Skip to content

Instantly share code, notes, and snippets.

@stackdump
Created Jun 23, 2019
Embed
What would you like to do?
tree 10c18534357cbe9ec3ffc3814af5e141189cc102
parent 2ea8e2411c25000185acdebc62eaa8b657ef093e
author stackdump <myork@stackdump.com> 1559241822 -0500
committer stackdump <myork@stackdump.com> 1559241822 -0500
gpgsig -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE7Jdzt+QOUM4vSxEFHicSreJ7DwYFAlzwJGYACgkQHicSreJ7
DwYC0Q/+JV3OHp9/ALUIeZELO/+WRIAtxanupIPDw97KAspclpnHxbfWPEpZK6JL
k2oyAfwbz5nyz1L+vbUnRBnmzTehjaUq+Sh9S3dYjXsBN0GMeiEb7H/Igs9FKTpQ
SmdX9F0yQRocypFrbGN52Ig9bpH6YDfUxxQs9uC/sHlita59emMgenp6Y6o9ujn6
qceNgoaZ6YSR1P7TytuJV9cOLXglYx7M42BgaC6APhcRyj+VcyBmT0EB333VYi5O
bPhtl5J9iWtVBx+X2Ahx59k44Lt5UsCPDwQ+WKR/OPGpSD9iyXLDHOLCoSqtrLth
ZtWa7oKyLwmnHA7V3AAgVIO1Ir+AOJQs0VnUkf7zu2Beuz7L1D5/sHQuNWYDrBTF
3O6Zz00gQJ8E42ceZFDVqwyWzeE/wexM5AFYHPzeh57l2ygPYsIPAUeHxHCpCM8B
dOAuQZ3YW/dHT+9Kyj+rhwzpwNeFW3rHR2f47B6u2EoTafaf8iPJAsqnN9yymEVX
1wG8Hi/ypyBAL+971elvgEh/9T2Y3hcQ37ScnEOYQvIOfJZmKQcKoHFT0db9BvPt
PNl8C0j1c84uFVAsv8C1a1BXz9ITjZcqPFhk6vIckU7e4nagHR4Yyk6GJspRg9g9
FkLqqsXTsDoP1F3EP8LDNwdbNDUomNJzxTTLC4kw1+PwYNEi/AY=
=P46z
-----END PGP SIGNATURE-----
signed
#git cat-file commit HEAD > signed-commit
cat test-sig > signed-commit
grep -B 9999 'BEGIN PGP SIGNATURE-----' signed-commit | head -n -1 > signed-commit.stripped
grep -A 9999 'END PGP SIGNATURE-----' signed-commit | tail -n +2 >> signed-commit.stripped
sed 's/^gpgsig //' signed-commit | sed 's/^ //' > signed-commit.sig
gpg --verify signed-commit.sig signed-commit.stripped
@stackdump
Copy link
Author

stackdump commented Jun 23, 2019

Basically this just strips out the signature + the ascii armor
the rest of the data is what has been signed

NOTICE: the sha1 hash of the commit is present (because we can't know it's checksum before we sign )

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment