How to sign an email in PHP?

Grant Olson kgo at grant-olson.net
Wed Feb 24 04:29:22 CET 2010


On 2/23/2010 10:06 PM, Carlos Chavez wrote:
> 
>      I am trying to emulate the way Evolution creates the email so the
> message will look fine in clients that do not support GPG directly, that
> is a requirement.  I have tried to create the complete message by
> manually using all the headers I find from my Evolution sent messages.
>  It all seems to work but like I said I always get an error saying that
> the signature does not match.  I guess something in my code is
> introducing a line feed somewhere but I can not see it.  I am also
> trying to do it using the PEAR extension Mail_mime but I am still having
> the same problem.
> 
>      I guess there may also be a missing header but I am still going
> through the documentarion for the pear class which is not very clear.
>  Doing the clearsign works but most customers receiving messages from
> this system will not have GPG installed or use a compatible client.  I
> will also need to add attachments for documents which are not a problem
> by themselves but then I will have to make sure they also get signed.
>  

The kicker is that pgp/mime messages will look weird in Outlook Express
or Windows Live Mail.

According to the RFC ( http://www.ietf.org/rfc/rfc2015.txt ), most of
the headers exist outside of the message, so if you're putting them in
the message body before signing that isn't right.  The only headers that
should exist in the message body are Content-Type and
Content-Transfer-Encoding.

And you'll need to have all the line wraps and line feeds figured out
before signing.  If you've got lines longer than the 80 characters or so
permitted, you'd need to fix that before signing.

There's a pretty good example on the rfc page.  I'd try to see if you
can print or save the entire message as a text file from php before
sending.  See how it compares to the example from the rfc instead or
trying to reverse engineer what you have in evolution.

 Example message:

     From: Michael Elkins <elkins at aero.org>
     To: Michael Elkins <elkins at aero.org>
     Mime-Version: 1.0
     Content-Type: multipart/signed; boundary=bar; micalg=pgp-md5;
     protocol="application/pgp-signature"

     --bar
     & Content-Type: text/plain; charset=iso-8859-1
     & Content-Transfer-Encoding: quoted-printable
     &
     & =A1Hola!
     &
     & Did you know that talking to yourself is a sign of senility?
     &
     & It's generally a good idea to encode lines that begin with
     & From=20because some mail transport agents will insert a greater-
     & than (>) sign, thus invalidating the signature.
     &
     & Also, in some cases it might be desirable to encode any   =20
     &railing whitespace that occurs on lines in order to ensure  =20
     & that the message signature is not invalidated when passing =20
     & a gateway that modifies such whitespace (like BITNET). =20
     &
     & me

     --bar
     Content-Type: application/pgp-signature

    -----BEGIN PGP MESSAGE-----
   Version: 2.6.2

   iQCVAwUBMJrRF2N9oWBghPDJAQE9UQQAtl7LuRVndBjrk4EqYBIb3h5QXIX/LC//
   jJV5bNvkZIGPIcEmI5iFd9boEgvpirHtIREEqLQRkYNoBActFBZmh9GC3C041WGq
   uMbrbxc+nIs1TIKlA08rVi9ig/2Yh7LFrK5Ein57U/W72vgSxLhe/zhdfolT9Brn
   HOxEa44b+EI=
   =ndaj
   -----END PGP MESSAGE-----

   --bar--



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100223/85e98d0c/attachment.pgp>


More information about the Gnupg-users mailing list