GPG Outlook Plug-In and Signatures

Alphax alphasigmax at
Sat Oct 14 05:24:45 CEST 2006

Ryan Malayter wrote:
>> HTML + OpenPGP = FAIL.
>> In English: HTML screws up OpenPGP. You don't want it. There are other
>> reasons why you don't want HTML anyway but I won't go into them here.
> Actually, when I sign an HTML email with GPGOL, and send it to my
> Gmail account, I seem to get this on the receiving end:
> 1) A plain text version of the message, signed in-line.
> 2) An attachment of .HTML type, which contains the original unaltered
> HTML message.
> 3) A second attachment, which is seems to be an ASCII detached
> signature of the first attached HTML file.

You just discovered the second reason why HTML email is evil: it sends
everything TWICE. For people still on 33.6kb/s dialup that is a major

> Does any other OpenPGP client handle this "attachment" result? Or do
> you need to save the attachments and manually verify the detached
> signature? GPGOL itself doesn't seem to read this "exploded" format,
> even though it creates it. GPGOL only verifies the plain text version.

PGP/MIME capable mail clients /may/ handle it, but you'd have to
actually try it to be certain. Such a test should be conducted off-list
in order to avoid flames for an HTML posting.

        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 569 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20061014/31815b3a/signature.pgp

More information about the Gnupg-users mailing list