GnuPG 1.2.1 <-> PGP 8.0 multipart encoding trouble

Todd Todd <Freedom_Lover@pobox.com>
Mon Mar 3 19:57:02 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

M wrote:
> Hi folks,

Hi.

> I'm new to this list - so maybe my question is an old one.

It is. :)

You might want to search the web for pgp/mime and inline pgp to find more
info.  I think there are some handy links in the GnuPG FAQ.

> I've got problems receiving signed messages from PGP (8.0) users.
> Their signed messages contain
> 
> -----BEGIN PGP SIGNED MESSAGE-----
>     ...
> -----BEGIN PGP SIGNATURE-----
>     ...
> -----END PGP SIGNATURE-----
> 
> to separate message body and signature while gnupg seems to use
> mime/multipart parts for that purpose. Ximian Evolution + GnuPG  cannot
> handle that.incoming PGP stuff properly.

This isn't really an issue of pgp vs gnupg.  It's one of MUA vs MUA, or more
specifically, PGP/MIME vs Inline PGP.  Evolution uses PGP/MIME, which uses a
mime type of multipart/signed for pgp signed messages.  Inline PGP simply
uses the OpenPGP ascii armored format for messages.  That's what you're
seeing.

Inline is more widely supported than PGP/MIME.  PGP/MIME has several
advantages over inline pgp (you can signed messages with attachments, use
character sets with high bits, etc).  Of course, if the people you
communicate with can't open the message, these advantages are useless.

I don't use Evolution (or Red Hat 8.0) but I did do some testing with Evo
for a LUG presentation I gave a few months ago.  I found that Evo would
decrypt and verify inline pgp messages.  It won't create them, but it should
read them.  It's going the other way that's problematic, sending a message
from Evo to say an Outlook user with PGP 8.

> How can I fix this and get PGP messages be processed right or which
> combination GnuPG + mailclient should I preferably use (on a Linux Redhat
> 8.0 box).

I use mutt.  It can handle both PGP/MIME and inline pgp for sending and
receiving.  Plus, it sucks less.

If you want a GUI MUA, you might want to take a look at KMail.  The most
recent version (with KDE 3.1) is also supposed to handle both PGP/MIME and
inline pgp.  I haven't downloaded it yet, but I know from past versions that
it's a capable MUA.

I think there are some developers on the list from both Evo and KMail, so
perhaps they can provide more details if you need them.

- -- 
Todd              OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
============================================================================
If you think you know what the HELL is going on,
YOU'RE PROBABLY FULL OF SHIT.
    -- card on Robert Anton Wilsons desk

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQE+Y6Wduv+09NZUB1oRAjLXAJwIwIaqy3qyeV00mMvi3A0Ldhh5dwCdF+ne
I/fjAaz1yV5UYsEr3NMh3cM=
=L6tT
-----END PGP SIGNATURE-----