| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
15.3.1.1 Signatures
Unless you already have a gpg key create a new PGP key with gpg. Note that DSA with a keysize greater than 1024 does not work with SHA-1. SHA-224,256,384,512 would work, but are not yet implemented in Bigloo.
$ gpg –gen-key
...
pub 1024D/A2DA694E 2010-08-07 [expires: 2010-08-27]
Key fingerprint = DFAF 5894 9003 8640 D45B 6199 07CA 0495 A2DA 694E
uid Bigloo Example
sub 1024g/0B8985E5 2010-08-07 [expires: 2010-08-27]
We export both the public and the private key.
$ gpg -a -o A8453FAB_Bigloo_Example_User.pkey –export A8453FAB $ gpg -a -o A8453FAB_Bigloo_Example_User.skey –export-secret-keys A8453FAB
This small program will simply read the key and print a human-readable representation.
;; contents of print-key.scm
(module print-key
(library openpgp)
(main my-main))
(define (my-main args)
(let ((public-key (car (pgp-read-file "A2DA694E_Bigloo_Example.pkey")))
(secret-key (car (pgp-read-file "A2DA694E_Bigloo_Example.skey"))))
(display (pgp-key->string public-key))
(display (pgp-key->string secret-key))))
The compilation is straight-forward and does not require any special flags:
$ bigloo print-key.scm -o print-key $ ./print-key Bigloo Example 07ca0495a2da694e DSA (Digital Signature Standard) 5fa4e8c90b8985e5 ElGamal (Encrypt-Only) Bigloo Example 07ca0495a2da694e DSA (Digital Signature Standard) 5fa4e8c90b8985e5 ElGamal (Encrypt-Only)
As can be seen, the pgp-key->string routine does not
differentiate between public and private keys.
We can also sign a message:
(let ((my-key (car (pgp-read-file "A2DA694E_Bigloo_Example.skey"))))
(pgp-write-file "msg.sig"
(pgp-sign (read-string)
my-key
(lambda (key) "<Bigloo Example Password>")
:detached-signature? #f)))
Signatures from Bigloo follow RFC 4880 and can therefore be verified
by gpg.
$ echo "Gpg can verify Bigloo’s signature" | ./sign $ gpg –verify msg.sig gpg: Signature made Sat 07 Aug 2010 10:12:21 PM CEST using DSA key ID A2DA694E gpg: Good signature from "Bigloo Example"
Inversely Bigloo can verify pgp’s signature. Here we first
generate a signature with gpg.
$ echo "Bigloo can verify gpg’s signatures." | \
gpg -o msg_gpg.sig -a \
–default-key "Bigloo Example" \
–passphrase <Bigloo Example Password> \
–sign
You need a passphrase to unlock the secret key for
user: "Bigloo Example"
1024-bit DSA key, ID A2DA694E, created 2010-08-07
The following program reads OpenPGP signatures and verifies them. For simplicity the key database will only contain one key, but it could contain any number of keys.
(let ((my-key (car (pgp-read-file "A2DA694E_Bigloo_Example.pkey")))
(sig (pgp-read-file "msg_gpg.sig"))
(db (pgp-make-key-db)))
(pgp-add-key-to-db db my-key)
(print "Signature message: " (pgp-signature-message sig))
(let ((signers (pgp-verify sig (lambda (id) (pgp-resolve-key db id)))))
(for-each (lambda (subkey)
(display (pgp-subkey->string subkey)))
signers)))
As expected, the program verifies the correct signature.
$ ./verify Signature message: Bigloo can verify gpg’s signatures. Bigloo Example 07ca0495a2da694e DSA (Digital Signature Standard)
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on October 23, 2011 using texi2html 5.0.