Sign a multipart/alternative mail
Ingo Klöcker
kloecker at kde.org
Wed Oct 26 22:03:12 CEST 2011
On Wednesday 26 October 2011, Pascal Nitsche wrote:
> Hello folks,
>
> I'm trying to sign a mail of the mime type "multipart/alternative"
> using pgp in PHP.
> The generation of the signature and the correct boundaries works just
> fine, but I can't bring it to generate a valid signature.
>
> I think I'm missing something important here.
>
> First of all I encode the text and html portions of the mail as
> quoted-printable and replace every new line character with <CR><LF>
> as to be found in the RFCs (which seem not to state anything about
> multipart).
>
> Now I generate the signature of the complete mime part and put it
> into its own mime part.
>
> So now the mail looks like this (text, html and signature were
> replaced by placeholders for readablility and not all of the mail
> headers are
>
> shown since only the Content-Type should matter here):
> |Content-Type: multipart/signed; micalg=pgp-sha1;
> |protocol="application/pgp-signature";
> |boundary="=_1b5364229a82b654fad7cf2aa969f02e"
>
> MIME-Version: 1.0
>
> This is a message in Mime Format. If you see this, your mail
> reader does not support this format.
>
> --=_1b5364229a82b654fad7cf2aa969f02e
> Content-Type: multipart/alternative;
> boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
> Content-Transfer-Encoding: 7bit
>
>
> &--=_53ba9ef8c471e6c8d72f215feaad8033
[snip]
> &--=_53ba9ef8c471e6c8d72f215feaad8033--
>
> --=_1b5364229a82b654fad7cf2aa969f02e
> Content-Type: application/pgp-signature; name="signature.asc"
[snip]
>
> The lines starting with the &-sign were used to generate the
> signature.
>
> As stated I think I missed something or did not understand something
> correctly so please light it up for me ;)
>
> Thanks for your help in advance.
If I read your example correctly then you are missing point (5) on page
4 of RFC 3156:
(5) As described in [2], the digital signature MUST be calculated
over both the data to be signed and its set of content headers.
As far as I can see you calculated the signature only over the data but
not over the content headers of the multipart/alternative part. A
correct example (compare to the example message on page 4 f. of the RFC)
would look as follows:
=====
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_1b5364229a82b654fad7cf2aa969f02e"
MIME-Version: 1.0
This is a message in Mime Format. If you see this, your mail reader
does not support this format.
--=_1b5364229a82b654fad7cf2aa969f02e
&Content-Type: multipart/alternative;
& boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
&Content-Transfer-Encoding: 7bit
&
&
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/plain; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
&
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/html; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&HTML CONTENT ENCODED IN QUOTED PRINTABLE
&
&--=_53ba9ef8c471e6c8d72f215feaad8033--
--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
PGP SIGNATURE HERE
-----END PGP SIGNATURE-----
--=_1b5364229a82b654fad7cf2aa969f02e--
=====
You also do not mention whether you remove trailing whitespace. If you
quoted-printable encode trailing spaces as =20 then you do not need to
remove it.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20111026/9a6d1f76/attachment-0001.pgp>
More information about the Gnupg-users
mailing list