[Catalog-sig] Mirror authenticity

Sean Reifschneider jafo at tummy.com
Sun Mar 29 07:06:57 CEST 2009

Martin v. Löwis wrote:
> Unfortunately, using the openssl command line isn't good enough.
> It doesn't support DSA signing or verifying (the PyPI client would
> need verification, not signing).

Are you sure?  Doesn't the "dgst" message digest sub-command do what you're
looking for, given a DSA public/private key pair?

   openssl dgst -sign private-key-file -out signature-file <file-to-verify
   openssl dgst -verify public-key-file -signature signature-file <file-to-verify

Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability

More information about the Catalog-SIG mailing list