Importing In-Line Signatures

Dave Barton
Mon Dec 9 11:46:02 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-12-09 at 19:50, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Mon, 2002-12-09 at 06:24, Dave Barton wrote:
> > I have scanned the how-to docs, man pages and faq's but (unless I have
> > missed something obvious) I can't find any definite information about
> > creating an .asc file to import an in-line signature.
> >=20
> > My MUA (Evolution) does not handle in-line signatures automatically and
> > my understanding (limited) is that I must create an .asc file to import
> > it into my keyring. What is not clear to me is which parts of the
> > in-line signature I need to put into the .asc file. I have experimented
> > with several alternatives:
> >=20
> > -----BEGIN PGP SIGNATURE-----		<- Inc and Excl Begin & End
> > Version: GnuPG v1.0.6 (GNU/Linux)	    <- Inc and Excl Version
> > Comment: For info see   <- Inc and Excl comment
> >=20
> > someone's key id here		 	     <- Just the key id
> > -----END PGP SIGNATURE-----
> Hi!
> With the hope of not offending you, it seems to me you should do some
> reading about how gpg works.

You were prepared to offer me some guidance, so no offence taken. You
are undoubtedly right about my needing to read more about how gpg works
and I am working on it, but as Kyle has been saying in the "robot"
thread, signing/encryption is not an easy thing for newbies to grasp.

> You import *keys* into the gpg keyring. You don't import signatures. You
> just verify them.

It was more a case of a newbie's misuse of terminology than
misunderstanding. When I click on the padlock icon (PGP/MIME format) at
the end of an Evolution message, the signature is automatically checked
and if it is verified by the keyserver that user's key is automatically
added to my keyring. The same thing happens using either of the methods
you proposed for in-line signatures.

> Starting with 1.2, evolution has (thank god) removed their always broken
> support for inline signatures, so you see those mails in full, including
> signatures. What you do, when you see a=20
> Hash: SHA1
> signed text like this
> Version: GnuPG v1.2.1 (GNU/Linux)
> iHMEARECADMFAj30WQEsGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
> aWwuMjAwMjA4MjIACgkQi6Qxi+Wn99YHHQCg0NpsevXl/2VAX1aVHApXgyusppQA
> nj5uEDbPcy6glIwJ93JdKjXImArZ
> =3DAWqV
> is: open a terminal, run gpg, and paste the whole mail into it (or save
> the whole mail into a file and do "gpg < themail"):
> -------
> avbidder@altfrangg:~$ gpg < mail=20
> signed text like this
> gpg: Signature made Mon Dec  9 09:49:05 2002 CET using DSA key ID E5A7F7D=
> gpg: Good signature from "Adrian von Bidder <>"
> gpg:                 aka "[jpeg image of size 1956]"
> gpg: Policy:
> avbidder@altfrangg:~$=20
> --------
> Hope this helps
> -- vbi

Thank You. It most certainly did help.

Hopefully it won't be too long before I can shake off my newbie status
and make a useful contribution.

Registered Linux User #288562

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)