Revoked keys and validating S/MIME sigs on the command line

Jason Harris
Wed Jul 23 00:33:04 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 22, 2003 at 08:53:59PM +0100, Neil Williams wrote:

Content-Description: signed data

^^^ Bah!

> Also, I can never seem to get S/MIME emails to verify at the command line=
> only in KMail. Whenever I save the email, the signature becomes bad. I kn=
> the signature is valid (because this is an old email sent before the key =
> revoked and it validated at the time) but can't seem to reproduce that on=
> command line. Do I save the entire email or just the plain text and then=
> validate against the entire file or the detached signature as a discrete=
> file?

pgpdump[.net] output from the message being replied to:

Old: Signature Packet(tag 2)(63 bytes)
        Ver 3 - old
        Hash material(5 bytes):
                Sig type - Signature of a binary document(0x00).
                Creation time - Tue Jul 22 15:54:02 EDT 2003
        Key ID - 0x8801094A28BCB3E3
        Pub alg - DSA Digital Signature Standard(pub 17)
        Hash alg - SHA1(hash 2)
        Hash left 2 bytes - a8 d6=20
        DSA r(160 bits) - ...
        DSA s(160 bits) - ...
                -> hash(160 bits)

So, toss some ^Ms on the end of each line in the signed message and
try again.  Or switch to mutt[.org].

Also try gvv (see "code" on my website) to help verify simple MIME-wrapped
messages.  The latest version, which can also add ^Ms when given -d as an
argument needs to be finalized and uploaded, but here are some diffs that
should work against $Id: gvv,v 1.7 2002/09/09 02:32:04 jason Exp jason $:

diff -r1.9 gvv
> $add_dos_le =3D 0; # DOS line endings, CR+LF v. LF
>         } elsif ($ARGV[0] eq "-d") {
>             $add_dos_le =3D 1;
>             shift @ARGV;
>     s/\012/\015\012/ if ($add_dos_le);
<     $body_start =3D $count if (/^Content-Type: text/i && !$body_start);
>     $body_start =3D $count
>       if ((/^Content-Type: text/i && !$body_start) ||
>           (/^Content-Transfer-Encoding:/i && !$body_start));

> emails. The inline ones always verify OK.

They're over the canonical text, not the binary form with extraneous(?)
^Ms added.

Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it? | web:

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)