How to detect inline PGP in mails! Best practice?

Kiefer, Sascha sk at intertivity.com
Sat Jun 18 14:03:33 CEST 2005 

Thanks.
I use a similar approaches...
I just finished (more less) the part yesterday where the body is text/html
only and does not have
an alternative text/plain.
What i figuered that you can pipe any content (encrypted or/and signed) to
gnupg
using the option --decrypt and it will verify and/or decrypt the data => you
do not
have to differentiate between encrypted or signed data, just interpret the
status-output


> -----Original Message-----
> From: gnupg-users-bounces at gnupg.org 
> [mailto:gnupg-users-bounces at gnupg.org] On Behalf Of Patrick Brunschwig
> Sent: Freitag, 17. Juni 2005 19:45
> To: gnupg-users at gnupg.org
> Subject: Re: How to detect inline PGP in mails! Best practice?
> 
> 
> Sascha Kiefer wrote:
> > Hi list,
> > 
> > i'm writing on a programm which verifies and decrypts 
> messages as they 
> > arrive. It it is fully S/MIME (using M$ Crypto API) and PGP/MIME 
> > (GnuPG) compatible.
> > The hardest problem i face is to detect inline PGP parts 
> and handling
> > them correctly:
> > 
> > * if the charset != us-ascii inside textmails is not always 
> bad since 
> > most MTA's keep the  original charset; so handling the data 
> as binary 
> > is often the best choice!?!
> > * what about detached signatures of attachments?
> > * sending a PGP/MIME to this mailing list makes it even worse
> >  (see Topic: "GnuPG Clearsign vs. PGP/MIME Signing" for 
> more details)
> > * ...
> > 
> > Do you have some hints?
> 
> From experience, I can tell you that it's not always quite 
> easy. I  can tell you what I do in Enigmail. For attachments, 
> I'm looking at the content-type (application/pgp-*) and for 
> the file name extension. If the filename extension is *.asc, 
> *.pgp or *.gpg I try to decrypt the file. I have so far not 
> tried to verify signatures of attachments; I plan to 
> implement this in one of the next releases. Once I'll try to 
> verify signatures of attachments, I'll first look for a 
> similar file name (e.g. without .asc); if not found I'll try 
> to get the original file name from the signature. I don't 
> assume binary or ascii armored files, I simply pipe the whole 
> file to gpg.
> 
> For the mail body, I'm looking for ---- BEGIN PGP (.*)
> and if found for ---- END PGP (.*)
> If both are found, I decrypt or verify according to (.*), or 
> let the user know that a key is available. There are a few 
> pitfalls, like message decoding (base64, quoted-printable). 
> Furthermore, the character set of an encrypted mail body is 
> often set to US-ASCII, even if the content is e.g. UTF-8
> 
> HTH
> -Patrick
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

More information about the Gnupg-users mailing list