verifying rsa signatures
Chandrasekhar I.V.
ivshekar@netcontinuum.com
Wed Apr 17 18:40:01 2002
Steve Butler wrote:
> I'm not familiar with openssl. Can it export a public key into OpenPGP
> format? It sounds like the pub.pem is not in the correct format. Can you
> paste this to a public keyserver and have it downloadable?
>
- i guess openssl doesnt know the pgp format. I couldnt find any openssl's rsa utility to convert the rsa public key to OpenPGP format. Since i noticed in the gpg faq and my "gpg --version" that gpg has RSA support, i thought we should be able to verify the signatures generated by RSA algo using the rsa public key (i guess this is pkcs#1 format).
Thats when i stumbled upon this that gpg doesnt allow me to import anything other than a key which is in open pgp format. So can we at all verify the rsa digital signature by using gpg -verify??!
btw heres my pub.pem
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALUH5iVmecS7Rob2749Rj9A5guCepRoY
56ifd3pO8qpAPFGc9MrMQfwK9wLcFOJrTU4NB/K6U4W7SC6tOt9br1kCAwEAAQ==
-----END PUBLIC KEY-----
and the corresponding RSA private key
-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBALUH5iVmecS7Rob2749Rj9A5guCepRoY56ifd3pO8qpAPFGc9MrM
QfwK9wLcFOJrTU4NB/K6U4W7SC6tOt9br1kCAwEAAQJAN4hcyUxOPlNUp0JI6qYS
f8WkqFMCQqcxKUEB3bsqJZ9arz0h/B/DkVsGt3/Bbog8RLtv3Thpo/Z4hkslpq6x
IQIhAOCc8+BiUnUDCP3ruGEI6M5g8uXiARJQfkMvFTlEwxxDAiEAzlPi0xffxtih
gD12TrbaRba1BOwL/OYvg/hQcW8k2jMCIDQpvyl5LBUoo0n1GFjQrOBg+4gPuJf8
QZZwtMkcAwPpAiEAlQHcFBtvzwlwSU8Z++ruY955iN54IeKTejmAzws3kCUCIDw1
hRDJqzHSjXD1GJvslfDUk+d5yZR3w6s/ytacrEOs
-----END RSA PRIVATE KEY-----
>
> -----Original Message-----
> From: Chandrasekhar I.V. [mailto:ivshekar@netcontinuum.com]
> Sent: Wednesday, April 17, 2002 9:24 AM
> To: Steve Butler
> Cc: gnupg-users@gnupg.org
> Subject: Re: verifying rsa signatures
>
> Well, this is wht i get when i tried to import a RSA public key.
> >> gpg --import pub.pem
> gpg: Warning: using insecure memory!
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
>
> Note that pub.pem is my RSA public key extracted frm a RSA private key.pem
> that i used to create the .sig file using RSA digital signature algo. Its
> not a pgp public key and it is created thru genrsa frm openssl. and i now
> want to verify this .sig using gpg tools.
> Does anything special need to be done enable RSA operations? Do we have to
> do sth to the .gnupg/options file?
> And assuming this operation had succeeded, how do i specify the rsa pubkey
> that i want to verify the rsa signature with? I see that "gnupg -verify
> x.sig x.txt" doesnt have the option to take in a specified key.
>
> Basically, can we, using gpg tools, verify the signatures generated thru RSA
> private key using, say, openssl rsa sign generation utilities? If we can,
> then can somebody guide me thru the steps please?
>
> thanks
> sekhar.
>
> Steve Butler wrote:
>
> > I have imported RSA public keys sent to me by others using gpg --import.
> >
> > -----Original Message-----
> > From: Chandrasekhar I.V. [mailto:ivshekar@netcontinuum.com]
> > Sent: Wednesday, April 17, 2002 8:26 AM
> > To: gnupg-users@gnupg.org
> > Subject: verifying rsa signatures
> >
> > Does gnupg-1.0.6 have the support for verifying signatures generated
> > thru RSA encryption of SHA1 hases?
> > I dont see how i can specify a RSA public key to verify a digital
> > signature generated by RSA. "gpg --import" doesnt allow me to import RSA
> > public keys. My "gpg --version" however shows "PubKey RSA,...."
> > Also the "gpg --gen-key" shows me no "RSA"option for the kind of key i
> > want! ( i see only DSA&ElGamal, DSA and ElGamal options).
> > The gnupg faq however says that RSA is included frm gnupg-1.0.3 and
> > above versions!
> >
> > Anyone can help me out?
> >
> > thanks
> > sekhar.
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users@gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> >
> > CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential and privileged information. Any unauthorized review, use,
> disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of the original message.
>
> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.