From ddd4e78d41957ab23ab2ace4f40aff8faff1ce85 Mon Sep 17 00:00:00 2001 From: Izabella Raulin Date: Mon, 31 Oct 2016 15:04:54 +0100 Subject: [PATCH] Updated PLUGIN_SIGNING.md - moved text to the next line --- docs/PLUGIN_SIGNING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/PLUGIN_SIGNING.md b/docs/PLUGIN_SIGNING.md index 3c4cbb9a8..68383b3a7 100644 --- a/docs/PLUGIN_SIGNING.md +++ b/docs/PLUGIN_SIGNING.md @@ -4,7 +4,7 @@ Plugin Signing By default, the Snap daemon (snapd) has plugin signing verification enabled. To disable it or turn it to warning, the flag `--plugin-trust, -t` can be set to 0 or 2 respectively. ##How it works -![How it works](https://cloud.githubusercontent.com/assets/14298289/19846788/de129a2a-9f4a-11e6-8275-fdd5fac63c82.png) +![How it works](https://cloud.githubusercontent.com/assets/14298289/19846788/de129a2a-9f4a-11e6-8275-fdd5fac63c82.png) Private/public keys and keyrings are generated by GPG. The plugin is signed with the private key and the public key needs to be added to the user's keyring. The signing is an armored detached signature in the form of a `.asc` file. The Snap daemon uses the [Golang OpenPGP library](https://godoc.org/golang.org/x/crypto/openpgp)'s `CheckArmoredDetachedSignature` function to validate the signature using the keyring, plugin, and signature file before loading the plugin. It checks the issuer key ID, hash, and signature type.