verifying rsa signatures

Steve Butler sbutler@fchn.com
Wed Apr 17 18:57:02 2002


I'd never show my private key.  Note, I did try to import BOTH your public
and private keys!!  Lucky for you that they are not in the OpenPG format.
But somebody else may have openssl.  So, you should consider your private
key compromised at this point.

Here is an export of a public RSA key.  Note:  Since this isn't my public
key I have modified it in a few places so it will not be loadable.  But, you
can see that the format is different.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6-2 (MingW32)

mQENAzdAOQMAAAEIANQO/87tx+TG9ycFor672tB1LCGfuV4zziOBVoaD4E1SoDtH
sD4wGSCTMObxoL7MsWjWb4WLCSJcKoHsATkrXuqBMD1gO1MFFYfEPubC3bpzFczz
VCrUys3b0W//zysRyRI0fwqIxbdNewnDK2ZZJcIGUxtZVTGYqUC2+LuOUVOQgEGG
Cx5zS2+5Ll2snQuu8FMYwpoE8AT/ZNaAR7aZAQ7nGZp+0THkxgMjaLcAi1krPACM
A3wwFg6Rm9UebUyRoXitVM9i6Ym/3DRJ6WkwTSkaCyJ2izT60nJoLcOCASDKpStY
YBLa/hRn+qr9E8/Sd/8QwmDs95UM+Qtp6cy9bjMABRG0JUhhbGluZnQxIENsaWVu
dCA8aGFsaW5mdDFAaGV3aXR0LmNvbTFJARUDBRA3QDkD+Qtp6cy9bjMBAW4qCACf
Dh8eNze3tTJ3gJG/DaamQHFGwQ5KKwIcm4lRaMo9jxTCp0onLm500KP62+GjKFXJ
NdNxkJiH8MuRdrY7W+cgXsGzwcUnc/mFocYWCplV+swRdoKxKOnmw4ix9HU/ZBwg
4vqFXTSbEmGwOr3anNtQeMTrxzlOwEMaY6GX3cY9ScWa5FwCYiPUmo2zuV+6ycuv
x0XGz3jd98nK3YS353ckgSyki1fxDd0f9xhpyuaK2ggiYfX/7FJAhsfjTf8sfRAY
q4BTv80lD9LAFVM3ZBg2F/bzs9M-bsIwaJmqqwhIyvtA9jlHfB7SoRIE+0o/DZWD
YBwUVkqlgidlZeT8hhS0
=TOUR
-----END PGP PUBLIC KEY BLOCK-----

-----Original Message-----
From: Chandrasekhar I.V. [mailto:ivshekar@netcontinuum.com]
Sent: Wednesday, April 17, 2002 9:50 AM
To: Steve Butler
Cc: gnupg-users@gnupg.org
Subject: Re: verifying rsa signatures



Steve Butler wrote:

> I'm not familiar with openssl.  Can it export a public key into OpenPGP
> format?  It sounds like the pub.pem is not in the correct format.  Can you
> paste this to a public keyserver and have it downloadable?
>

- i guess openssl doesnt know the pgp format. I couldnt  find any openssl's
rsa utility to convert the rsa public key to OpenPGP format. Since i
noticed in the gpg faq and my "gpg --version" that  gpg has RSA  support, i
thought we should be able to verify the signatures generated by RSA algo
using the rsa public key (i guess this is pkcs#1 format).
Thats when i stumbled upon this that gpg doesnt allow me to import anything
other than a key which is in open pgp format. So can we at all verify the
rsa digital signature by using gpg -verify??!

btw heres my pub.pem
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALUH5iVmecS7Rob2749Rj9A5guCepRoY
56ifd3pO8qpAPFGc9MrMQfwK9wLcFOJrTU4NB/K6U4W7SC6tOt9br1kCAwEAAQ==
-----END PUBLIC KEY-----

and the corresponding RSA private key

[snip]


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.