Ahhh..I think I see the problem, at least with my communication.

I am not dealing with the htpasswd file. THAT encryption I can get around, and in fact have written many scripts to deal with it.

My problem resides in the fact that an external server sets a cookie in my Netscape. Now, I need MY server to grab that cookie, read it all, including a "server signature" field that has been MD5 encrypted.

They gave me a file called "keyring.pub" which I am supposed to use to verify that that MD5 encrypted field is actually the real signature of the master password server (which sets all these cookies).

The end result being that I have verified that the cookie has not been messed with since the master server set it.

My real problem is that I do not know the unencrypted signature! Or, possibly it is within this "keyring.public"? This is why I was thrown when everyone said MD5 didn't use private/public pairing. I know that I am not able to give all information, but can you make sense of what I am supposed to do to verify this "signature" using MD5 and a keyring.public (which is binary by the way).

With the exception of this problem, the rest of this access methodology follows the Book almost exactly!

In case you are wondering why I don't just ask them, this has to be done on the sly. They want me to do it, desperatly, but my normal fees are not in their budget. I told them I would do it simply because so many people here at Ford and Visteon need it. Call me a pushoever, I guess. Anyhow, they cannot "show their heads" on this. The working code has to just "pop up" out on the company news server one day.

What does this little button do . .<Click>; "USER HAS SIGNED OFF FOR THE DAY"