Playing with github user api (gpg_keys)
GitHub provide GPG Keys api for developer purpose since they are implement general
gpg verification support for repositories.
At first look it seems very cool until you try play with it :) The bigest problem they are does not provide any description of the keys api, i thought it is an usual public keys i export via web interface. But it does not.
So, what is it and how to verify the data by given keys from api ?
The purpose of that keys is provide
keyId chunk of the package and
For an instance the chunk of the public key i’ll export into my profile:
:public key packet:
version 4, algo 1, created 1477424536, expires 0
pkey: [2048 bits]
pkey: [17 bits]
GitHub api will provide that
Ok , i got the rules. Lets verify the data for our messenger . The messenger receive usual
gpg message signed by the user.
Then we will take message text.
Cool ! Now we can compare the
keyId received from github. If message verified, it will be displayed on the web client with its own cool utf8
checked mark ✓