Using PGP keys to sign documents, helpful for needauth converters?

Scott Kostyshak skostysh at lyx.org
Mon Jul 6 17:44:30 UTC 2020


On Mon, Jul 06, 2020 at 11:40:57AM -0400, Richard Kimberly Heck wrote:
> On 7/6/20 11:20 AM, Scott Kostyshak wrote:
> > Suppose I have a document that needs a needauth converter (e.g., knitr).
> > Currently, I need to authorize each document, and then the document path
> > is stored in the session file (under "auth files"). I like this, and it
> > makes me feel more comfortable compiling documents I download from
> > untrusted sources (e.g., when trying to help someone). However, I find
> > it annoying when I try to compile my own documents that are older. I
> > could just be careful to preserve the session file so that it remembers
> > all of the ones that I have authorized, but I wonder if it would be
> > interesting to allow signing of .lyx files with PGP keys. That way, if I
> > open a document that is signed by a key that I have in my keyring, there
> > is no need to ask for authorization. What are your thoughts on this?
> 
> This sounds like an excellent idea. How to implement it?

I didn't think that far ahead :)

A few disorganized ideas:

- We could use a separate file format. Just like how we allow a LyX file
  to be compressed, we could allow it to be of type "signed". The
  "signed" file format could just be a compressed directory that
  contains a .lyx file and a signature file.  But that doesn't seem like
  the smoothest option, since it would make things like tracking changes
  in Git less useful.

- I'm not familiar with LyX's file writing process. I guess we could
  save a temporary .lyx file as usual, then sign it, then store that
  signature in the user-saved .lyx. This would cause a little bit of
  noise when tracking changes with Git (any small change would change
  the signature), but that shouldn't be too annoying in my opinion.

Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20200706/0ae13d68/attachment.asc>


More information about the lyx-devel mailing list