[pmwiki-users] Infected Cookbook Recipes?

Christophe David pmwiki at christophedavid.org
Mon Sep 22 07:45:23 CDT 2008

Hash: SHA1

Oops, hit the wrong key - mail sent while editing

>> never mind, i understand now:
>> the script becomes an encrypted piece of text, and needs to be
>> decrypted before use.

You can encrypt and/or sign.

In this case, we would just sign so that anyone can check that the
recipe has not been altered.

A signature can be sent within a text (like the signature of this mail
(see BEGIN PGP - END PGP), or can be separate.

In order to avoid any problem with CR/LF sequences when downloading
php files, the most reliable way would be to provide users with a zip
file containing

- - the recipe (.php)
- - the signature of the recipe (.sig)

In order to check the file has not been modified, a user will obtain
your public key from a key server or your own site, and run GPG to
validate the signature.

This can be made nearly transparent using one of the various GPG
front-ends and integration tools.

I hope it is clearer ;-)

Version: GnuPG v1.4.6 (GNU/Linux)


More information about the pmwiki-users mailing list