Signing revisions in place
Jens Alfke
jens at mooseyard.com
Fri Oct 5 09:41:09 CDT 2007
On 4 Oct '07, at 10:24 AM, Matt Mackall wrote:
>> My proposal signs the entirety of the changeset.
>
> If the signature is part of the changeset, that's a bit challenging.
Not really. The changeset doesn't sign _itself_, it signs its
_contents_. Some pseudocode for signing:
entry = old_code_that_generates_changelog_entry()
signature = generate_signature(entry,my_cert)
entry += '\n' + signature
changeset_hash = SHA1(entry)
write_changelog_entry(entry)
And for validating a signature:
entry = get_changelog_entry(changeset_hash)
if entry doesn't end with '\n' + 40 hex digits then
return 'changeset is unsigned'
signature = decode_hex(those digits)
entry = entry substring to before that '\n'
signer = validate_signature(entry,signature)
if signer then
return 'changeset is validly signed by ' + signer
else
return 'changeset/s signature is invalid'
(Sorry it's not very Python-like; I'm more familiar with C and Ruby :)
Note in particular that the _manifest_ hash gets signed, whereas the
signature becomes incorporated into the changeset hash.
--Jens
More information about the Mercurial
mailing list