[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Manually verifying PGP/MIME signature with GPG

On 04/09/2012 12:11 PM, Mika Suomalainen wrote:
> On 09.04.2012 18:44, Camaleón wrote:
>> On Mon, 09 Apr 2012 18:04:13 +0300, Mika Suomalainen wrote:
[...]
>> I recognize it's annoying to delete the extra text when replying to PGP/
>> GPG inline messages but I can live with that.
>>
>>> I have promised to move to S/MIME (with devices which support it) when
>>> someone on this list tells me how do I manually verify PGP/MIME
>>> signature in case email client cannot be used to do it. 
>>
>> You don't have to move on S/MIME if you don't want.
> 
> Oh, sorry. I am confusing with S/MIME and PGP/MIME myself too. They are
> two different things, or at least I think so. The one which I am asking
> about is PGP/MIME (those signature.asc files, which you might have seen).
> 
>>> Example case would be verifying message from mailing list archives. I
>>> will also move to PGP/MIME if anyone on this list admits my point that
>>> it's easier to verify GPG INLINE manually than PGP/MIME.
>>

	The only real difference between inline PGP and PGP/MIME is that the in
PGP/MIME the signature is detached and added to the email as an
attachment, which as you mention the signature.asc. To verify PGP/MIME
vs inline is the same if you were using the GPG or PGP command to verify
a clearsigned file or not. With PGP/MIME you'd have to save the original
email which would in a multi-part MIME email be an attachment itself,
just the first one, and the signature attachment and run them through
the CLI tool to verify the signature.
	Also as most mail clients these days support PGP/MIME standard either
natively or via additional plugin there should be little need to do so
manually unless this is just an exercise to better understand how it is
handled.
[...]
> 
> I think that I will start using PGP/MIME now that someone has said that
> it's annoying to remove GPG signatures from messages and that they can
> live with it. It's nicer way than telling to filter all emails from one
> sender / threading / telling what should be done in their opinions and
> then ignoring all problems in that way.
> 
> I hope that someone can still answer this question.
> 
> PS. Sorry again for typoing PGP/MIME as S/MIME.
> 
	PGP/MIME just makes it easier for those that don't bother with the
signatures to ignore the attachment with the signature and not have to
deal with cutting it out in replies. The other issue I've seen with
inline vs PGP/MIME is that if the signature is not stripped out by
someone replying and including the signature in the quote it will
sometimes confuse the MUA. In most cases PGP/MIME won't have this issue
as the signature is a separate attachment and unless efforts are made to
include attachments in replies won't be included and even if it does it
still doesn't confuse the MUA.
Reply to: