Skip to content
This repository has been archived by the owner on Nov 8, 2022. It is now read-only.

Commit

Permalink
Updated PLUGIN_SIGNING.md - moved text to the next line
Browse files Browse the repository at this point in the history
  • Loading branch information
@IzabellaRaulin
IzabellaRaulin committed Oct 31, 2016
1 parent a794d0c commit ddd4e78
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/PLUGIN_SIGNING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Plugin Signing
By default, the Snap daemon (snapd) has plugin signing verification enabled. To disable it or turn it to warning, the flag `--plugin-trust, -t` can be set to 0 or 2 respectively.

##How it works
![How it works](https://cloud.githubusercontent.com/assets/14298289/19846788/de129a2a-9f4a-11e6-8275-fdd5fac63c82.png)
![How it works](https://cloud.githubusercontent.com/assets/14298289/19846788/de129a2a-9f4a-11e6-8275-fdd5fac63c82.png)
Private/public keys and keyrings are generated by GPG. The plugin is signed with the private key and the public key needs to be added to the user's keyring. The signing is an armored detached signature in the form of a `.asc` file.

The Snap daemon uses the [Golang OpenPGP library](https://godoc.org/golang.org/x/crypto/openpgp)'s `CheckArmoredDetachedSignature` function to validate the signature using the keyring, plugin, and signature file before loading the plugin. It checks the issuer key ID, hash, and signature type.
Expand Down

0 comments on commit ddd4e78

Please sign in to comment.