GPGME: verify signature question

Werner Koch wk at
Tue May 7 15:37:02 CEST 2002

On Tue, 7 May 2002 14:18:50 +0200, Paolo Perego said:

> Is the signature calculated from the first "--boundary" or also the mail 
> header are hashed by gpg?

  Subject: a signed message
  Content-Type: whatever/foo

  This is the content which might be encoded in any way as
  specified by a encoding header.  For signature verification there 
  is nothing we have to care about.

  Content-Type: application/pgp-signature

What you hash is this string in C notation:

  "Content-Type: whatever/foo\r\n\r\nThis is the content which might"
  " be encoded in any way as\r\nspecified by a encoding header.  For"
  "  signature verification there\r\nis nothing we have to care about.\r\n"

And you might want to keep in mind that such a PGP/MIEM object may be
embedded in other MIME objects or the whatever/foo conetnt type might
be a multipart/mixed or whatever you can imagine.

gpg --debug 512

is of great help here because it creates files dbgmd*.<somecode> with
the actually hashed content.


More information about the Gnupg-devel mailing list