signing header required?

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Sun Mar 16 00:28:02 2003 

--=-yqE0loWfXp+IeMn83OO9
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sat, 2003-03-15 at 22:51, Nicholas Bludworth wrote:
> I looked through the FAQ and a few of the archives, but haven't seen=20
> anything about this. Forgive me if it's a common question. When signing=20
> a message, is the header at the beginning of the message required? If=20
> you aren't sure what I am referring to, here it is:
>=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> I understand that the signature at the bottom is required, but I don't=20
> understand why the header is needed. On the off chance that it is not=20
> required, is there a built-in option to turn it off?

Hi!

There's two ways in use to sign email. The first is by using 'inline
signatures', as produced by calling 'gpg --clearsign'. There, the output
of gpg is pasted into the mail body, and the header you asked abuot is
necessary for gpg to tell where the signed data starts.

Then there's PGP/MIME (rfc3156 or the older one, rfc2015) - this mail is
an example. No header of this kind is required because the signature is
a so-called 'detached' signature, and the MIME standard is used to
exactly define which part of the mail is to be signed.

I hope this helps you - if I was too technical, I'm sure others on the
list care to elaborate.

cheers
-- vbi

--=20
	"It's a summons."
	"What's a summons?"
	"It means summon's in trouble."
		-- Rocky and Bullwinkle

--=-yqE0loWfXp+IeMn83OO9
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481

iKcEABECAGcFAj5ztxZgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fWIrYAoOdbXHdX+ta0OdxOupdkhVs1
c9YCAKCjEpmENP7RqLI7lAtLW0BKeYaX8Q==
=ck8n
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d

--=-yqE0loWfXp+IeMn83OO9--