Sign a multipart/alternative mail

Pascal Nitsche pascal.nitsche at fansubcode.org
Wed Oct 26 11:18:35 CEST 2011 

Hello folks,

I'm trying to sign a mail of the mime type "multipart/alternative" using
pgp in PHP.
The generation of the signature and the correct boundaries works just
fine, but I can't bring it to generate a valid signature.

I think I'm missing something important here.

First of all I encode the text and html portions of the mail as
quoted-printable and replace every new line character with <CR><LF> as
to be found in the RFCs (which seem not to state anything about multipart).

Now I generate the signature of the complete mime part and put it into
its own mime part.

So now the mail looks like this (text, html and signature were replaced
by placeholders for readablility and not all of the mail headers are
shown since only the Content-Type should matter here):

    |Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_1b5364229a82b654fad7cf2aa969f02e"
    MIME-Version: 1.0

    This is a message in Mime Format.  If you see this, your mail reader does not support this format.

    --=_1b5364229a82b654fad7cf2aa969f02e
    Content-Type: multipart/alternative;
      boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
    Content-Transfer-Encoding: 7bit


    &--=_53ba9ef8c471e6c8d72f215feaad8033
    &Content-Type: text/plain; charset=UTF-8
    &Content-Transfer-Encoding: quoted-printable
    &
    &PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
    & 
    &--=_53ba9ef8c471e6c8d72f215feaad8033
    &Content-Type: text/html; charset=UTF-8
    &Content-Transfer-Encoding: quoted-printable
    & 
    &HTML CONTENT ENCODED IN QUOTED PRINTABLE
    &
    &--=_53ba9ef8c471e6c8d72f215feaad8033--

    --=_1b5364229a82b654fad7cf2aa969f02e
    Content-Type: application/pgp-signature; name="signature.asc"
    Content-Disposition: attachment; filename="signature.asc"
    Content-Description: OpenPGP digital signature

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.11 (GNU/Linux)

    PGP SIGNATURE HERE
    -----END PGP SIGNATURE-----

    --=_1b5364229a82b654fad7cf2aa969f02e--

    |

The lines starting with the &-sign were used to generate the signature.

As stated I think I missed something or did not understand something
correctly so please light it up for me ;)

Thanks for your help in advance.

||
||

||
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20111026/fc34e005/attachment.htm>

More information about the Gnupg-users mailing list