Anonymous wrote: > Steps to verify the "ring signature" file (note: you must have the openssl > library installed): > > > 1. Save http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html, > as text, to the file ringsig.c. Delete the paragraph of explanation, and/or any > HTML junk, so the file starts with: > > /* Implementation of ring signatures from > * http://theory.lcs.mit.edu/~rivest/RivestShamirTauman-HowToLeakASecret.pdf > * by Rivest, Shamir and Tauman > > and it ends with: > > lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb > eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89 > [...] > */ > > > 2. The "[...]" above is where a remailer caused some of the signature > to be stripped out. Replace the last few lines of ringsig.c with the > text from > http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00306.html. > This has the lines from the END PGP PUBLIC KEY BLOCK line onward. > The last lines of the ringsig.c file should be: > > BjHTDH0VZeu3IxUFh37w2fIEehL8WrXvCoCMFnd1/bnn/qI/STXgg6as579/yBIJ > nJra7Ceru4q4wUssK79T6SdOM6wcvVg96ub4UOTaPO4wYhhadCbLFpl3tPfTLceb > */ > > > 3. Compile ringsig.c using the openssl library, to form an executable file > "ringsig". Try running ringsig and you will get a usage message. > > > 4. Get the two perl scripts from > http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00313.html > and save them as "ringver" and "ringsign". > > > 5. Run the ringsig.c file through the "pgp" program to create a PGP key > ring file from the PGP PUBLIC KEY BLOCK data. With the command line > version of PGP 2.6.2 the command is: > > pgp -ka ringsig.c sigring.pgp > > This will also show you the set of keys, one of which made the signature. > > *** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c, > ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE > CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
Once it works, I'll happily do that, but... > 6. Finally, the verification step: run the ringver perl script, giving the > PGP key file created in step 5 as an argument, and giving it the ringsig.c > file as standard input: > > ./ringver sigring.pgp < ringsig.c > > This should print the message "Good signature". ben@scuzzy:~/tmp/multisign$ ./ringver pubring.pkr < testwhole ERROR: Bad signature (Incidentally, this was the procedure I followed in the first place, except I manually broke the file into parts, rather than using ringver). I still suggest sending the relevant file as an attachment, so it doesn't get mangled in transit. I wonder how many people are now convinced I didn't write this code? ;-) Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff