[imp] PGP bug? - compliance with RFCs 3156 & 1847

Chris Hastie lists at oak-wood.co.uk
Sat Jan 11 16:30:48 PST 2003


On Mon, 6 Jan 2003, Michael M Slusarz <slusarz at bigworm.colorado.edu> 
wrote
>|
>| |4.  OpenPGP encrypted data
>| |
>| |   Before OpenPGP encryption, the data is written in MIME canonical
>| |   format (body and headers).
>|
>| which is not the clearest statement I've ever seen, but could it mean
>| that there should be headers in the encrypted section too, as per the
>| Turnpike message?
>
>Doh! I have had this fix lying around for awhile and never bothered to
>commit it.

I think there may be a superfluous

   $part->setContents($part->toString());

in signAndEncryptMIMEPart() since this change. Inspecting the raw text 
of a signed and encrypted message from IMP, and manually decrypting the 
encrypted section I get a duplicate set of headers and the whole of the 
rest of the message repeated after the final boundary:

|Content-Type: multipart/signed;
|       boundary="=_6c946095c1069d24d1d9f8dca56a58d1";
|       protocol="application/pgp-signature";
|       micalg="pgp-sha1"
|Content-Transfer-Encoding: 7bit
|
|Content-Type: multipart/signed;
|       boundary="=_6c946095c1069d24d1d9f8dca56a58d1";
|       protocol="application/pgp-signature";
|       micalg="pgp-sha1"
|Content-Transfer-Encoding: 7bit
|
|This message is in MIME format and has been PGP signed.
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: text/plain;
|       charset="ISO-8859-1"
|Content-Disposition: inline
|Content-Transfer-Encoding: quoted-printable
|
|This is a test.
|--=20
|Chris Hastie
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: application/pgp-signature
|Content-Description: PGP Digital Signature
|Content-Disposition: inline
|Content-Transfer-Encoding: 7bit
|
|-----BEGIN PGP SIGNATURE-----
|Version: GnuPG v1.2.1 (FreeBSD)
|
|iD8DBQA+IDV0Pp9Go/ojNNMRAhixAJ0fmdshKsCfVmMsWS8C+yajmOHotgCfQcpf
|sNQZpbByrZtGGzgUibltKP8=
|=KXiP
|-----END PGP SIGNATURE-----
|
|--=_6c946095c1069d24d1d9f8dca56a58d1--
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: text/plain;
|       charset="ISO-8859-1"
|Content-Disposition: inline
|Content-Transfer-Encoding: quoted-printable
|
|This is a test.
|--=20
|Chris Hastie
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: application/pgp-signature
|Content-Description: PGP Digital Signature
|Content-Disposition: inline
|Content-Transfer-Encoding: 7bit
|
|-----BEGIN PGP SIGNATURE-----
|Version: GnuPG v1.2.1 (FreeBSD)
|
|iD8DBQA+IDV0Pp9Go/ojNNMRAhixAJ0fmdshKsCfVmMsWS8C+yajmOHotgCfQcpf
|sNQZpbByrZtGGzgUibltKP8=
|=KXiP
|-----END PGP SIGNATURE-----
|
|--=_6c946095c1069d24d1d9f8dca56a58d1--

Commenting out the $part->setContents($part->toString()); line seems to 
sort this out, but I don't know if it will break anything else.
-- 
Chris Hastie


More information about the imp mailing list