GPGME: verify signature question
wk at gnupg.org
Tue May 7 15:37:02 CEST 2002
On Tue, 7 May 2002 14:18:50 +0200, Paolo Perego said:
> Is the signature calculated from the first "--boundary" or also the mail
> header are hashed by gpg?
Subject: a signed message
This is the content which might be encoded in any way as
specified by a encoding header. For signature verification there
is nothing we have to care about.
What you hash is this string in C notation:
"Content-Type: whatever/foo\r\n\r\nThis is the content which might"
" be encoded in any way as\r\nspecified by a encoding header. For"
" signature verification there\r\nis nothing we have to care about.\r\n"
And you might want to keep in mind that such a PGP/MIEM object may be
embedded in other MIME objects or the whatever/foo conetnt type might
be a multipart/mixed or whatever you can imagine.
gpg --debug 512
is of great help here because it creates files dbgmd*.<somecode> with
the actually hashed content.
More information about the Gnupg-devel