How to detect inline PGP in mails! Best practice?
sk at intertivity.com
Sat Jun 18 14:03:33 CEST 2005
I use a similar approaches...
I just finished (more less) the part yesterday where the body is text/html
only and does not have
an alternative text/plain.
What i figuered that you can pipe any content (encrypted or/and signed) to
using the option --decrypt and it will verify and/or decrypt the data => you
have to differentiate between encrypted or signed data, just interpret the
> -----Original Message-----
> From: gnupg-users-bounces at gnupg.org
> [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Patrick Brunschwig
> Sent: Freitag, 17. Juni 2005 19:45
> To: gnupg-users at gnupg.org
> Subject: Re: How to detect inline PGP in mails! Best practice?
> Sascha Kiefer wrote:
> > Hi list,
> > i'm writing on a programm which verifies and decrypts
> messages as they
> > arrive. It it is fully S/MIME (using M$ Crypto API) and PGP/MIME
> > (GnuPG) compatible.
> > The hardest problem i face is to detect inline PGP parts
> and handling
> > them correctly:
> > * if the charset != us-ascii inside textmails is not always
> bad since
> > most MTA's keep the original charset; so handling the data
> as binary
> > is often the best choice!?!
> > * what about detached signatures of attachments?
> > * sending a PGP/MIME to this mailing list makes it even worse
> > (see Topic: "GnuPG Clearsign vs. PGP/MIME Signing" for
> more details)
> > * ...
> > Do you have some hints?
> From experience, I can tell you that it's not always quite
> easy. I can tell you what I do in Enigmail. For attachments,
> I'm looking at the content-type (application/pgp-*) and for
> the file name extension. If the filename extension is *.asc,
> *.pgp or *.gpg I try to decrypt the file. I have so far not
> tried to verify signatures of attachments; I plan to
> implement this in one of the next releases. Once I'll try to
> verify signatures of attachments, I'll first look for a
> similar file name (e.g. without .asc); if not found I'll try
> to get the original file name from the signature. I don't
> assume binary or ascii armored files, I simply pipe the whole
> file to gpg.
> For the mail body, I'm looking for ---- BEGIN PGP (.*)
> and if found for ---- END PGP (.*)
> If both are found, I decrypt or verify according to (.*), or
> let the user know that a key is available. There are a few
> pitfalls, like message decoding (base64, quoted-printable).
> Furthermore, the character set of an encrypted mail body is
> often set to US-ASCII, even if the content is e.g. UTF-8
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users