HowTo Verify : PGP Mime Signature over Text AND Attachment (RFC2015)
Harakiri
harakiri_23 at yahoo.com
Mon Feb 9 07:35:39 CET 2004
Hello *,
the RFC 2015 does not clearly state what has to be
done
for messages with includes text AND an attachment for
signing.
For mime signing a text only, it is clear i have to
sign the content types and the data (text) itself.
However, what should i do if i want to mime sign text
+ attachment ? Or verify that ?
Enigmail is able to sign/verify mime with attachments,
but i dont quiet understand what they are
signing/verifying.
Example :
--------------enigD9298D14592C3F164E9C405E
Content-Type: multipart/mixed;
boundary="------------000403090109010305080707"
This is a multi-part message in MIME format.
--------------000403090109010305080707
Content-Type: text/plain; charset=us-ascii;
format=flowed
Content-Transfer-Encoding: 7bit
test
--------------000403090109010305080707
Content-Type: text/plain;
name="test.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="act.txt"
data in txt file
--------------000403090109010305080707--
--------------enigD9298D14592C3F164E9C405E
Content-Type: application/pgp-signature;
name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment;
filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (MingW32)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
[...mysig]
-----END PGP SIGNATURE-----
Now, as you can see both (the text and the attachment)
is included within the mime part - rfc states that
mime signatures must have exactly 2 parts - the data
and the signature. This time the data is over 2 parts.
I tried verifying this data manually with gpg - with
no luck, i thought the data to be verified looked like
this :
-------------------------------------------
Content-Type: text/plain; charset=us-ascii;
format=flowed
Content-Transfer-Encoding: 7bit
test
Content-Type: text/plain;
name="test.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="act.txt"
data in txt file
-------------------------------------------
But i always got bad signature, even if this would
work for txt attachments, what should i do for binary
attachments ? First convert from base64(or anything
else) to binary and than verify ?
Any ideas ? I understand the structure of mime
signatures, but only for messages with no attachments.
Thanks
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
More information about the Gnupg-devel
mailing list