Steps to verify the "ring signature" file (note: you must have the openssl library installed): 1. Save http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html, as text, to the file ringsig.c. Delete the paragraph of explanation, and/or any HTML junk, so the file starts with: /* Implementation of ring signatures from * http://theory.lcs.mit.edu/~rivest/RivestShamirTauman-HowToLeakASecret.pdf * by Rivest, Shamir and Tauman and it ends with: lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89 [...] */ 2. The "[...]" above is where a remailer caused some of the signature to be stripped out. Replace the last few lines of ringsig.c with the text from http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00306.html. This has the lines from the END PGP PUBLIC KEY BLOCK line onward. The last lines of the ringsig.c file should be: BjHTDH0VZeu3IxUFh37w2fIEehL8WrXvCoCMFnd1/bnn/qI/STXgg6as579/yBIJ nJra7Ceru4q4wUssK79T6SdOM6wcvVg96ub4UOTaPO4wYhhadCbLFpl3tPfTLceb */ 3. Compile ringsig.c using the openssl library, to form an executable file "ringsig". Try running ringsig and you will get a usage message. 4. Get the two perl scripts from http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00313.html and save them as "ringver" and "ringsign". 5. Run the ringsig.c file through the "pgp" program to create a PGP key ring file from the PGP PUBLIC KEY BLOCK data. With the command line version of PGP 2.6.2 the command is: pgp -ka ringsig.c sigring.pgp This will also show you the set of keys, one of which made the signature. *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c, ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? *** 6. Finally, the verification step: run the ringver perl script, giving the PGP key file created in step 5 as an argument, and giving it the ringsig.c file as standard input: ./ringver sigring.pgp < ringsig.c This should print the message "Good signature". 7. How do you know what this means? For that you have to read the paper referenced in the program to become convinced of the theory, and then to study the program to be convinced that it implements the algorithm in the paper. 8. To create your own signatures, create a PGP keyring file which holds your own key as well as the keys of other people that you want people to think might have issued the signature. They must all be RSA public keys. Create a PGP secring.pgp file which holds just your secret key, and change your passphrase on that key to be blank. (This is temporary, you can change it back or delete the secring.pgp when you are done.) Then use the ringsign perl script: "./ringsign filetosign pubkeyfile privkeyfile > outfile" This will append a signature to the file you are signing. You also need to make sure the recipient knows the pubkeyfile, so you may want to send that separately, or include it in the file being signed as was done in this case. 9. Please report whether you were able to succeed, and if not, which step failed for you. BTW there are a couple of papers on ring signatures to be presented at Crypto 02 so there might be some new improvements coming to the code if the ideas look good. One possibility is extending them to work with DSS keys in addition to the current RSA keys.