instructions to verify GPG key do not work on Windows #1808

vwegert-adesso commented 2025年03月05日 18:13:38 +01:00

Comment

When trying to verify my GPG key with the instructions provided on https://codeberg.org/user/settings/keys, I always got the error message "Der GPG-Key, die Signatur, und das Token stimmen nicht überein, oder das Token ist veraltet.". I was able to verify the signature locally:

> echo "2911...c4d9" > token
> echo "2911...c4d9" | gpg -a --default-key C5...2 --detach-sig > signature
> gpg --verify signature token
gpg: Signatur vom 03/05/25 18:04:01 Mitteleurop�ische Zeit
gpg: mittels EDDSA-Schlüssel D9..72
gpg: Korrekte Signatur von "Volker Wegert <volker.wegert@adesso.de>" [ultimativ]

Examining the token file, I noticed that the file contained both the double quotes as well as a line break. Removing these and signing the token from the file allowed me to verify my GPG key. It might be possible to use echo.2911...c4d9 to ged rid of the quotes, but that leaves the newline (don't know whether this is an issue)

### Comment When trying to verify my GPG key with the instructions provided on https://codeberg.org/user/settings/keys, I always got the error message "Der GPG-Key, die Signatur, und das Token stimmen nicht überein, oder das Token ist veraltet.". I was able to verify the signature locally: ``` > echo "2911...c4d9" > token > echo "2911...c4d9" | gpg -a --default-key C5...2 --detach-sig > signature > gpg --verify signature token gpg: Signatur vom 03/05/25 18:04:01 Mitteleurop�ische Zeit gpg: mittels EDDSA-Schlüssel D9..72 gpg: Korrekte Signatur von "Volker Wegert <volker.wegert@adesso.de>" [ultimativ] ``` Examining the token file, I noticed that the file contained both the double quotes as well as a line break. Removing these and signing the token from the file allowed me to verify my GPG key. It might be possible to use `echo.2911...c4d9` to ged rid of the quotes, but that leaves the newline (don't know whether this is an issue)

Gusted commented 2025年03月05日 19:45:06 +01:00

@vwegert-adesso wrote in #1808 (comment):

Examining the token file, I noticed that the file contained both the double quotes as well as a line break

The line break is fine, Codeberg compensates for that. Although the double quotes is a problem, what terminal are you using? This sound like very interesting Windows behavior.

@vwegert-adesso wrote in https://codeberg.org/Codeberg/Community/issues/1808#issue-1038067: > Examining the token file, I noticed that the file contained both the double quotes as well as a line break The line break is fine, Codeberg compensates for that. Although the double quotes is a problem, what terminal are you using? This sound like very interesting Windows behavior.

vwegert-adesso commented 2025年03月06日 17:59:39 +01:00

In this case plain cmd.exe:

C:\>echo "foo"
"foo"
C:\>echo foo
foo

I'm not necessarily suggesting any changes in the implementation of the current feature, just maybe a textual change - "on Windows use ..." vs "on an actual operating system use..."

In this case plain cmd.exe: ``` C:\>echo "foo" "foo" C:\>echo foo foo ``` I'm not necessarily suggesting any changes in the implementation of the current feature, just maybe a textual change - "on Windows use ..." vs "on an actual operating system use..."

WithLithum commented 2025年09月12日 01:38:24 +02:00

The Command Prompt (cmd.exe) is extremely ancient and does not support many of the things used in modern shells.

I've seen some documentations outright saying that the commands written should only be executed with the cross-platform PowerShell (pwsh / GH microsoft/PowerShell), not even the Windows PowerShell (not the same thing as pwsh, this one is older).

The Command Prompt (`cmd.exe`) is extremely ancient and does not support many of the things used in modern shells. I've seen some documentations outright saying that the commands written should only be executed with the _cross-platform PowerShell_ (`pwsh` / GH microsoft/PowerShell), not even the Windows PowerShell (not the same thing as `pwsh`, this one is older).