How to sign an email in PHP?

Grant Olson kgo at grant-olson.net
Wed Feb 24 00:23:42 CET 2010


On 2/23/2010 2:34 PM, Carlos Chavez wrote:
>      I am having trouble figuring out how to send a gpg signed email
> from PHP.  I can generate the message, sign it with a detached signature
> and then include the signature in the message.  The problem is that my
> mail program (Evolution on Linux) always tells me that the signature is
> invalid.
> 
>      Anyone have an example of how to do this in PHP?  I am using the
> GNUpg functions in PHP (http://www.php.net/manual/en/ref.gnupg.php). 
> Exactly when do I sign the message?  Right now I sign the plaintext body
> of the mail before I add any of the headers for the message boundaries,
> then do the skeleton where I insert the body and then the signature.
> 
>      Thank you for the help.
> 
> -- 
> --
> Carlos Chavez
> 
Are you attaching it as a normal attachment?  Does PHP support pgp/mime?

If you even end up accidentally adding a few CRLFs to the body of the
PHP message when you fill in the skeleton, that would invalidate the
signature.

Is there a reason you don't want to clearsign the message?  I think it'd
be easier to do that.  Clearsign and then use the clear signature as
email body.  That's basically how this email is signed.

Then even if you have a few extra linefeeds before or after, the client
will say that the message is partially signed.  It'll have delimiters
built into the text so that any extra stuff won't matter.

I think that'll be a lot easier to debug.  If it's not working you can
view the raw source, save it somewhere, and run gpg commands manually.
On the downside, it'll look uglier to clients that aren't configured for
gpg.



More information about the Gnupg-users mailing list