Clearsign of HTML-pages
rj-lists at rjmarq.org
Thu Oct 9 20:44:06 CEST 2003
On Thu, 9 Oct 2003, Ben Finney wrote:
> HTML documents are atomic; the whole thing is a single entity. A
> separate signature can be made, as a separate file, but not embedded
> into the document itself.
Not true. I wrote a script years ago that does just that. It's available
at http://rjmarq.org/pgp/pgpsign.zip, but note that it's written for
Windows, relies on pgp 2.6, and doesn't really work that well. I don't
believe the source is included in that package because...well, it was
The algorithm is very simple:
1. Start with the HTML file you want to sign.
2. Add "-->" at the start of the file.
3. Add "<!--" at the end of the file.
4. Clear sign the file.
5. Add "<!--" at the start of the new file.
6. Add "-->" at the end of the file.
And then the page can be checked by viewing and verifying the source.
The solution in Linux and other Unix-style OS's is trivial using a shell
script. I did it in about five minutes one time.
For Windows, I'd actually written a Pascal program to do it (because I
didn't have a C compiler), but it's not difficult to do. You can set it
up as an action on the right-click menu to have it happen automatically.
What I ran into was this: when I stopped doing it on the PGP Interactions
page, no one said a word. So, if no one is bothering to verify them, why
should I worry about it?
RJ <G> :)
RJ Marquette RSA:448B035F DSS:CB45C555
More information about the Gnupg-users