smtp and gpg-signature?

Konrad Podloucky konrad at crunchy-frog.org
Wed Jan 21 10:58:56 CET 2004


On Wed, 2004-01-21 at 00:37, Lars Wenderoth wrote:
[...]
> The above example shows a part of the mail source as received at the 
> recipient. The signature was generated using the part  "bla bla bla" as 
> clear text entry... I also tried using the header part plus the text or 
> even the boundary with the headers and the text to generate the 
> signature.. But to no avail...
> 
> What I would like to know is: Which part of the mail code has to be 
> signed? Or does anybody see any other problems?
> 
RFC 3156 is exactly what you're looking for. The last time I had a look
at it was quite some time ago, so don't rely on anything I say here.
IIRC you have to convert your newlines to CRLFs, remove trailing
whitespace (unless you encode it) and calculate the signature over the
data and its content headers (which in your case means anything between
the MIME boundaries). 
There are a few gotchas so you should really have a look at the RFC.

hth,
	KP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 525 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20040121/9442b257/attachment.bin


More information about the Gnupg-users mailing list