Greetings Monks, I need to verify the signature of a message sent to me (e.g.: Web token). The message is colon separated, with the ending being the signature. I have the public key stored as a binary file. I am trying to use Crypt::OpenPGP to validate this signature. I have never worked on something like this before, so that is why I am reaching out for some help. In the code below, I have the signature and the message in separate files. Ideally, the message (including the signature after the last colon) would be passed to me and I would parse it to get the signature. This is what I have so far:

#!/usr/bin/perl -w

use strict;
use Crypt::OpenPGP;

#Public key stored in binary file
my $pbkey = 'public.bin.key';

#This is how I would get message, which includes the signature
#my $message = 'colon_separated_values';
#my $signature = 'parsed_string_from_message';

#Tried having the message and signature in separate files
my $signature = 'sigFile.txt';
my $message = 'message.txt';

my $pubring = Crypt::OpenPGP::KeyRing->new(Filename => $pbkey) || die 
+"Pubring Failed: ",$pbkey->errstr;
my $pgp = Crypt::OpenPGP->new(PubRing => $pubring) or die "Can't find 
+public key";

my $result = $pgp->verify(
        SigFile => $signature,
        Data => [ $message ]
) || die "Verification Failed: ",$pgp->errstr;

if ($result) {
        print "Verified, signing key: $result\n";
} else {
        print "Bad signature!\n";
}
[download]

This outputs: "Verification Failed: SigFile contents are strange"
Not sure if I am on the right track here so would definitely appreciate any guidance you may offer. Thanks in advance.