[darcs-devel] GPG Encryption in send.

David Roundy droundy at abridgegame.org
Wed May 19 03:32:52 PDT 2004 

On Tue, May 18, 2004 at 09:06:36AM -0700, David Brown wrote:
> On Tue, May 18, 2004 at 05:49:48AM -0400, David Roundy wrote:
> 
> > http://lists.gnupg.org/pipermail/gnupg-users/2004-March/022070.html
> > 
> > I guess this is a feature of clearsigning, so hopefully encrypted
> > patches won't pose this problem, but it's worth checking carefully.
> 
> Brilliant.  That explains why you extract the patch from the original
> file.  Encrypted patches shouldn't be a problem, but 'apply' is going to
> have to know which kind of patch it is dealing with.

Actually, one thing that is on my TODO list is adding support in apply for
decoding base64-encoded patches, which is similar in behavior.  I imagine
one first looks for a patch bundle, and then if one doesn't find it, one
looks for a base64-encoded block, and if one doesn't find that, one looks
for an encrypted block.  There's a similarity here... but it probably
requires a bit better-organized code than what there is currently.  It
might be nice to extract the attachment (base64, encrypted, etc) in a
"darcs-independent" manner, although that would perhaps be a bit trickier
since it might be hard to figure out which which attachment to extract.

> > I'd say you may as well add an optional public key (or key ID) to
> > _darcs/prefs, so if you "send" with no --target, darcs would check the
> > email address and gpg key, and if there is no gpg key, it would either warn
> > you that the patch won't be encrypted, or fail.  The advantage of putting
> > the public key (in some sort of exported form) itself there is that then
> > you wouldn't be required to upload the key to the keyservers, since darcs
> > could import the public key to your keyring.
> 
> Is there a way of putting the public key in the remove archive in such a
> way that darcs can get it.  I'm not quite sure I follow what the code is
> doing there.
> 
> In other words, what does darcs use as a default target, if none is
> specified?  Looking at it, it looks like it just asks.  Seems to me that
> it would be nice if the target, and possibly the key came from the
> remote archive, but default.

For the default target, darcs uses the contents of _darcs/prefs/email on
the remote repository, if it exists.  Otherwise it asks.  You can check out
the code in "who_to_email" within "decide_on_behavior" in Send.lhs.
Basically we just fetch and read the _darcs/prefs/email file.

For a public key to encrypt to, I'd tend to lean towards similar behavior.
-- 
David Roundy
http://www.abridgegame.org

More information about the darcs-devel mailing list