gnupg

问题 I'm trying to figure out how to sign/verify commits by hand, but I can't figure out what data is being signed to create the signature. In other words, I can't figure out what <data> in gpg --verify <commit-sig> <data> needs to be. Here's the relevant bit of git's source code: https://github.com/git/git/blob/master/commit.c#L1047-L1231 but I'm also new to C. Here's some example data: In a fresh git repo, I create a file ledger.txt and commit it with a signed commit: git config --global user

问题 I'm using Travis-CI to provide continuous integration builds for a few Java open source projects I'm working on. Normally this works smoothly, but I have a problem when the POM specifies GPG signing, e.g. <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.4</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> This causes the Travis build to

问题 I have a new mac pro (OS X 10.9.5) that I get to set up from scratch. I want to install RVM and the first thing it says to do is: Install mpapis public key (might need gpg2 and or sudo ) gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3 When I tried I got: gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3 zsh: command not found: gpg I've tried to find a good guide on how to overcome this that also looks trustworthy but I've had no luck. Can someone explain what gpg is, why I

问题 I'm trying to sign my git commits, but when I push them to GitHub they have the Unverified badge and The key whose key-id is in the signature did not sign this commit. Someone may be trying to trick you. GPG key ID: mykeyid I find this quite cryptic, in my world the id with which a commit is signed will appear in the signature, as the key with that id signed the commit! Question How is this possible, and how do I solve it? I especially want to be able to sign commits automatically from within

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . Everyday I receive SDA files for whom I have the passphrase. The decryption is done by running the file and manually entering a passphrase in the program window that pops up. I'd like to avoid this manual step, and turn it into a step of an automated process. The way this would work is the following: As soon as

问题 I am trying to install gnupg on a mac using PECL. sudo pecl install gnupg downloading gnupg-1.3.3.tgz ... Starting to download gnupg-1.3.3.tgz (19,141 bytes) ......done: 19,141 bytes 5 source files, building WARNING: php_bin /Applications/MAMP/bin/php/php5.5.3/bin/php appears to have a suffix /php5.5.3/bin/php, but config variable php_suffix does not match running: phpize Configuring for: PHP Api Version: 20121113 Zend Module Api No: 20121212 Zend Extension Api No: 220121212 building in

问题 I would like to include git tag -v command into the deployment process to catch unsigned tags or tags signed by a non-trusted GPG key. The command returns with an exit code of 0 if the tag has a valid signature, but does not care wether the signed key is trusted or not. I don't want to resort to grepping the resulting GPG message manually 回答1: I haven't tried it yet, and the documentation doesn't mention exit codes, but you could try git-verify-tag plumbing command Update Having no easy way

问题 I'm automating my Docker installation. Something like this: if apt-key fingerprint 0EBFCD88 | grep "Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88" > /dev/null then # proceed fi This worked fine in older versions of apt-key , but recent versions have two issues: A different output format: I can hack around that A warning: Warning: apt-key output should not be parsed (stdout is not a terminal) Clearly, I can hack around this as well, just redirect stderr to /dev/null . It

问题 I changed my global Git configuration to sign all commits. I also use gpg-agent so that I don't have to type my password every time. Now every time I make a new commit I see the following five lines printed to my console: [blank line] You need a passphrase to unlock the secret key for user: "John Doe <mail@gmail.com>" 2048-bit RSA key, ID ABCDEF12, created 2016-01-01 [blank line] Even worse, when I do a simple stash, this message is printed twice , needlessly filling my console (I assume for

问题 I changed my global Git configuration to sign all commits. I also use gpg-agent so that I don't have to type my password every time. Now every time I make a new commit I see the following five lines printed to my console: [blank line] You need a passphrase to unlock the secret key for user: "John Doe <mail@gmail.com>" 2048-bit RSA key, ID ABCDEF12, created 2016-01-01 [blank line] Even worse, when I do a simple stash, this message is printed twice , needlessly filling my console (I assume for