Sign a multipart/alternative mail
kloecker at kde.org
Wed Oct 26 22:03:12 CEST 2011
On Wednesday 26 October 2011, Pascal Nitsche wrote:
> Hello folks,
> I'm trying to sign a mail of the mime type "multipart/alternative"
> using pgp in PHP.
> The generation of the signature and the correct boundaries works just
> fine, but I can't bring it to generate a valid signature.
> I think I'm missing something important here.
> First of all I encode the text and html portions of the mail as
> quoted-printable and replace every new line character with <CR><LF>
> as to be found in the RFCs (which seem not to state anything about
> Now I generate the signature of the complete mime part and put it
> into its own mime part.
> So now the mail looks like this (text, html and signature were
> replaced by placeholders for readablility and not all of the mail
> headers are
> shown since only the Content-Type should matter here):
> |Content-Type: multipart/signed; micalg=pgp-sha1;
> MIME-Version: 1.0
> This is a message in Mime Format. If you see this, your mail
> reader does not support this format.
> Content-Type: multipart/alternative;
> Content-Transfer-Encoding: 7bit
> Content-Type: application/pgp-signature; name="signature.asc"
> The lines starting with the &-sign were used to generate the
> As stated I think I missed something or did not understand something
> correctly so please light it up for me ;)
> Thanks for your help in advance.
If I read your example correctly then you are missing point (5) on page
4 of RFC 3156:
(5) As described in , the digital signature MUST be calculated
over both the data to be signed and its set of content headers.
As far as I can see you calculated the signature only over the data but
not over the content headers of the multipart/alternative part. A
correct example (compare to the example message on page 4 f. of the RFC)
would look as follows:
Content-Type: multipart/signed; micalg=pgp-sha1;
This is a message in Mime Format. If you see this, your mail reader
does not support this format.
&Content-Type: text/plain; charset=UTF-8
&PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
&Content-Type: text/html; charset=UTF-8
&HTML CONTENT ENCODED IN QUOTED PRINTABLE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
PGP SIGNATURE HERE
-----END PGP SIGNATURE-----
You also do not mention whether you remove trailing whitespace. If you
quoted-printable encode trailing spaces as =20 then you do not need to
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users