gnupg - How is the process of signing and verifying a release and why apache says that the signature file signed by a public key? -

-

i have started learning gpg , bit confused infos have found. gnupg documentation says that

a signature created using private key of signer

but @ apache's site, say:

the signature file digest of original file signed public key...

and on same site, in section, following:

a digital signature created original document using private key.

now suppose process of signing involves signing hash of release using private key of holder , not public 1 apache says in second link have posted, or wrong? otherwise, how ever able decrypt hash of release signed public key if he/she doesn't have private key of holder?

then, explain in processes of signing , verifying signature consist , passages, e.g. software release apache maven?

tl;dr: there mistake in documentation, understanding of signatures right.

the signature file digest of original file signed public [sic, should private] key...

signing document performed calculating hash sum of document (asymmetric cryptography slow large amounts of data), encrypted using private key, can decrypt using public key. if decryption process results in same hash sum calculated original document, must have been encrypted using private key - known signer; authorship verified.

encryption (leaving apart aspect of hybrid cryptosystems openpgp is, general concept stays same) works other way round; public key used encryption, private key can used decrypt information.

i added bug report documentation issue (closed/fixed since 2015-07-29).

then, explain in processes of signing , verifying signature consist , passages?, e.g. software release apache maven -> https://maven.apache.org/download.cgi?preferred=ftp://apache.mirrors.tds.net/pub/apache.org/ ?

  1. you need fetch public key used signing software (usually, download keyserver using gpg --recv-key [key-id].
  2. verify key's integrity, example speaking developers, web of trust, products https-encrypted website (depending on how paranoid you're @ verifying authorship).
  3. issue signature certify key if not verified through web of trust, if don't want create public one, there local signatures never transmitted key server network.
  4. finally, use gpg --verify check signature indeed issued product maintainer's key.

Comments

Post a Comment

Popular posts from this blog

python - pip install -U PySide error -

-
does know how avoid following error when running pip install -u pyside per official website instructions here: https://pypi.python.org/pypi/pyside/#installing-pyside-on-a-mac-os-x-system note have done brew install qt successfully. you using pip version 7.0.3, version 7.1.2 available. should consider upgrading via 'pip install --upgrade pip' command. collecting pyside using cached pyside-1.2.4.tar.gz installing collected packages: pyside running setup.py install pyside complete output command /applications/anaconda/bin/python -c "import setuptools, tokenize;__file__='/private/var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-build-cpxemt/pyside/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /var/folders/dy/ttgqhqqx3g9bsbsnqnxsk2z80000gq/t/pip-0r7hri-record/install-record.txt --single-version-externally-managed --compile:
Read more

arrays - C++ error: a brace-enclosed initializer is not allowed here before ‘{’ token -

-
simple question: i'm trying initialize array within c++ class declaration: using namespace std; #include <string> class myclass{ public: string myarray[] = {"a","b","c"}; }; and i'm getting error: error: brace-enclosed initializer not allowed here before ‘{’ token no, without complied c++11 compiler, cannot initialize member array in declaration. have initialize array member in constructor. , don't use open array if know number of elements initialize array.
Read more

cytoscape.js - How to add nodes to Dagre layout with Cytoscape -

-
i trying add nodes dagre graph through cityscape.js. problem nodes not painted. code have: cy.add({ group: "nodes", data: { id:"n0",name:"n0",weight: 75 }, }); $.ajax(url).done(function(jsontree){ var newnodes=[]; for(var i=1;i<6;i++){ //var child = jsontree.result[i]; newnodes.push( { group: "nodes", data: { id: "n"+i, name:"n"+i}}, { group: "edges", data: { id: "e"+i, source: "n0", target: "n"+i } } ); } cy.add(newnodes); any ideas? have used loaded function reload graph not work. not know if have use specific function reload graph. thank in advance. you need add positions new nodes. cytoscape.js docs : it important note positions of newly added nodes must defined when calling cy.add(). nodes can not placed in graph without valid position — otherwise not displayed. yo
Read more