search for: sig_verify

...static int have_identity = 0; +/* Some operations accept multiple files */ +static char **identity_files; +static size_t nidentity_files; + /* This is set to the passphrase if given on the command line. */ static char *identity_passphrase = NULL; @@ -2803,16 +2807,17 @@ done: static int sig_verify(const char *signature, const char *sig_namespace, - const char *principal, const char *allowed_keys, const char *revoked_keys, - char * const *opts, size_t nopts) + const char *principal, char **allowed_keys, size_t nallowed_keys, + const char *revoked_keys, char * const *opts, size_t n...

Hello, I'm currently evaluating using `ssh-keygen -Y verify` to check OS artifacts (e.g. packages) and I noticed that the `-f allowed_signers_file` option can be passed only once. A side remark: technically it can be passed multiple times without a warning but the last invocation overrides all previous ones. Tested using: $ ssh-keygen -Y verify -f allowed_signers -f /dev/null -n file -s

Dear list, I'm using R in a corporate environment and was interested how R checks integrity of packages during an installation. I saw (and verified my suspicion in the code[1]) that the verification purely relies on MD5. >From an IT security perspective, this can be improved. My question is: Is is possible to force R to verify integrity via SHA256 or even OpenPGP signatures? If not are

...re portable. The PKI package uses openssl to do RSA signatures, which could work. The new 'sodium' package is probably the most advanced thing currently available. It uses the ed25519 public-key signature system with a very simple API. See the manual page for the 'sig_sign' and 'sig_verify' functions. Either way, all this would require a substantial amount of work and additional ongoing maintenance in both R and CRAN, which is unlikely to happen given the limited resources. [1] http://http.us.debian.org/debian/dists/jessie/Release [2] http://http.us.debian.org/debian/dists/jes...