On 02/09/04(22:51) you Steffen Kaiser <p44eqbdyi-qghxypkhqly6.ml@delegate.org> wrote in <_A2536@delegate-en.ML_> |what's the delegate**.tar.sign file for? It is not recognized by the gpg |--verify *.sign, for instance. It is a string representing "delegateX.Y.Z.tar MD5(delegateX.Y.Z.tar)" signed with my RSA private-key. You can get the verified plain text using DeleGate (in which my public-key is embedded, after DeleGate/8.9.0) like this: % delegated -Fverify delegate8.9.1.tar.sign delegate8.9.1.tar 913a71c69558ecdfaa587f142f191cda Currenty, DeleGate just calles openssl for -Fverify. Thus the above verification is equivalent to the following command: % delegated -FdeMime -b *.sign | openssl rsautl -verify -pubin -inkey my-public-key.pem where my-public-key.pem is available at http://www.delegate.org/rsa-pubkey.pem or dumped with delegated -Fpubkey. On 02/02/04(17:30) in <_A2530@delegate-en.ML_> | DATE: Feb 2 17:12 JST 2004 | TAR-SIZE: 4290560 bytes | TAR-MD5: 913a71c69558ecdfaa587f142f191cda | PUBLIC-KEY: http://www.delegate.org/rsa-pubkey.pem | TAR-MD5-SIGN: | zZ7t6v0hhzcJiwRxTdvyO6Jk6uIRJ0h31ZERpxDxVwamurfUL31t24bUiq5r0QJXoGsDR961 | oaFtpRDIMJkBfKMMkRI2C021fjLHaCIJUqCuEn/zcGOeyZCRWsUOyYSka186hLg6UlgyO/lL | ghI6NESScgIDPpMXjLUO1QbhRIk= Cheers, Yutaka -- D G Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/ ( - ) National Institute of Advanced Industrial Science and Technology _< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan Do the more with the less -- B. Fuller
V