about how the MUA mutt signs mails

Matthias Apitz guru at unixarea.de
Thu Jun 1 08:48:34 CEST 2017 

Hello,

When I send signed mails to me with the MUA mutt (just for test) the
received mail is verified fine in mutt, i.e. it says in mutt:

    [-- Begin signature information --]
    Good signature from: Matthias Apitz (GnuPG CCID) <guru at unixarea.de>
            created: Wed May 31 21:40:19 2017
    [-- End signature information --]
    
    [-- The following data is signed --]
    
    hello
    
    
    [-- End of signed data --]

but when I save the signature part into a file 'signature.asc' and the
ASCII content of the mail as a file 'data' from the menu in mutt:

q:Exit  s:Save  |:Pipe  p:Print  ?:Help
  I     1 <no description>                                          [text/plain, 7bit, utf-8, 0.1K]
  I     2 signature.asc                                            [applica/pgp-signat, 7bit, 0.8K]

and run:

$ gpg2 --verify signature.asc data
gpg: Signature made Wed May 31 21:40:19 2017 CEST
gpg:                using RSA key 5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11
gpg: BAD signature from "Matthias Apitz (GnuPG CCID) <guru at unixarea.de>" [ultimate]

it says 'BAD signature'.

Why the file 'data' has BAD signature? The file 'data' after saving from
mutt from the above menu just contains:

$ cat data
hello

$ od -c data
0000000    h   e   l   l   o  \n  \n
0000007

I digged into this trussing the mutt-gpg2 process chain and it turned out that
the netto data which verifies mutt is:

$ od -c data.asc
0000000    C   o   n   t   e   n   t   -   T   y   p   e   :       t   e
0000020    x   t   /   p   l   a   i   n   ;       c   h   a   r   s   e
0000040    t   =   u   t   f   -   8  \r  \n   C   o   n   t   e   n   t
0000060    -   D   i   s   p   o   s   i   t   i   o   n   :       i   n
0000100    l   i   n   e  \r  \n  \r  \n   h   e   l   l   o  \r  \n  \r
0000120   \n
0000121

i.e. containes as well some mail header line about the content and charset and esp.
as well \r\n line terminators. If I modify the file to this it is fine:

$ gpg2 --verify signature.asc data.asc
gpg: Signature made Wed May 31 21:40:19 2017 CEST
gpg:                using RSA key 5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11
gpg: Good signature from "Matthias Apitz (GnuPG CCID) <guru at unixarea.de>" [ultimate]

Is this correct how mutt signs such mail bodies?

	matthias

-- 
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170601/cafe18b9/attachment.sig>

More information about the Gnupg-users mailing list