checking signature of pgp mime
Ingo Klöcker
kloecker at kde.org
Fri Apr 4 00:28:34 CEST 2014
On Thursday 03 April 2014 15:06:57 Tim Prepscius wrote:
> Greetings,
>
> So as I said before, I'm working on a pgp base web mail app:
> https://github.com/timprepscius/mv
>
> I am having problems validating the signature of a small percentage of
> test cases. However GPG with apple-mail says the signatures
> checkout, soo... I'm obviously doing something incorrectly.
KMail also says that the signature matches.
Looking at the two pastbins, it seems that you are trying to convert
OpenPGP/MIME-signed messages to RFC 4880-style cleartext signed messages
in order to verify the signatures. This transformation is not always
possible. In this particular case the signed data contains trailing
whitespace. If the sender (resp. his mail client) would have followed
the RFC 3156 then this trailing whitespace wouldn't be there. But it's
there. And that's what causing the trouble because the signature of a
cleartext signed message is computed with trailing whitespace removed.
That's why the signature does not match.
You have to verify the signature the way one verifies signed data with
detached signature.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140404/737d29bb/attachment.sig>
More information about the Gnupg-users
mailing list