How to handle multipart messages (RFC 2440) and verify them with GnuPG?

Werner Koch wk at gnupg.org
Mon Jan 17 18:22:43 CET 2005 

On Mon, 17 Jan 2005 16:58:22 +0100, "Thomas Zangl said:

> I would really appriciate any help :) I already spent 2 days with this
> :-/ (RFC 1847, 2015, 2440 and 3156 do not have such an example..)

2015 and 3156 do have such an example.  Your code only contains
another MIME container as signed part but that does'nt change anything
for your parser.  Recall that you need to keep track of the different
boundaries; either by ignoring inner ones or by stacking them up.


    --===============1665861114==
Signed material begin with the next line
    Content-Type: multipart/signed; protocol="application/pgp-sig
    	micalg="pgp-sha1";
    	boundary="Signature=_Wed__21_Apr_2004_14_50_01_+0200_9MNZ
    
    --Signature=_Wed__21_Apr_2004_14_50_01_+0200_9MNZCzKQbjy2uvTB
    Content-Type: multipart/mixed;
    	boundary="Multipart=_Wed__21_Apr_2004_14_50_01_+0200_3HRe
    
    
    --Multipart=_Wed__21_Apr_2004_14_50_01_+0200_3HRerX7GyNmeh+LG
    Content-Type: text/plain; charset=US-ASCII
    Content-Disposition: inline
    Content-Transfer-Encoding: 7bit
    
    Hi!
    
    The attached patch fixes a bug when playing ogm files with su
[...]
    
    --Multipart=_Wed__21_Apr_2004_14_50_01_+0200_3HRerX7GyNmeh+LG
    Content-Type: application/octet-stream;
     name="demux_ogg.c.patch"
    Content-Disposition: attachment;
     filename="demux_ogg.c.patch"
    Content-Transfer-Encoding: base64
    
    SW5kZXg6IGxpYm1wZGVtdXgvZGVtdXhfb2dnLmMKPT09PT09PT09PT09PT09P09
[...]
    
    --Multipart=_Wed__21_Apr_2004_14_50_01_+0200_3HRerX7GyNmeh+LG--
    
Signed material ends with the previous line or to be exact just before the
final line feed of that line.  In other words: the linefeed before the
next boundary belongs to the boundary an is not part of the signed material.
    --Signature=_Wed__21_Apr_2004_14_50_01_+0200_9MNZCzKQbjy2uvTB
You may throw the follwiong part in its entire into gpg.
    Content-Type: application/pgp-signature    

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    
    iD8DBQFAhm3+t65wZuOiwM0RAvGSAJ9hYixM+1Dr0h2+zcMi5rTMCBrdKgCg1dyg
    chI/5Uiw82YnoHhXnhcil6E=
    =wpqs
    -----END PGP SIGNATURE-----
    
    --Signature=_Wed__21_Apr_2004_14_50_01_+0200_9MNZCzKQbjy2uvTB--
    

gnupg 1.9 has an uncompleted tools/gpgparsemail.c which shows how to
parse MIME encrypted or signed messages. 


Hth,

  Werner

More information about the Gnupg-users mailing list