What are those attachments you have on your email?

Stephan Beck stebe at mailbox.org
Sat Nov 26 21:17:00 CET 2016


Hi,

David Adamson:
> On Fri, Nov 25, 2016 at 9:33 AM, Stephan Beck <stebe at mailbox.org> wrote:

> Stephan so this is a result of you using a mail client that requires
> the signature file and If I used a similar mail client it could
> automatically verify this email message was signed by the holder of
> Stephan's private key?

If you used a PGP/MIME compliant email client (may it be Claws or
Thunderbird with the Enigmail plugin) you'd see the signature file as an
attachment to the email, and by importing (or retrieving and importing
it, if not yet present in the keyring) the sender's public key using the
appropriate commands of this email client or the respective plugin like
Enigmail, "you" could verify the signature, i.e. verify that the signed
message was effectively signed with the private (signing) key of the
holder of the respective public key. (The corresponding plugin such as
Enigmail verifies the signature automatically when you select the message)
If you used a non PGP/MIME email client (without any plugin of this
kind) or a webmail interface (not capable of handling such messages) you
would not be able to directly process the attachment for verifying purposes.

But you could open the message's header ("View Source" command) copy and
paste the signature including the --- BEGIN/END --- parts (see below)
into a text file, save it with .asc file extension
and verify it by means of gpg (or the dedicated gpgv package).
gpg2 --verify signature.asc signed_message_text.txt.
If it is a public key, you can copy and paste it (including the ---
BEGIN/END --- parts) into a text file, save it with the .asc file
extension and import it directly into your keyring using the
gpg2 --import command



-----BEGIN PGP SIGNATURE---

	[SIGNATURE]

-----END PGP SIGNATURE-----

or (in case of a public key)

-----BEGIN PGP PUBLIC KEY BLOCK-----

[PUBLIC KEY in armored format]

-----END PGP PUBLIC KEY BLOCK-------

> 
> However is it the case as Juan put it that since I'm using another
> type of mail service, in my case gmail web based interface, that this
> signature will not be applicable?

I actually don't know gmail well, so I cannot tell you (but you can)
whether gmail has any type of PGP/MIME handling webmail-based apps.
If not, the PGP/MIME signature attachment cannot be "processed" directly.
But you could save the attachment as .asc file (seemingly you did that),
save the message as a text file and put both (first the signature file)
on gpg's command line (see above) to verify the signature (key will be
retrieved by gpg if it's not yet present.)

Cheers

Stephan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x4218732B.asc
Type: application/pgp-keys
Size: 4089 bytes
Desc: not available
URL: </pipermail/attachments/20161126/77bfedc7/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161126/77bfedc7/attachment.sig>


More information about the Gnupg-users mailing list