[imp] Bad gpg signatures - solved

Rick Emery rick at emery.homelinux.net
Fri Mar 14 11:47:23 PST 2003


Quoting Chris Hastie <lists at oak-wood.co.uk>:

> It depends to some extent on how the original message was constructed.
> If the GPG signed message is sent as plain text with the signature
> included in that, then the section of the message that is signed is
> indicated.
> 
> eg (hope the # is enough to escape this!)
> 
> # ----BEGIN PGP SIGNED MESSAGE-----
> # Some text
> # ----BEGIN PGP SIGNATURE-----
> # Signature
> # ----END PGP SIGNATURE-----
> 
> adding plain text to the end of this will not corrupt the signature.

I went back and looked at messages I've received in the past, viewing the
message source (I don't know why I didn't think to do that before). Your
explanation sounds dead on.

Signed messages that I've received look like this:

# Headers

# --=-a bunch of letters, numbers, and symbols
# Content-Type: text/plain

# The text of the message

# --=-the same bunch of letters, numbers, and symbols as above
# Content-Type: application/pgp-signature
# -----BEGIN PGP SIGNATURE-----
# the signature
# -----END PGP SIGNATURE-----

# --=-the same bunch of letters, numbers, and symbols,with 2 dashes at the end--

# the mailing list signature

Reviewing past messages revealed that MailScanner was adding its signature at
the end of the first part (with the original message), which I think was messing
up the signature. I'd like to email the author(s) of MailScanner, but I'm not
really sure how to describe this problem.

Thanks for your insight,
Rick

------------------------------------------------
This email was sent using IMP v4.0-cvs, part of
the Horde suite of information management tools.
http://horde.org/



More information about the imp mailing list