validate inline signatures in mail by hand/application
Jason Harris
jharris at widomaker.com
Mon Nov 1 22:10:36 CET 2004
On Mon, Nov 01, 2004 at 01:53:49AM +0100, Laszlo 'GCS' Boszormenyi wrote:
> I would like to develop an application which can receive mails, check
> if the signature on them is correct (fetch the key if necessary).
> My problem is that I get mails with inline signatures but without the
> -----BEGIN PGP SIGNED MESSAGE-----
> heading, I have only the -----BEGIN PGP SIGNATURE----- / -----END PGP
> SIGNATURE----- block. Mutt verifies these mails without any problem. But
> I can not find out how to do it from my application even when I tried to
> restructure the message (remove mailer lines from the top, add the PGP
> header and hash). Now it is recognised by GnuPG, but the signature said
> to be bad. :( Is there any library out there to help me out? GPGME looks
> promising, but I still have to check if that can check such mails and/or
> how can I reconstruct such mails?
See ./code/gvv and gvv.asc on my website (URL below). It works for
many cases of single-part mails without other attachments. Kyle
(0x2A94C484) sent me a patch months ago to handle multipart messages,
IIRC, but I haven't done anything with it yet. Use "gvv -k" to keep the
message parts, and compare them with mutt's version when they disagree
on the signature status. I use FreeBSD's chflags(1) in a script I
temporarily rename to gpg to keep mutt from unlink()ing its temporary
files. "cd /tmp" and "chflags uchg $*" is all the "gpg" script does.
Beyond that, ask: "What would mutt do?" :)
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041101/63eea785/attachment.bin
More information about the Gnupg-users
mailing list