signing header required?

Adrian 'Dagurashibanipal' von Bidder
Sun Mar 16 00:28:02 2003

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sat, 2003-03-15 at 22:51, Nicholas Bludworth wrote:
> I looked through the FAQ and a few of the archives, but haven't seen=20
> anything about this. Forgive me if it's a common question. When signing=20
> a message, is the header at the beginning of the message required? If=20
> you aren't sure what I am referring to, here it is:
> Hash: SHA1
> I understand that the signature at the bottom is required, but I don't=20
> understand why the header is needed. On the off chance that it is not=20
> required, is there a built-in option to turn it off?


There's two ways in use to sign email. The first is by using 'inline
signatures', as produced by calling 'gpg --clearsign'. There, the output
of gpg is pasted into the mail body, and the header you asked abuot is
necessary for gpg to tell where the signed data starts.

Then there's PGP/MIME (rfc3156 or the older one, rfc2015) - this mail is
an example. No header of this kind is required because the signature is
a so-called 'detached' signature, and the MIME standard is used to
exactly define which part of the mail is to be signed.

I hope this helps you - if I was too technical, I'm sure others on the
list care to elaborate.

-- vbi

	"It's a summons."
	"What's a summons?"
	"It means summon's in trouble."
		-- Rocky and Bullwinkle

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from

Signature policy: