about how the MUA mutt signs mails
Darac Marjal
mailinglist at darac.org.uk
Thu Jun 1 11:00:12 CEST 2017
On Thu, Jun 01, 2017 at 08:48:34AM +0200, Matthias Apitz wrote:
>
>Hello,
>
>When I send signed mails to me with the MUA mutt (just for test) the
>received mail is verified fine in mutt, i.e. it says in mutt:
>
> [-- Begin signature information --]
> Good signature from: Matthias Apitz (GnuPG CCID) <guru at unixarea.de>
> created: Wed May 31 21:40:19 2017
> [-- End signature information --]
>
> [-- The following data is signed --]
>
> hello
>
>
> [-- End of signed data --]
>
>but when I save the signature part into a file 'signature.asc' and the
>ASCII content of the mail as a file 'data' from the menu in mutt:
>
>q:Exit s:Save |:Pipe p:Print ?:Help
> I 1 <no description> [text/plain, 7bit, utf-8, 0.1K]
> I 2 signature.asc [applica/pgp-signat, 7bit, 0.8K]
>
>and run:
>
>$ gpg2 --verify signature.asc data
>gpg: Signature made Wed May 31 21:40:19 2017 CEST
>gpg: using RSA key 5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11
>gpg: BAD signature from "Matthias Apitz (GnuPG CCID) <guru at unixarea.de>" [ultimate]
>
>it says 'BAD signature'.
>
>Why the file 'data' has BAD signature? The file 'data' after saving from
>mutt from the above menu just contains:
>
>$ cat data
>hello
>
>$ od -c data
>0000000 h e l l o \n \n
>0000007
>
>I digged into this trussing the mutt-gpg2 process chain and it turned out that
>the netto data which verifies mutt is:
>
>$ od -c data.asc
>0000000 C o n t e n t - T y p e : t e
>0000020 x t / p l a i n ; c h a r s e
>0000040 t = u t f - 8 \r \n C o n t e n t
>0000060 - D i s p o s i t i o n : i n
>0000100 l i n e \r \n \r \n h e l l o \r \n \r
>0000120 \n
>0000121
>
>i.e. containes as well some mail header line about the content and charset and esp.
>as well \r\n line terminators. If I modify the file to this it is fine:
>
>$ gpg2 --verify signature.asc data.asc
>gpg: Signature made Wed May 31 21:40:19 2017 CEST
>gpg: using RSA key 5E69FBAC1618562CB3CBFBC147CCF7E476FE9D11
>gpg: Good signature from "Matthias Apitz (GnuPG CCID) <guru at unixarea.de>" [ultimate]
>
>Is this correct how mutt signs such mail bodies?
This is "PGP-MIME" format, as refined in
<https://tools.ietf.org/html/rfc3156>. Section 5 of that clearly states:
The multipart/signed body MUST consist of exactly two parts. The
first part contains the signed data in MIME canonical format,
including a set of appropriate content headers describing the data.
The second body MUST contain the OpenPGP digital signature. It MUST
be labeled with a content type of "application/pgp-signature".
So, the MUA must convert the message body to MIME format (with the right
line endings, with any Base64 or Quoted Printable encoding applied) and
add the Content-Type header BEFORE signing the message. Similarly, the
MUA must verify the signature BEFORE parsing the body's header for how
to decode the message for display/saving.
To re-iterate, when you save the message body, mutt strips the header
and decodes the file (imagine if this was a binary attachment in Base64
encoding; you DO want mutt to reconstruct it back into binary form).
>
> matthias
>
>--
>Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/ ☎ +49-176-38902045
>Public GnuPG key: http://www.unixarea.de/key.pub
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
--
For more information, please reread.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: not available
URL: </pipermail/attachments/20170601/92ce77ba/attachment.sig>
More information about the Gnupg-users
mailing list