'nother n00bie Q: Verifying the DSA signature?

Dan Lyke danlyke at flutterby.com
Fri May 20 11:59:17 PDT 2005

so I retrieve the public key with:

GET 'http://www.livejournal.com/misc/openid.bml?openid.mode=getpubkey' > sigfile.sig

And I've used LiveJournal to generate a referer back to my app at
http://danlyke.gamahuche.com/openid.cgi which has given me:

openid.mode: id_res
openid.assert_identity: http://www.livejournal.com/users/danlyke/
openid.sig MCwCabcVttGPXYZuML6vsHIYmKZZZZSUeAhR4JZEY9lLAYVxmbkrRNWWlt8ZPDw==
openid.timestamp 2005-05-20T18:30:09Z

(sig obfuscated because I'm not sure I fully understand the
implications of disclosure)

Which I've built into a signed string of:


Now how do I verify this silly thing?

As a stupid guess, I've tried munging it back into a file that looks

-----BEGIN PmungedtonotscrewupemailersGP SIGNED MESSAGE-----
Hash: DSA

-----BEGIN PmungedtonotscrewupemailersGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)


-----END PmungedtonotscrewupemailersGP SIGNATURE-----

and running "gpg --verify sigfile.sig signedfile"

And I'm getting

   gpg: no valid OpenPGP data found.
   gpg: the signature could not be verified.

I should probably just wait for Brad's Perl code, but this was making
a great distraction from figuring out inverse spline motion
projections on 4 dimensional hyperspheres (no, really... I kid you

Sigh. Back to the hyperspheres.


More information about the yadis mailing list