Tue May 31 14:33:46 CEST 2005
tell you what I do in Enigmail.
For attachments, I'm looking at the content-type (application/pgp-*) and
for the file name extension. If the filename extension is *.asc, *.pgp
or *.gpg I try to decrypt the file. I have so far not tried to verify
signatures of attachments; I plan to implement this in one of the next
Once I'll try to verify signatures of attachments, I'll first look for a
similar file name (e.g. without .asc); if not found I'll try to get the
original file name from the signature.
I don't assume binary or ascii armored files, I simply pipe the whole
file to gpg.
For the mail body, I'm looking for ---- BEGIN PGP (.*)
and if found for ---- END PGP (.*)
If both are found, I decrypt or verify according to (.*), or let the
user know that a key is available.
There are a few pitfalls, like message decoding (base64,
quoted-printable). Furthermore, the character set of an encrypted mail
body is often set to US-ASCII, even if the content is e.g. UTF-8
More information about the Gnupg-users