Signify option semantics

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Signify option semantics

multiplex'd
Hello all,

I've been reading into the signify(1) program a little recently, and the
manual page mentons the '-t' option, which is used to ensure the public
key deduced from the signature comment "matches /etc/signify/*-keytype.pub",
where 'keytype' is the argument given to '-t'. I'm not sure what this
means. I've taken a glance over the source code, and it looks like specifying
this option is simply intended to ensure that the path to the public key used
to verify the given signature matches the path mentioned in the manual page.
Is this a correct interpretation? What's the rationale behind this option?

Cheers.

Reply | Threaded
Open this post in threaded view
|

Re: Signify option semantics

Ted Unangst-6
multiplex'd wrote:

> Hello all,
>
> I've been reading into the signify(1) program a little recently, and the
> manual page mentons the '-t' option, which is used to ensure the public
> key deduced from the signature comment "matches /etc/signify/*-keytype.pub",
> where 'keytype' is the argument given to '-t'. I'm not sure what this
> means. I've taken a glance over the source code, and it looks like specifying
> this option is simply intended to ensure that the path to the public key used
> to verify the given signature matches the path mentioned in the manual page.
> Is this a correct interpretation? What's the rationale behind this option?

this is used to ensure that pkg keys are not used to sign base sets, or vice
versa, or any other combination, while still allowing a bit of flexibility.