[Catalog-sig] Mirror authenticity
Sean Reifschneider
jafo at tummy.com
Sun Mar 29 07:06:57 CEST 2009
Martin v. Löwis wrote:
> Unfortunately, using the openssl command line isn't good enough.
> It doesn't support DSA signing or verifying (the PyPI client would
> need verification, not signing).
Are you sure? Doesn't the "dgst" message digest sub-command do what you're
looking for, given a DSA public/private key pair?
openssl dgst -sign private-key-file -out signature-file <file-to-verify
openssl dgst -verify public-key-file -signature signature-file <file-to-verify
Sean
--
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability
More information about the Catalog-SIG
mailing list