splitting up an inline-signed OpenPGP message
Guilhem Moulin
guilhem at fripost.org
Sun Sep 4 17:40:37 CEST 2016
Hi Daniel,
On Sun, 04 Sep 2016 at 10:32:24 -0400, Daniel Kahn Gillmor wrote:
> I'd like to provide a simple utility to split an inline-signed OpenPGP
> message into a body and a signature that can then be verified
> independently with gpgv.
Thanks for working on that! It's likely to be useful with uscan(1),
among other things.
> Can anyone point out what i've done wrong?
Looks like it's due to
“The line ending (i.e., the <CR><LF>) before the '-----BEGIN PGP
SIGNATURE-----' line that terminates the signed text is not
considered part of the signed text.” — RFC 4880 sec. 7.1
Indeed, after
{ echo a; echo b; echo c; } | gpg --clearsign | split-inline-signed.pl >body 3>sig.asc
body contains "a\nb\nc\n". While
~$ gpg --verify sig.asc body
fails,
~$ gpg --verify sig.asc <(echo -en "a\nb\nc")
succeeds.
Cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: </pipermail/attachments/20160904/b2cfe4a1/attachment.sig>
More information about the Gnupg-devel
mailing list