combination of text-mode signature (by mutt?) and gpg >= 1.4.8 introduces interoperability problem

David Shaw dshaw at jabberwocky.com
Tue Jul 8 19:26:32 CEST 2008


On Tue, Jul 08, 2008 at 04:52:19PM +0200, Bernhard Reiter wrote:

> Note that you would need to have an attachment in, that already
> has trailing spaces to some lines. Maybe it must be a message/rfc822 
> attachment, I did not verify yet.

This is interesting, as OpenPGP/MIME requires trailing spaces to be
quoted.  ("any trailing whitespace MUST then be removed from the
signed material.")  That would imply that mutt isn't generating the
OpenPGP/MIME message properly.  I suppose that is possible, but it
seems odd as Mutt has always been rigorous about following the
OpenPGP/MIME spec to the letter.

Have you seen this:
http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html

Can you ask the sender to perform the test suggested on that page?
Specifically:

   An easy way to tell if your particular mail program correctly
   implements PGP/MIME signing is to set --no-rfc2440-text, and send
   yourself a signed message that has a number of blank spaces at the
   end of a line.  Then, set --rfc2440-text and attempt to verify the
   signature.  If the signature does not verify correctly, you may
   wish to contact the developer of your mail program for an update.

In this case, of course, have the sender construct the same sort of
message as before (message/rfc822 attachment, etc).

David



More information about the Gnupg-devel mailing list