[imp] Bad gpg signatures - solved
Rick Emery
rick at emery.homelinux.net
Fri Mar 14 11:47:23 PST 2003
Quoting Chris Hastie <lists at oak-wood.co.uk>:
> It depends to some extent on how the original message was constructed.
> If the GPG signed message is sent as plain text with the signature
> included in that, then the section of the message that is signed is
> indicated.
>
> eg (hope the # is enough to escape this!)
>
> # ----BEGIN PGP SIGNED MESSAGE-----
> # Some text
> # ----BEGIN PGP SIGNATURE-----
> # Signature
> # ----END PGP SIGNATURE-----
>
> adding plain text to the end of this will not corrupt the signature.
I went back and looked at messages I've received in the past, viewing the
message source (I don't know why I didn't think to do that before). Your
explanation sounds dead on.
Signed messages that I've received look like this:
# Headers
# --=-a bunch of letters, numbers, and symbols
# Content-Type: text/plain
# The text of the message
# --=-the same bunch of letters, numbers, and symbols as above
# Content-Type: application/pgp-signature
# -----BEGIN PGP SIGNATURE-----
# the signature
# -----END PGP SIGNATURE-----
# --=-the same bunch of letters, numbers, and symbols,with 2 dashes at the end--
# the mailing list signature
Reviewing past messages revealed that MailScanner was adding its signature at
the end of the first part (with the original message), which I think was messing
up the signature. I'd like to email the author(s) of MailScanner, but I'm not
really sure how to describe this problem.
Thanks for your insight,
Rick
------------------------------------------------
This email was sent using IMP v4.0-cvs, part of
the Horde suite of information management tools.
http://horde.org/
More information about the imp
mailing list