How_to_verify_a_datafeed_article stjohn_piano Note: This page is subject to change at any time. It is not signed by the author or by Edgecase Datafeed. Note: All articles published on Edgecase Datafeed are datafeed articles and are signed by Edgecase Datafeed. A datafeed article may contain an article, a signed article, or a checkpoint article. To verify a datafeed article means to check that the GPG digital signature attached to it is mathematically valid and optionally to check its time of publication as measured by block height on the bitcoin blockchain. The most recent articles may not yet have been published on the bitcoin blockchain. 1) Install GPG 1.4.x (preferably 1.4.10), if you don't already have it on your system. How to do this is beyond the scope of this recipe. 2) Browse to the datafeed article that you wish to verify. In the Downloads menu, there should be a "Download this article" link to the original datafeed article, which is a text file. Clicking this link should cause your browser to ask you to download this text file. 3) Browse to the hyperlink /pages/public_keys.txt Public Keys page on this site. On this page, there should be a download link to Edgecase Datafeed public key, which is stored in GPG base-64 format in a text file. Clicking this link should cause your browser to ask you to download this text file. 4) Create a new directory e.g. "verify_datafeed_article". Place the datafeed article file and Edgecase Datafeed public key file in this directory. Create another directory within this directory for use as a temporary GPG keyring e.g. "keyring_tmp". Open a commandline terminal, change directory to "verify_datafeed_article", and run the following command to set directory permissions for "keyring_tmp" to the permissions that GPG expects. A setting of 700 allows the user (you) to read/write/execute anything in the directory, but prevents any other user account on your system (e.g. another program) from doing so. $ chmod 700 keyring_tmp 5) Extract the datafeed article: Open the datafeed article file. Highlight everything between and including the first character of \ ("\<") and the last character of \ ("\>"). Copy this text. Open a new text file. Paste this text into it. Save this file in the directory "verify_datafeed_article" as e.g. "datafeed_article.txt". 6) Extract the datafeed article signature: In the open datafeed article file, highlight everything between and including the first character of \ ("\<") and the last character of \ ("\>"). Copy this text. Open a new text file. Paste this text into it. Replace "\" with "-----BEGIN PGP SIGNATURE-----" and press enter to add a new line immediately after this replacement text. Replace "\" with "-----END PGP SIGNATURE-----". Save this file in the directory "verify_datafeed_article" as e.g. "datafeed_article.sig". Applying these changes to this example datafeed signature: \ iQIcBAABCgAGBQJZVAWEAAoJECL1OzZgiBhwOoQP/AlgBl8VM3JkFsWSL+UCpNnW P7HJhFFcFbmN5r3/XGqD0xffEXyzOLqo4RPu4FOzzua8A3S1hP3rkmvvhsedJe9E egQaacFyg7dSJd+n/RPNn/s5HtdvnKmYz4jglIBix2gJof/5VjyIwYkdn9Vj+4ZG 7n40XoLQVf8c499mX4YvgBByltGTDFeP6eTFlcLa3kJ7ydsfVbCzcuy6vqWa33eg kZkIfbDLJIgQCp3L5DTrvbKMWhUSvbKZGwsS67Gw02sz8KrBnaMkvIba+Xe6555a v7w//81ZKWzIYdhnQAZ4A1bh9psCIWEb6e0kleY6qNuE15gHyHUWn2NibAmNf10Z bcXfHgOf73zfrQOIczAHKzIBKDinSeI7nFbmRQE9ynAvlG3dZDu/deoG32/P/ADK J5+QCRGDZoDs0t443RkW2d7Y97OtI552FDQK5wVsZknl3QKaIIbQGNfSJ6izPEB4 qtQzpnXXjrb0nJFUPC4RkiSuw0aq3mToQCMOYhkwEee71C26SqSmCuVHmeNxXksw /1wbwxDdw9u1DwxCHLizHfpz04GsRhuxndMWT005KQo3UagfsUjlWCmQZQ/+xrI5 +vVzNlT3msPCZD8eGkYOdDoQ3/8Lm94u5Fg/+OcIlti5CPySsLMXhOmMmwxW3uDU 