How to sign an email in PHP?

Carlos Chavez carlos.chavez.p at gmail.com
Wed Feb 24 04:06:51 CET 2010


On Tue, Feb 23, 2010 at 5:23 PM, Grant Olson <kgo at grant-olson.net> wrote:

> On 2/23/2010 2:34 PM, Carlos Chavez wrote:
> >      I am having trouble figuring out how to send a gpg signed email
> > from PHP.  I can generate the message, sign it with a detached signature
> > and then include the signature in the message.  The problem is that my
> > mail program (Evolution on Linux) always tells me that the signature is
> > invalid.
> >
> >      Anyone have an example of how to do this in PHP?  I am using the
> > GNUpg functions in PHP (http://www.php.net/manual/en/ref.gnupg.php).
> > Exactly when do I sign the message?  Right now I sign the plaintext body
> > of the mail before I add any of the headers for the message boundaries,
> > then do the skeleton where I insert the body and then the signature.
> >
> >      Thank you for the help.
> >
> > --
> > --
> > Carlos Chavez
> >
> Are you attaching it as a normal attachment?  Does PHP support pgp/mime?
>
> If you even end up accidentally adding a few CRLFs to the body of the
> PHP message when you fill in the skeleton, that would invalidate the
> signature.
>
> Is there a reason you don't want to clearsign the message?  I think it'd
> be easier to do that.  Clearsign and then use the clear signature as
> email body.  That's basically how this email is signed.
>
> Then even if you have a few extra linefeeds before or after, the client
> will say that the message is partially signed.  It'll have delimiters
> built into the text so that any extra stuff won't matter.
>
> I think that'll be a lot easier to debug.  If it's not working you can
> view the raw source, save it somewhere, and run gpg commands manually.
> On the downside, it'll look uglier to clients that aren't configured for
> gpg.
>
>      I am trying to emulate the way Evolution creates the email so the
message will look fine in clients that do not support GPG directly, that is
a requirement.  I have tried to create the complete message by manually
using all the headers I find from my Evolution sent messages.  It all seems
to work but like I said I always get an error saying that the signature does
not match.  I guess something in my code is introducing a line feed
somewhere but I can not see it.  I am also trying to do it using the PEAR
extension Mail_mime but I am still having the same problem.

     I guess there may also be a missing header but I am still going through
the documentarion for the pear class which is not very clear.  Doing the
clearsign works but most customers receiving messages from this system will
not have GPG installed or use a compatible client.  I will also need to add
attachments for documents which are not a problem by themselves but then I
will have to make sure they also get signed.

-- 
--
Carlos Chavez
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100223/c59e6d7e/attachment.htm>


More information about the Gnupg-users mailing list