[pmwiki-users] Infected Cookbook Recipes?
Christophe David
pmwiki at christophedavid.org
Mon Sep 22 07:45:23 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Oops, hit the wrong key - mail sent while editing
>> never mind, i understand now:
>> the script becomes an encrypted piece of text, and needs to be
>> decrypted before use.
You can encrypt and/or sign.
In this case, we would just sign so that anyone can check that the
recipe has not been altered.
A signature can be sent within a text (like the signature of this mail
(see BEGIN PGP - END PGP), or can be separate.
In order to avoid any problem with CR/LF sequences when downloading
php files, the most reliable way would be to provide users with a zip
file containing
- - the recipe (.php)
- - the signature of the recipe (.sig)
In order to check the file has not been modified, a user will obtain
your public key from a key server or your own site, and run GPG to
validate the signature.
This can be made nearly transparent using one of the various GPG
front-ends and integration tools.
I hope it is clearer ;-)
Christophe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFI15M/yu9YWMK6LU8RApPKAJ99AoI6/pMxPTLBRkekS6kqKhOAtQCghHT6
/+Z4x+88P5SskxG2y8M8vrs=
=boAy
-----END PGP SIGNATURE-----
More information about the pmwiki-users
mailing list