8r9dSmmtfx6NgTHCvodV =FpZQ \ should result in this example GPG signature: -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJZVAWEAAoJECL1OzZgiBhwOoQP/AlgBl8VM3JkFsWSL+UCpNnW P7HJhFFcFbmN5r3/XGqD0xffEXyzOLqo4RPu4FOzzua8A3S1hP3rkmvvhsedJe9E egQaacFyg7dSJd+n/RPNn/s5HtdvnKmYz4jglIBix2gJof/5VjyIwYkdn9Vj+4ZG 7n40XoLQVf8c499mX4YvgBByltGTDFeP6eTFlcLa3kJ7ydsfVbCzcuy6vqWa33eg kZkIfbDLJIgQCp3L5DTrvbKMWhUSvbKZGwsS67Gw02sz8KrBnaMkvIba+Xe6555a v7w//81ZKWzIYdhnQAZ4A1bh9psCIWEb6e0kleY6qNuE15gHyHUWn2NibAmNf10Z bcXfHgOf73zfrQOIczAHKzIBKDinSeI7nFbmRQE9ynAvlG3dZDu/deoG32/P/ADK J5+QCRGDZoDs0t443RkW2d7Y97OtI552FDQK5wVsZknl3QKaIIbQGNfSJ6izPEB4 qtQzpnXXjrb0nJFUPC4RkiSuw0aq3mToQCMOYhkwEee71C26SqSmCuVHmeNxXksw /1wbwxDdw9u1DwxCHLizHfpz04GsRhuxndMWT005KQo3UagfsUjlWCmQZQ/+xrI5 +vVzNlT3msPCZD8eGkYOdDoQ3/8Lm94u5Fg/+OcIlti5CPySsLMXhOmMmwxW3uDU 8r9dSmmtfx6NgTHCvodV =FpZQ -----END PGP SIGNATURE----- 7) Open a commandline terminal, change directory to the directory "verify_datafeed_article", and run the following command, which creates a temporary GPG keyring and imports the Edgecase Datafeed public key into it: $ gpg --no-default-keyring --keyring pubring.gpg --homedir keyring_tmp --import edgecase_datafeed_public_key.txt example output: gpg: keyring `keyring_tmp/secring.gpg' created gpg: keyring `keyring_tmp/pubring.gpg' created gpg: keyring_tmp/trustdb.gpg: trustdb created gpg: key 60881870: public key "edgecase_datafeed" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) 8) In the open commandline terminal, run the following command, which verifies that the signature of this checkpoint article is valid. $ gpg --no-default-keyring --keyring pubring.gpg --homedir keyring_tmp --verify datafeed_article.sig datafeed_article.txt example output: gpg: Signature made Wed Jun 28 19:37:40 2017 GMT using RSA key ID 60881870 gpg: Good signature from "edgecase_datafeed" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 112D 22BA 9DE1 60ED 6A20 E07D 22F5 3B36 6088 1870 GPG will warn you that this public key is not certified. Certification means that someone (you yourself, someone you trust, or someone trusted by someone you trust, etc) would have to meet the owner of the Edgecase Datafeed public key, verify that they are who they claimed to be, and sign this public key using a key of their own. You would then import this signature into GPG. This signature would certify that a particular person owned this public key. I have carefully written this recipe so that you do not have to maintain a trust management system inside GPG. This limits this recipe to the intended scope (it only shows you how to verify that the signature is mathematically valid - it does not ask you to trust the Edgecase Datafeed public key). This also has the advantage that this verification recipe can be automated in a straightforward manner. However, this also means that GPG will necessarily not be able to find any record within itself that the Edgecase Datafeed public key is owned by a particular person, so it will produce a warning. The important result is this line: gpg: Good signature from "edgecase_datafeed" which means that GPG has used the Edgecase Datafeed public key to verify that the signature was created using the Edgecase Datafeed private key. Note: The private key is mathematically related to the public key and can be kept secret by its holder. The public key can be published and allows another person to verify that a particular signature was made by the corresponding private key. 9) You have now confirmed that this datafeed article was signed by Edgecase Datafeed.