Signature in Attachment

Stewart V. Wright swright at physics.adelaide.edu.au
Wed Dec 8 00:59:00 CET 2004


G'day Don,

* Don Ferguson <Don.Ferguson at mitchell.com> [041207 17:43]:
> Many of the messages going to this mailing list also have digital
> signatures.  I have no problem verifying the signatures that are clear
> signed; however, those messages with an attached signature always fail
> the verification.  Can someone tell me the procedure to verify a
> signature for an email message when it is in an attachment?

<initial thought>
  You need to get a real email program.  Ditch the Microsoft and get
  something that recognises PGP/MIME.
</initial thought>


Basically signatures in the attachments are generated by emailers that
are able to use RFC 2015 (I think - Google for "pgp signature rfc")
which effectively specifies that the (Open)PGP signature of an email
should be an attachment.  The old style signatures are frowned upon
(in some circles) and the argument is that "application/pgp is not
really suited to a world with MIME, non-textual body parts and similar
things"  (from the mutt web page).  Translation - MIME good.


As for verifying the messages...  Um, can you save both the text of
the email and the attached signature and then gpg --verify them?  I
don't really know, mutt (my mail program) does it all automatically
for me!  :-)  As another alternative try one of the many other
programs (thunderbird, ...) that will be suggested by the other
replies I expect you will receive.



Cheers,

S.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: Digital signature
Url : /pipermail/attachments/20041207/f6a5abbc/attachment-0001.bin


More information about the Gnupg-users mailing list