Sign a mail

André Rothe arothe at
Mon Jul 20 21:42:18 CEST 2009


Thank you for your answer. I have read the RFC 3156, but the examples  
are not very helpful to me.

Werner Koch <wk at> wrote:

> RFC-3156 has good examples.
>> Content-Type: multipart/mixed;
>> to
>> ------=_Part_0_22676229.1248101390164--
>> to sign the mail. But always I get an invalid signature. Has anyone an idea?
> The mime parts ends at
>   --------------248101390272--

Hm, I think, this line is the end of the enclosing MIME part, but the  
part I have to sign is the content part of the PGP/MIME structure (the  
inner boundaries). RFC 3156 says, I have to include the inner  
boundaries into the signed content, but should I include also the last  
CR+LF? Is it necessary to encode the parts of the signed content with  
quoted-printable? I use

gpg --charset utf8 -a --batch --no-tty --digest-algo sha256 -s -b -a  
-t -u 0xA4BD4B02 --no-use-agent

as the signature creation command, but I'm not sure with the -t.

> also recall that the CR,LF right before this boundary line is part of
> the boundary and NOT part of the signed data.

There are two CR+LFs between the inner boundary and the next outer boundary...

Encryption and PGP/MIME is very simple to produce, but the signature  
alone has cost a weekend till now.

Sorry, but I don't know, whom I could ask

More information about the Gnupg-devel mailing list