[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gforth] bernd's signature for play store?
From: |
Bernd Paysan |
Subject: |
Re: [gforth] bernd's signature for play store? |
Date: |
Sat, 23 Aug 2014 23:19:03 +0200 |
User-agent: |
KMail/4.11.5 (Linux/3.11.10-21-desktop; KDE/4.11.5; x86_64; ; ) |
Am Sonntag, 24. August 2014, 02:00:34 schrieb Joel Rees:
> Bernd,
>
> I know you are busy, but it would make me feel much more comfortable
> with pulling down the android app if there were some way to connect
> your identity in Google's Play Store with your identity on your home
> page and in the gforth project pages.
>
> I've almost tied the 0.7.9 git repository with the source code for the
> Android version, and your messages on this list are good
> semi-out-of-band confirmation, but I'd really like, uhm, ...
The rest of the sources are on https://fossil.net2o.de/minos2/ (that's the GUI
part) and https://fossil.net2o.de/net2o (that's not active, and may not
compile, but I use it for testing my net2o - when I actually do testing on the
mobile device with the published version ;-).
> Shoot. You know, I don't know if there is anything that could really
> be done for this with the Play Store infrastructure.
>
> Is there?
There is this play store pubkey. I think the easiest thing to connect me and
the android APK is giving you the fingerprints of these keys, and signing this
message with my PGP key (which is used to sign my git repository checkins).
Alias name: bernd
Creation date: Jul 22, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Issuer: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Serial number: 500c484e
Valid from: Sun Jul 22 20:37:02 CEST 2012 until: Thu Dec 08 19:37:02 CET 2039
Certificate fingerprints:
MD5: 5B:C5:A7:91:FA:C6:02:CE:49:86:46:63:C9:35:34:3D
SHA1: 00:44:1B:9D:F8:0B:9D:9E:2F:68:9D:0F:B9:B4:85:28:D4:10:5C:7E
SHA256:
87:21:D8:3A:FF:47:8D:50:D0:02:00:C7:06:A1:00:6A:69:1C:37:47:88:52:94:45:C7:E0:DA:8A:47:99:F2:97
Signature algorithm name: SHA1withRSA
Version: 3
You now can take the APK, and extract the RSA pubkey:
% unzip bin/Gforth.apk META-INF/CERT.RSA
Check this fingerprint with keytool, should give:
% keytool -printcert -file META-INF/CERT.RSA
Owner: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Issuer: CN=Bernd Paysan, OU=dev, O=net2o, L=München, ST=Deutschland, C=DE
Serial number: 500c484e
Valid from: Sun Jul 22 20:37:02 CEST 2012 until: Thu Dec 08 19:37:02 CET 2039
Certificate fingerprints:
MD5: 5B:C5:A7:91:FA:C6:02:CE:49:86:46:63:C9:35:34:3D
SHA1: 00:44:1B:9D:F8:0B:9D:9E:2F:68:9D:0F:B9:B4:85:28:D4:10:5C:7E
SHA256:
87:21:D8:3A:FF:47:8D:50:D0:02:00:C7:06:A1:00:6A:69:1C:37:47:88:52:94:45:C7:E0:DA:8A:47:99:F2:97
Signature algorithm name: SHA1withRSA
Version: 3
--
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://bernd-paysan.de/
signature.asc
Description: This is a digitally signed message part.