Converting ascii armored signature to cleartext
David Shaw
dshaw at jabberwocky.com
Sat Jun 30 13:28:58 CEST 2007
On Sat, Jun 30, 2007 at 02:42:49PM +0530, Hardeep Singh wrote:
> On 6/27/07, David Shaw <dshaw at jabberwocky.com> wrote:
> > On Mon, Jun 25, 2007 at 02:06:55PM +0200, Werner Koch wrote:
> > > On Sun, 24 Jun 2007 12:07, hs2412 at gmail.com said:
> > >
> > > > If someone sends me an ASCII armoured file with some signed text, can
> > > > I convert it into cleartext sign so that I can display it to people
> > > > without GPG also?
> > >
> > > In general not because the canonicalization is different between the
> > > formats. A conversion would break the signature.
> >
> > Interestingly enough, while you can't always go from a signed file to
> > a clearsigned file, you can safely do the opposite of what the
> > original poster asked: converting from cleartext to a signed file
> > (armored or not) is possible.
> >
> > (I'm not sure when someone would want to do this, but...)
> How do we do that?
You grab the signature from the clearsigned file, convert it to binary
form, grab the text from the clearsigned file, package it inside a
plaintext packet, and then just glue the two together. Something like
this:
1. gpg --output text_part clearsigned_file
2. gpg --output sig_part.gpg --dearmor
(now paste in the signature from the clearsigned file)
^D
3. Edit text_part and remove any whitespace at the end of each line,
then remove the LAST (and only the last) message separator (CR, LF,
etc).
4. gpg -z0 --textmode --store text_part
5. cat sig_part.gpg text_part.gpg > my_new_file.gpg
Step 3 is the tricky bit, of course. Using a unix-ish system as an
example, if the text file ends with "\n\n", you still only remove the
last "\n". Step 5 makes a old-style signed file (you could make a
new-style onepass signed file, but you'd need to create the onepass
packet).
It's an interesting side-effect of how the text canonicalization is
done. The clearsigning rules are more strict than the regular
signature rules, so it's possible to switch the packaging like this.
David
More information about the Gnupg-users
mailing list