Not exactly what you're asking, but I was able to verify signature packets on an OpenPGP public key using openssl.
https://github.com/diafygi/openpgp-python/blob/master/README.md#openssl-signature-verification In order to learn the format better, I've been hacking together a very rough OpenPGP parser in Python without using gpg. To verify signatures with only openssl, you need to extract and convert the raw public RSA key to pem format, then dump the raw signature and data payload concatenation. My code is really terrible, but feel free to read through it to see how I calculate the public key pem (without an ASN.1 parser) and raw data payload. Maybe that can give you some ideas on how to make gpg signatures compatible with openssl. Daniel On Oct 4, 2015 4:44 PM, <[email protected]> wrote: > > Hi, > > i've googled a lot and i guess it is just not possible but i want to ask this list before giving up. > > Is it possible to create (and verify) PKCS1_PSS signatures with gpg that are compatible with openssl? > > The signatures are created with this commands: > # Generate keys > openssl genrsa -out priv.pem > # Export public key > openssl rsa -pubout -in priv.pem -out pub.pem > # Create test file > echo test123 > test.txt > # Create signature > openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign priv.pem -out test.txt.sig test.txt > # Verify signature > openssl dgst -sha1 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify pub.pem -signature test.txt.sig test.txt > > The reason for choosing openssl over gpg is the smooth support for RSA signatures in python (pycrypto). Verifying a RSA (PKCS1 PSS) signature requires just the public key which makes it easy to use especially when verification of the signature must be done in a daemon. > > But there are also good reasons for using gpg on the client side because its easy to use with smartcards (e.g. a yubikey). So my perfect setup would be to be able to create signatures with gpg that can be verified with openssl/pycrypto in my daemon. > > regards > the2nd > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
