Right now, the only way to sign your git commits is to use PGP signatures (this is all git is able to integrate with). After a less than desirable experience using GPG, without wrote bpb in Rust to replace GPG.
I’ve been taking steps toward trying to sign and verify the data in the repo’s index without shipping a copy of GPG with Rust to every user.
This means I need to implement enough of the PGP protocol to create signatures and public keys that git will accept as valid. I’ve done this in a library which I’ve named pbp, this stands for Pretty Bad Protocol.
This library implements parsing and generation for a small subset of the PGP protocol…