Anonymous wrote:
Steps to verify the "ring signature" file (note: you must have the openssl library installed):
1. Save http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html, as text, to the file ringsig.c. Delete the paragraph of explanation, and/or any HTML junk, so the file starts with:
/* Implementation of ring signatures from * http://theory.lcs.mit.edu/~rivest/RivestShamirTauman-HowToLeakASecret.pdf * by Rivest, Shamir and Tauman
and it ends with:
lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89 [...] */
2. The "[...]" above is where a remailer caused some of the signature to be stripped out. Replace the last few lines of ringsig.c with the text from http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00306.html. This has the lines from the END PGP PUBLIC KEY BLOCK line onward. The last lines of the ringsig.c file should be:
BjHTDH0VZeu3IxUFh37w2fIEehL8WrXvCoCMFnd1/bnn/qI/STXgg6as579/yBIJ nJra7Ceru4q4wUssK79T6SdOM6wcvVg96ub4UOTaPO4wYhhadCbLFpl3tPfTLceb */
3. Compile ringsig.c using the openssl library, to form an executable file "ringsig". Try running ringsig and you will get a usage message.
4. Get the two perl scripts from http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00313.html and save them as "ringver" and "ringsign".
5. Run the ringsig.c file through the "pgp" program to create a PGP key ring file from the PGP PUBLIC KEY BLOCK data. With the command line version of PGP 2.6.2 the command is:
pgp -ka ringsig.c sigring.pgp
This will also show you the set of keys, one of which made the signature.
*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c, ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
Once it works, I'll happily do that, but...
6. Finally, the verification step: run the ringver perl script, giving the PGP key file created in step 5 as an argument, and giving it the ringsig.c file as standard input:
./ringver sigring.pgp < ringsig.c
This should print the message "Good signature".
ben@scuzzy:~/tmp/multisign$ ./ringver pubring.pkr < testwhole ERROR: Bad signature (Incidentally, this was the procedure I followed in the first place, except I manually broke the file into parts, rather than using ringver). I still suggest sending the relevant file as an attachment, so it doesn't get mangled in transit. I wonder how many people are now convinced I didn't write this code? ;-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff