[imp] PGP bug? - compliance with RFCs 3156 & 1847
Chris Hastie
lists at oak-wood.co.uk
Sat Jan 11 16:30:48 PST 2003
On Mon, 6 Jan 2003, Michael M Slusarz <slusarz at bigworm.colorado.edu>
wrote
>|
>| |4. OpenPGP encrypted data
>| |
>| | Before OpenPGP encryption, the data is written in MIME canonical
>| | format (body and headers).
>|
>| which is not the clearest statement I've ever seen, but could it mean
>| that there should be headers in the encrypted section too, as per the
>| Turnpike message?
>
>Doh! I have had this fix lying around for awhile and never bothered to
>commit it.
I think there may be a superfluous
$part->setContents($part->toString());
in signAndEncryptMIMEPart() since this change. Inspecting the raw text
of a signed and encrypted message from IMP, and manually decrypting the
encrypted section I get a duplicate set of headers and the whole of the
rest of the message repeated after the final boundary:
|Content-Type: multipart/signed;
| boundary="=_6c946095c1069d24d1d9f8dca56a58d1";
| protocol="application/pgp-signature";
| micalg="pgp-sha1"
|Content-Transfer-Encoding: 7bit
|
|Content-Type: multipart/signed;
| boundary="=_6c946095c1069d24d1d9f8dca56a58d1";
| protocol="application/pgp-signature";
| micalg="pgp-sha1"
|Content-Transfer-Encoding: 7bit
|
|This message is in MIME format and has been PGP signed.
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: text/plain;
| charset="ISO-8859-1"
|Content-Disposition: inline
|Content-Transfer-Encoding: quoted-printable
|
|This is a test.
|--=20
|Chris Hastie
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: application/pgp-signature
|Content-Description: PGP Digital Signature
|Content-Disposition: inline
|Content-Transfer-Encoding: 7bit
|
|-----BEGIN PGP SIGNATURE-----
|Version: GnuPG v1.2.1 (FreeBSD)
|
|iD8DBQA+IDV0Pp9Go/ojNNMRAhixAJ0fmdshKsCfVmMsWS8C+yajmOHotgCfQcpf
|sNQZpbByrZtGGzgUibltKP8=
|=KXiP
|-----END PGP SIGNATURE-----
|
|--=_6c946095c1069d24d1d9f8dca56a58d1--
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: text/plain;
| charset="ISO-8859-1"
|Content-Disposition: inline
|Content-Transfer-Encoding: quoted-printable
|
|This is a test.
|--=20
|Chris Hastie
|
|--=_6c946095c1069d24d1d9f8dca56a58d1
|Content-Type: application/pgp-signature
|Content-Description: PGP Digital Signature
|Content-Disposition: inline
|Content-Transfer-Encoding: 7bit
|
|-----BEGIN PGP SIGNATURE-----
|Version: GnuPG v1.2.1 (FreeBSD)
|
|iD8DBQA+IDV0Pp9Go/ojNNMRAhixAJ0fmdshKsCfVmMsWS8C+yajmOHotgCfQcpf
|sNQZpbByrZtGGzgUibltKP8=
|=KXiP
|-----END PGP SIGNATURE-----
|
|--=_6c946095c1069d24d1d9f8dca56a58d1--
Commenting out the $part->setContents($part->toString()); line seems to
sort this out, but I don't know if it will break anything else.
--
Chris Hastie
More information about the imp
mailing list