validate inline signatures in mail by hand/application

Jason Harris jharris at widomaker.com
Mon Nov 1 22:10:36 CET 2004


On Mon, Nov 01, 2004 at 01:53:49AM +0100, Laszlo 'GCS' Boszormenyi wrote:

>  I would like to develop an application which can receive mails, check
> if the signature on them is correct (fetch the key if necessary).
> My problem is that I get mails with inline signatures but without the
> -----BEGIN PGP SIGNED MESSAGE-----
> heading, I have only the -----BEGIN PGP SIGNATURE----- / -----END PGP
> SIGNATURE----- block. Mutt verifies these mails without any problem. But
> I can not find out how to do it from my application even when I tried to
> restructure the message (remove mailer lines from the top, add the PGP
> header and hash). Now it is recognised by GnuPG, but the signature said
> to be bad. :( Is there any library out there to help me out? GPGME looks
> promising, but I still have to check if that can check such mails and/or
> how can I reconstruct such mails?

See ./code/gvv and gvv.asc on my website (URL below).  It works for
many cases of single-part mails without other attachments.  Kyle
(0x2A94C484) sent me a patch months ago to handle multipart messages,
IIRC, but I haven't done anything with it yet.  Use "gvv -k" to keep the
message parts, and compare them with mutt's version when they disagree
on the signature status.  I use FreeBSD's chflags(1) in a script I
temporarily rename to gpg to keep mutt from unlink()ing its temporary
files.  "cd /tmp" and "chflags uchg $*" is all the "gpg" script does.

Beyond that, ask:  "What would mutt do?"  :)

-- 
Jason Harris           |  NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web:  http://keyserver.kjsl.com/~jharris/
          Got photons?   (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20041101/63eea785/attachment.bin


More information about the Gnupg-users mailing list