On Mon, May 17, 2004 at 04:47:58PM -0700, David Brown wrote:
> I would like to add the ability to encrypt patches when 'send'ing them.
> Here are my ideas.
>
> - Add an option --encrypt the changes the options to gpg so that the
> file is encrypted as well as signed.
> - verifyPS will have to be changed to use the decrypted output of gpg
> as the patch.
I think there may be trouble with this, in that gpg --decrypt doesn't
reproduce the original file--there's some business involving blank lines
containing just spaces that get corrupted. When I asked the gpg folks
about this, they said it was in the openpgp specs, as I recall, and thus
was a feature, not a bug. See
http://lists.gnupg.org/pipermail/gnupg-users/2004-March/022070.html
I guess this is a feature of clearsigning, so hopefully encrypted patches
won't pose this problem, but it's worth checking carefully.
> The one thing is that I'm not quite sure where the best place to get the
> --recipient field from. It is easy if --target is specified, but what if
> it is derived from the remote repository?
>
> Any suggestions?
I'd say you may as well add an optional public key (or key ID) to
_darcs/prefs, so if you "send" with no --target, darcs would check the
email address and gpg key, and if there is no gpg key, it would either warn
you that the patch won't be encrypted, or fail. The advantage of putting
the public key (in some sort of exported form) itself there is that then
you wouldn't be required to upload the key to the keyservers, since darcs
could import the public key to your keyring.
--
David Roundy
http://www.abridgegame.org
|
