MIME or inline signature ?
Damien Goutte-Gattat
dgouttegattat at incenp.org
Mon Feb 16 00:01:04 CET 2015
> > What's wrong with what I am doing?
You provide GnuPG with only the *signature*. You need to also give it
the *signed data* (the message) so that it can perform the verification.
If you want to do that manually (something you don’t usually do with
PGP/MIME signatures, since it’s quite cumbersome): In addition to what
you have already done (saving the signature itself in “signature.asc”),
you must also extract the MIME part that was signed.
In the message source, look for a line like the following:
Content-Type: multipart/signed; boundary="XXXXXX"
and note the “XXXXXX” boundary string. The signed data will start after
the first line starting with “--XXXXXX” and will end with a blank line
followed by another line starting with “--XXXXXX”. That’s what you need
to extract and save to a file (say, “message.txt”).
Do not include the boundary lines themselves, nor the last blank line
before the closing boundary line. For example:
--XXXXXX
Everything from this line
...
up to this one is the signed message to verify.
--XXXXXX
Then you can ask GnuPG to verify the message:
gpg --verify signature.asc message.txt
(You understand now why nobody does that manually, and leaves that to
Enigmail or any other PGP/MIME-enabled mail client.)
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150216/54b715ca/attachment.sig>
More information about the Gnupg-users
mailing list