Note: All articles published on Edgecase Datafeed are datafeed articles and are signed by Edgecase Datafeed. A datafeed article may contain an article, a signed article, or a checkpoint article. To verify a datafeed article means to check that the GPG digital signature attached to it is mathematically valid and optionally to check its time of publication as measured by block height on the Bitcoin blockchain. The most recent articles may not yet have been published on the Bitcoin blockchain.


Note: A signed article is signed by its author as well as by Edgecase Datafeed. The author signature is cryptographic proof of the validity of the author's claim of authorship.


1) Install GPG 1.4.x (preferably 1.4.10), if you don't already have it on your system. How to do this is beyond the scope of this recipe.


2) Check that your system has a utility for calculating the SHA256 hash of a file. If it does not, find and install one. How to do this is beyond the scope of this recipe.


3) Browse to the signed article that you wish to verify. Make a note of the author's name e.g. "StJohn Piano". In the Downloads menu, there should be a "Download this article" link to the original datafeed article, which is a text file. Clicking this link should cause your browser to ask you to download this text file.


4) Follow this recipe How to verify a datafeed article to verify the Edgecase Datafeed signature on the signed article.


5) Browse to the Authors page on this site. Look for the author's name e.g. "StJohn Piano". Click the author's name, which should be linked to the author's page. On the author's page, there should be a download link to the author's public key, which is stored in GPG base-64 format in a text file. Clicking this link should cause your browser to ask you to download this text file.


6) Create a new directory e.g. "verify_signed_article". Place the datafeed article file and the author public key file in this directory. Create another directory within this directory for use as a temporary GPG keyring e.g. "keyring_tmp". Open a commandline terminal, change directory to "verify_datafeed_article", and run the following command to set directory permissions for "keyring_tmp" to the permissions that GPG expects. A setting of 700 allows the user (you) to read/write/execute anything in the directory, but prevents any other user account on your system (e.g. another program) from doing so.

$ chmod 700 keyring_tmp


7) Extract the signed article: Open the signed article file. Highlight everything between and including the first character of <article> ("<") and the last character of </article> (">"). Copy this text. Open a new text file. Paste this text into it. Save this file in the directory "verify_signed_article" as e.g. "signed_article.txt".


8) Extract the signed article signature: In the open signed article file, highlight everything between and including the first character of <author_signature> ("<") and the last character of </author_signature> (">"). Copy this text. Open a new text file. Paste this text into it. Replace "<author_signature>" with "-----BEGIN PGP SIGNATURE-----" and press enter to add a new line immediately after this replacement text. Replace "</author_signature>" with "-----END PGP SIGNATURE-----". Save this file in the directory "verify_signed_article" as e.g. "signed_article.sig". Close the new signed article file.

Applying these changes to this example author signature:



should result in this example GPG signature:




9) Open a commandline terminal, change directory to the directory "verify_signed_article", and run the following command, which creates a temporary GPG keyring and imports the author public key into it. Replace "stjohn_piano" with a different author name if necessary.

$ gpg --no-default-keyring --keyring pubring.gpg --homedir keyring_tmp --import stjohn_piano_public_key.txt

example output:

gpg: keyring `keyring_tmp/secring.gpg' created
gpg: keyring `keyring_tmp/pubring.gpg' created
gpg: keyring_tmp/trustdb.gpg: trustdb created
gpg: key E61BD317: public key "stjohn_piano" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)


10) In the open commandline terminal, run the following command, which verifies that the signature of this signed article is valid.

$ gpg --no-default-keyring --keyring pubring.gpg --homedir keyring_tmp --verify signed_article.sig signed_article.txt

example output:

gpg: Signature made Wed Jun 28 19:34:17 2017 GMT using RSA key ID E61BD317
gpg: Good signature from "stjohn_piano"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: A69D D24E AB33 10E2 972E 6846 2F11 3FE1 E61B D317

GPG will warn you that this public key is not certified. Certification means that someone (you yourself, someone you trust, or someone trusted by someone you trust, etc) would have to meet the owner of the stjohn_piano public key, verify that they are who they claimed to be, and sign this public key using a key of their own. You would then import this signature into GPG. This signature would certify that a particular person owned this public key.

I have carefully written this recipe so that you do not have to maintain a trust management system inside GPG. This limits this recipe to the intended scope (it only shows you how to verify that the signature is mathematically valid - it does not ask you to trust the author public key). This also has the advantage that this verification recipe can be automated in a straightforward manner. However, this also means that GPG will necessarily not be able to find any record within itself that the Edgecase Datafeed public key is owned by a particular person, so it will produce a warning.

The important result is this line:

gpg: Good signature from "stjohn_piano"

which means that GPG has used stjohn_piano's public key to verify that the signature was created using stjohn_piano's private key.

Note: The private key is mathematically related to the public key and can be kept secret by its holder. The public key can be published and allows another person to verify that a particular signature was made by the corresponding private key.


11) In the open commandline terminal, run the following command to find the SHA256 hash of the original datafeed article. Replace "sha256" with the appropriate command on your system. Replace "2017-06-28_edgecase_datafeed_article_1_2017-06-28_stjohn_piano_viewpoint.txt" with the filename of the datafeed article you are verifying.

$ sha256 2017-06-28_edgecase_datafeed_article_1_2017-06-28_stjohn_piano_viewpoint.txt

example output:

e7beffdee3ef01baedba6301a5c5b0fea010e99e2484884861e5ce9866d25c7f


12) Browse to the signed article. In the Navigation menu, there should be a link to the next checkpoint in Edgecase Datafeed. Browse to the next checkpoint. Find the article description corresponding to the signed article. Compare the SHA256 hash in this article description to the SHA256 hash that you generated in the previous step. They should be identical.


13) Follow this recipe How to verify a checkpoint article to confirm that the next checkpoint was published by Edgecase Datafeed at a specific time and has not been changed since that time. Time is measured here as block height on the Bitcoin blockchain.


14) Optionally, repeat the previous two steps for the previous checkpoint.


15) You have now confirmed that this signed article
- was signed by its author
- was published by Edgecase Datafeed at a time prior to the publication of the next checkpoint.
- (optional) was published by Edgecase Datafeed at a time after the publication of the previous checkpoint.
- has not been changed since the time of its publication.
Time is measured here as block height on the Bitcoin blockchain.
An original, unaltered copy of this signed article is now in your possession.