'nother n00bie Q: Verifying the DSA signature?

Nathan D. Bowen nbowen+yadis at andtonic.com
Fri May 20 13:22:00 PDT 2005

Dan Lyke wrote:

>-----BEGIN PmungedtonotscrewupemailersGP SIGNED MESSAGE-----
>Hash: DSA
>-----BEGIN PmungedtonotscrewupemailersGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>-----END PmungedtonotscrewupemailersGP SIGNATURE-----
Actually, you're really close. I spent a couple of hours last night 
before I finally got this working. In my case, I wasn't completely clear 
on the format of the string in the "body", but it looks like you read 
the spec just fine -- your input string looks perfect to me. I believe 
you're running into a problem because PGP doesn't actually sign the 
*body* of the message iteslf; PGP provides a signature of a hash of the 
body of the message.

In other words, you're not going to be able to test this with PGP because:

PGP is expecting to verify something like:
But OpenID creates its signatures with:

I tried to "test it by hand", but not with gpg. I was using openssl 
command lines, but with no more luck than you're having with gpg. 
Eventually I gave up on "testing it by hand", and it turned out to work 
just fine from my own code using the algorithms directly. I hope all of 
the above makes enough sense to get you going, but this stuff can be a 
lot easier to show than to tell -- so just let me know if you'd like to 
just see the java code I'm using.

More information about the yadis mailing list