Last update December 10, 2004

Signed Source Code

Difference (previous author) (Change, Edit, normal page display)

Changed: 5,6c5,6

* install GnuPG?

http://www.gnupp.org
* privat key for signing "gpg --keygen"

* install

GnuPG
* privat key for signing "gpg --gen-key"

Changed: 14,15c14,15

,embeded signature, detached signature
can be used with, plain text and HTML files only, with any kind of file(including binary files)

,embedded signature, detached signature
can be used with, plain and HTML source files, any kind of file(including binary files)

Changed: 21c21

= Embeded Signatur for plain D source files =

= Howto =

Changed: 23,230c23,25

== 1/5 The Source ==

Verify that your source file is functional.

[[code]
int main(char[][] arg){
printf("Hello!\n");
return 0;
}
]

== 2/5 Open Comments ==

Add the commend closing */ to the start of the file and the commend opening /* to the end of the file.

+/ and /+ can be used too.
[[code]
*/

int main(char[][] arg){
printf("Hello!\n");
return 0;
}

/*]

== 3/5 Create Signature ==

gpg --out output --clearsign input

or

gpg --clearsign < input > output

[[code]<pre>

BEGIN PGP SIGNED MESSAGE

Hash: SHA1

*/

int main(char[][] arg){
printf("Hello!\n");
return 0;
}

/*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG? v1.2.6 (GNU/Linux)

iD8DBQFBuNvV3w+/yD4P9tIRAppeAJ0fNyjlV3nKA25WdmznkjSgLBx/kQCeP1Xf
sXnFHYeolWo4VWme3Ao8L4Y=
=ClPq?
-----END PGP SIGNATURE-----</pre>]

== 4/5 Close Comments ==

Add the missing /* and */ or /+ and +/.

[[code]<pre>
/*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*/

int main(char[][] arg){
printf("Hello!\n");
return 0;
}

/*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG? v1.2.6 (GNU/Linux)

iD8DBQFBuNvV3w+/yD4P9tIRAppeAJ0fNyjlV3nKA25WdmznkjSgLBx/kQCeP1Xf
sXnFHYeolWo4VWme3Ao8L4Y=
=ClPq?
-----END PGP SIGNATURE-----
*/
</pre>]

== 5/5 Verify the Signature ==

gpg input

or

gpg < input

= Embeded Signatur for HTML source files =

WARNING: this isn't in conformance with the W3C? http://w3c.org/MarkUp/ standard but will be rendered correctly all browsers

== 1/5 The Source ==

Verify that your source file is functional.

[[code]<pre>
<html>
    <head><title>The Title</title></head>
    <body><CODE>
int main(char[][] arg){
    printf("Hello!\n");
    return 0;
}
    </CODE></body>
</html></pre>]

== 2/5 Preparation ==

Replace "<html>" and "</html>" with "-->" and "
    <head><title>The Title</title></head>
    <body><CODE>
int main(char[][] arg){
    printf("Hello!\n");
    return 0;
}
    </CODE></body>

<head><title>TheTitle?</title></head>
<body><CODE>
int main(char[][] arg){
printf("Hello!\n");
return 0;
}
</CODE></body>
</html>".

[[code]<pre>
<html>
<head><title>TheTitle?</title></head>
<body><CODE>
int main(char[][] arg){
printf("Hello!\n");
return 0;
}
</CODE></body>
</html>
</pre>]

== 5/5 Verify the Signature ==

gpg input

or

gpg < input

= Detached Signature =

== 1/2 Signing ==

gpg -a --detach-sign < input > output

produces the signature file output

gpg -a --detach-sign input

produces the signature file input.asc

== 2/2 Verify the Signature==

gpg < signature

queries for the name of the signed file

gpg input.asc

* SignedSourceCode/SignedEmbeddedPlain
* SignedSourceCode/SignedEmbeddedHTML
* SignedSourceCode/SignedDetached

A tutorial on how to use digital signatures for D projects.

Setup

install GnuPG
privat key for signing "gpg --gen-key"
public key for signature verification "gpg --import public_key_file"

Comparison

There are 2 ways to sign:

	embedded signature	detached signature
can be used with	plain and HTML source files	any kind of file(including binary files)
secures	the signed part of a file	the complete file
can be verifyied	always	only if signature and signed file are present
potential trouble spots	lines starting with "---" (--not-dash-escaped) or "From" (--no-escape-from-lines)