Re: email as a bona fide git transport
From: Santiago Torres Arias <hidden>
Date: 2019-10-18 16:11:52
Also in:
lkml, workflows
Attachments
- signature.asc [application/pgp-signature] 833 bytes
From: Santiago Torres Arias <hidden>
Date: 2019-10-18 16:11:52
Also in:
lkml, workflows
On Fri, Oct 18, 2019 at 12:03:43PM -0400, Konstantin Ryabitsev wrote:
On Fri, Oct 18, 2019 at 11:54:09AM -0400, Santiago Torres Arias wrote:quoted
quoted
Seeing how large this signature is, I have to admit that I am partial to Konstantin's suggestion of using minisign. This seems like something that could be added to git as an alternative to gpg without too much trouble, I think.I wonder how big the pgp payload would be with ed25519 as the underlying algorithm. AFAICT, the payload of a minisign signature vs a signature packet have almost the same fields...It's smaller, but it's not a one-liner. Here's a comparison using ED25519 keys of the same length: minisign: RWQ4kF9UdFgeSt3LqnS3WnrLlx2EnuIFW7euw5JnLUHY/79ipftmj7A2ug7FiR2WmnFNoSacWr7llBuyInVmRL/VRovj1LFtvA0= pgp: -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQR2vl2yUnHhSB5njDW2xBzjVmSZbAUCXaniFAAKCRC2xBzjVmSZ bHA5AP46sSPFJfL2tbXwswvj0v2DjLAQ9doxl9bfj9iPZu+3qwEAw5qAMbjw9teL L7+NbJ0WVniDWTgt+5ruQ2V9vyfYxAc= =B/St
Yeah, the discrepancy mostly comes from pgp embedding a timestamp and a longer keyid (+a full keyid fingerprint in pgp 2.1+). Minisign keyids are 8 random bytes, apparently. It doesn't seem like an amazing win in terms of succintness, imvho... Cheers! -Santiago.