signing header required?
Adrian 'Dagurashibanipal' von Bidder
Sun Mar 16 00:28:02 2003
On Sat, 2003-03-15 at 22:51, Nicholas Bludworth wrote:
> I looked through the FAQ and a few of the archives, but haven't seen=20
> anything about this. Forgive me if it's a common question. When signing=20
> a message, is the header at the beginning of the message required? If=20
> you aren't sure what I am referring to, here it is:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I understand that the signature at the bottom is required, but I don't=20
> understand why the header is needed. On the off chance that it is not=20
> required, is there a built-in option to turn it off?
There's two ways in use to sign email. The first is by using 'inline
signatures', as produced by calling 'gpg --clearsign'. There, the output
of gpg is pasted into the mail body, and the header you asked abuot is
necessary for gpg to tell where the signed data starts.
Then there's PGP/MIME (rfc3156 or the older one, rfc2015) - this mail is
an example. No header of this kind is required because the signature is
a so-called 'detached' signature, and the MIME standard is used to
exactly define which part of the mail is to be signed.
I hope this helps you - if I was too technical, I'm sure others on the
list care to elaborate.
"It's a summons."
"What's a summons?"
"It means summon's in trouble."
-- Rocky and Bullwinkle
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d