ> user has to explicitly load the maintainer's public GPG key, which is
TZ> very impractical around package.el.
DU> I guess you probably mean something like debian-keyring by "external
DU> public GPG key", right? If so, you can use an alternative ~/.gnupg
DU> directory (e.g. ~/.emacs.d/elpa/gnupg/) set through
DU> epg-gpg-home-directory, and import the keyring with
DU> epg-import-keys-from-file on M-x package-list-packages, etc.
Would it be better to follow the steps here than to have a separate
directory? Or maybe we should do a separate key ring AND an alternative
directory?
http://stackoverflow.com/questions/9073288/decrypt-encrypted-gpg-file-using-external-secret-key
e.g.
gpg --import --no-default-keyring --secret-keyring elpa maintainer.key
gpg --verify file.gpgsig --secret-keyring elpa file
rm ~/.gnupg/elpa.gpg
DU> I'm not following the discussion nor the code, sorry if I'm missing the
DU> point.
Your help is appreciated in any way, of course, but this discussion in
particular will make EPG a fundamental tool for most ELPA interactions,
so your review would be most welcome.
Ted
- Re: ELPA security, (continued)
- Re: ELPA security, Ted Zlatanov, 2013/06/17
- Re: ELPA security, Ted Zlatanov, 2013/06/19
- Re: ELPA security, Stefan Monnier, 2013/06/19
- Re: ELPA security, Ted Zlatanov, 2013/06/23
- Re: ELPA security, Stefan Monnier, 2013/06/23
- Re: ELPA security, Ted Zlatanov, 2013/06/28
- Re: ELPA security, Nic Ferrier, 2013/06/28
- Re: ELPA security, Daiki Ueno, 2013/06/23
- Re: ELPA security,
Ted Zlatanov <=
- Re: ELPA security, Daiki Ueno, 2013/06/28