splitting up an inline-signed OpenPGP message

Guilhem Moulin guilhem at fripost.org
Sun Sep 4 17:40:37 CEST 2016

Hi Daniel,

On Sun, 04 Sep 2016 at 10:32:24 -0400, Daniel Kahn Gillmor wrote:
> I'd like to provide a simple utility to split an inline-signed OpenPGP
> message into a body and a signature that can then be verified
> independently with gpgv.

Thanks for working on that!  It's likely to be useful with uscan(1),
among other things.

> Can anyone point out what i've done wrong?

Looks like it's due to

   “The line ending (i.e., the <CR><LF>) before the '-----BEGIN PGP
    SIGNATURE-----' line that terminates the signed text is not
    considered part of the signed text.” — RFC 4880 sec. 7.1

Indeed, after

    { echo a; echo b; echo c; } | gpg --clearsign | split-inline-signed.pl >body 3>sig.asc

body contains "a\nb\nc\n".  While

    ~$ gpg --verify sig.asc body


    ~$ gpg --verify sig.asc <(echo -en "a\nb\nc")


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: </pipermail/attachments/20160904/b2cfe4a1/attachment.sig>

More information about the Gnupg-devel mailing list