Sign a mail
wk at gnupg.org
Tue Jul 21 09:39:08 CEST 2009
On Mon, 20 Jul 2009 21:42, arothe at phosco.info said:
> inner boundaries). RFC 3156 says, I have to include the inner
> boundaries into the signed content, but should I include also the last
Here is a slighly modified example:
+-- First column
Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5;<CRLF>
& Content-Type: text/plain; charset=iso-8859-1<CRLF>
& Content-Transfer-Encoding: quoted-printable<CRLF>
& Did you know that talking to yourself is a sign of senility?<CRLF>
& It's generally a good idea to encode lines that begin with<CRLF>
& From=20because some mail transport agents will insert a greater-<CRLF>
& than (>) sign, thus invalidating the signature.<CRLF>
& Also, in some cases it might be desirable to encode any =20<CRLF>
& trailing whitespace that occurs on lines in order to ensure =20<CRLF>
& that the message signature is not invalidated when passing =20<CRLF>
& a gateway that modifies such whitespace (like BITNET). =20<CRLF>
-----BEGIN PGP MESSAGE-----<CRLF>
<CRLF> surprisingly denotes the RFC822 required CR, LF.
[...] Is stuff I don't show.
& denotes the signed text.
You create the signature over all the lines marked with &. As you can
see the <CRLF> line after the last &-marked line is not part of the
signed text; it is part of the boundary in the following line.
Now this is a plain single item message. If you want to sign another
multipart MIME message, you do it straightforward: Replace the
Content-Type line after the first "<CRLF>--bar" boundary with the new
content-type, for example:
Content-Type: multipart/mixed; boundary=foo;<CRLF>
and include this line in the signature, the last line of this mime
container will be
which is also included in the signed data. After that you will continue
which is not anymore part of the signed text.
> CR+LF? Is it necessary to encode the parts of the signed content with
> quoted-printable? I use
That depends on the content. RFC-3156 gives very specific rules on how
to do that. Make sure the signed data is 7-bit.
> as the signature creation command, but I'm not sure with the -t.
The -t is fine, but not required if you follow the rules:
Note: Implementations can either generate "signatures of a
canonical text document" or "signatures of a binary document", as
defined in . The restrictions on the signed material put forth
in section 3 and in this section will make sure that the various
MIC algorithm variants specified in  and  will all produce
the same result.
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel