Re: [gforth] bernd's signature for play store?

gforth

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gforth] bernd's signature for play store?

From:	Bernd Paysan
Subject:	Re: [gforth] bernd's signature for play store?
Date:	Sat, 23 Aug 2014 23:19:03 +0200
User-agent:	KMail/4.11.5 (Linux/3.11.10-21-desktop; KDE/4.11.5; x86_64; ; )

Am Sonntag, 24. August 2014, 02:00:34 schrieb Joel Rees:
> Bernd,
> 
> I know you are busy, but it would make me feel much more comfortable
> with pulling down the android app if there were some way to connect
> your identity in Google's Play Store with your identity on your home
> page and in the gforth project pages.
> 
> I've almost tied the 0.7.9 git repository with the source code for the
> Android version, and your messages on this list are good
> semi-out-of-band confirmation, but I'd really like, uhm, ...

The rest of the sources are on https://fossil.net2o.de/minos2/ (that's the GUI 
part) and https://fossil.net2o.de/net2o (that's not active, and may not 
compile, but I use it for testing my net2o - when I actually do testing on the 
mobile device with the published version ;-).

> Shoot. You know, I don't know if there is anything that could really
> be done for this with the Play Store infrastructure.
> 
> Is there?

There is this play store pubkey.  I think the easiest thing to connect me and 
the android APK is giving you the fingerprints of these keys, and signing this 
message with my PGP key (which is used to sign my git repository checkins).

Alias name: bernd
Creation date: Jul 22, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Issuer: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Serial number: 500c484e
Valid from: Sun Jul 22 20:37:02 CEST 2012 until: Thu Dec 08 19:37:02 CET 2039
Certificate fingerprints:
         MD5:  5B:C5:A7:91:FA:C6:02:CE:49:86:46:63:C9:35:34:3D
         SHA1: 00:44:1B:9D:F8:0B:9D:9E:2F:68:9D:0F:B9:B4:85:28:D4:10:5C:7E
         SHA256: 
87:21:D8:3A:FF:47:8D:50:D0:02:00:C7:06:A1:00:6A:69:1C:37:47:88:52:94:45:C7:E0:DA:8A:47:99:F2:97
         Signature algorithm name: SHA1withRSA
         Version: 3

You now can take the APK, and extract the RSA pubkey:

% unzip bin/Gforth.apk META-INF/CERT.RSA

Check this fingerprint with keytool, should give:

% keytool -printcert -file META-INF/CERT.RSA 
Owner: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Issuer: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Serial number: 500c484e
Valid from: Sun Jul 22 20:37:02 CEST 2012 until: Thu Dec 08 19:37:02 CET 2039
Certificate fingerprints:
         MD5:  5B:C5:A7:91:FA:C6:02:CE:49:86:46:63:C9:35:34:3D
         SHA1: 00:44:1B:9D:F8:0B:9D:9E:2F:68:9D:0F:B9:B4:85:28:D4:10:5C:7E
         SHA256: 
87:21:D8:3A:FF:47:8D:50:D0:02:00:C7:06:A1:00:6A:69:1C:37:47:88:52:94:45:C7:E0:DA:8A:47:99:F2:97
         Signature algorithm name: SHA1withRSA
         Version: 3

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/

signature.asc
Description: This is a digitally signed message part.

[Prev in Thread]

Current Thread

[Next in Thread]

[gforth] bernd's signature for play store?, Joel Rees, 2014/08/23
- Re: [gforth] bernd's signature for play store?, Bernd Paysan <=

Prev by Date: [gforth] bernd's signature for play store?
Previous by thread: [gforth] bernd's signature for play store?
Index(es):
- Date
- Thread