-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason D. Clinton wrote: > On Wed, 2006-08-02 at 18:31 +0100, Mike Hearn wrote: >> Is it really that hard to check a digital signature? I'd have thought >> there'd be APIs in Python/C/Mono that make this trivial by now. And that's >> all you have to do to protect against the "files are changed by evil >> people" case. > > gpg has well documented exit codes which can be suitably used for this. > It's not high performance to invoke lots of sub-processes if you have a > lot of files you are verifying, but it get's the job done.
Seahorse CVS HEAD contains a modification to how detached signatures are verified in nautilus. The new program is called seahorse-tool, moving the functionality out of seahorse proper. It could be modified if it doesn't already return adequate exit codes. It might also be possible to add a VerifyFile D-Bus method that takes a URL and a buffer containing the detached signature and returns a flag code. Adam - -- Why isn't all of your email protected? http://gnupg.org http://enigmail.mozdev.org http://seahorse.sourceforge.net http://live.gnome.org/Seahorse -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE0PLMjU1oaHEI4wgRArZLAKDae3gPeyZiWs9mbSjnkbLvqcyurACgzj0c PwzJT3hBr30gQjISpG54qmM= =p0i4 -----END PGP SIGNATURE----- _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
