HowTo Verify : PGP Mime Signature over Text AND Attachment
(RFC2015)
Harakiri
harakiri_23 at yahoo.com
Mon Feb 9 09:18:02 CET 2004
Thanks for the fast reply, well thats like i thought
but i must be missing something - what is actually
signed within this multipart ?
I thought it was :
Part 1 Content-Types
Part 1 Data
Part 2 Content-Types
Part 2 Data
or do i miss something here ? I dont think the
boundarys are signed to, or are they?
Because i tried to verified such a message as i said
with gpg, i pasted the 1 Part and the 2 Part together
and tried gpg --verify sig.txt data.txt, but i always
had a bad signature.
Regards
--- Jeffrey Stedfast <fejj at ximian.com> wrote:
> A multipart is considered 1 part. So when you sign a
> part with text +
> attachments (aka a multipart), you treat the
> encapsulating multipart as
> the single part to sign.
>
> so, if you have the structure:
>
> multipart/mixed
> text/plain
> image/jpeg
>
> and then go and sign it using rfc3156 (which
> obsoletes rfc2015), you end
> up with:
>
> multipart/signed
> multipart/mixed
> text/plain
> image/jpeg
> application/pgp-signature
>
> Hope that clears things up for you.
>
> Jeff
__________________________________
Do you Yahoo!?
Yahoo! Finance: Get your refund fast by filing online.
http://taxes.yahoo.com/filing.html
More information about the Gnupg-devel
mailing list