verifying rsa signatures

David Shaw
Wed Apr 17 19:21:01 2002

On Wed, Apr 17, 2002 at 09:24:28AM -0700, Chandrasekhar I.V. wrote:
> Well, this is wht i get when i tried to import a RSA public key.
>  >> gpg --import pub.pem
> gpg: Warning: using insecure memory!
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0

> Note that pub.pem is my RSA public key extracted frm a RSA private
> key.pem that i used to create the .sig file using RSA digital
> signature algo. Its not a pgp public key and it is created thru
> genrsa frm openssl. and i now want to verify this .sig using gpg
> tools.

PEM and PGP are not the same thing.  While both use the RSA algorithm,
nearly everything else is different.  PEM keys and signatures are not
directly usable by an OpenPGP program (and vice versa).


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson