Re: [OT] Manually verifying PGP/MIME signature with GPG

To: debian-user@lists.debian.org
Subject: Re: [OT] Manually verifying PGP/MIME signature with GPG
From: Jon Dowland <jmtd@debian.org>
Date: Tue, 10 Apr 2012 09:59:02 +0100
Message-id: <[🔎] 4F83F656.2030706@debian.org>
In-reply-to: <[🔎] 4F8312ED.3090105@undergrid.net>
References: <[🔎] 4F82FA6D.7000002@hotmail.com> <[🔎] jlv04f$ss9$16@dough.gmane.org> <[🔎] 4F830A18.309@hotmail.com> <[🔎] 4F8312ED.3090105@undergrid.net>

On 09/04/12 17:48, Jeremy T. Bouse wrote:
> To verify PGP/MIME
> vs inline is the same if you were using the GPG or PGP command to verify
> a clearsigned file or not. With PGP/MIME you'd have to save the original
> email which would in a multi-part MIME email be an attachment itself,
> just the first one, and the signature attachment and run them through
> the CLI tool to verify the signature.

Alas, this doesn't actually work[1].  As Bob expands later, you need to
get the message body in its encoded format (e.g. quoted-printable),
complete with the MIME headers describing the encoding[2].  This is
difficult to export from most mailers, and impossible (so far as I know)
from the web archives.

(note that my mail client may re-wrap lines from the examples below)

[1]:


bryant$ cat msg
On 03/04/12 17:06, Mika Suomalainen wrote:
> Yes we did, but you are forgetting GPG clearsigning vs GPG S/MIME and
> was there something else... ☺

I missed that part of the discussion (but that has reminded me to
re-setup my mailer to sign ☺)

bryant$ cat msg.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPfCpsAAoJEAkHQJYGqqqqUIIP/jr/WeTTTr0Ig8EtAKvFiTFu
vRH20HOf0OhqXs7eBeJ0QZdXPONPHCFokB75khuBOgEP6Ed1SnY2XPMZUXBL97R4
Li2l8oVHGF4omVkbNYZ1nItbz95fhLCqxIu/9TouPYsH0fNI4WTrjWFQH2c+zD4k
iLeumt03He+l/3j24RxKKQ2qZt1qx2558kKMQCB2WmCRmjUc79uYTl09n4XVZvhc
yOklofhCMlQXsaCPwpfed5zZZBvpRtpLNsgL4nWKbsmFDdVhmf/CLB1PlSn0H3lV
xr8IwPsn1MC7Ums+nEzuabGzy2JMRrZaRrEVERFwtkW7xftEqy4N63Ua+g9AzQuH
T4XYmYFq0vZXliF/zRkoStEmfUZke7OonxUEGhjz3MdeIaMoxlw2V+Zi9NF5U9A7
pdX/CRhPfG2q5VYsyGyCeBtF5PLiIAs6bEUHKf0IJy0MXk01cIUL69Yfm6XqoJ8j
R8sK0eL7JphwX3cjgJ8L2cyIBW8Z1YqSc1d93kjiwDZeewNw6dueuXNkvvsVhhis
uJU2iapDo8Q4FiHcop+uqpEOuCT0DeUS6wgPlsD3fMp1a2LMzrWMkAU6Wo0zAWDM
Gk9TlVzJjT4jrTffkLM4rxoYYvhUUdUsOKrHukRsxB7E++NXpqUkqV0pi0486lYc
7NADA1QrTNgixFBBONCa
=Zjte
-----END PGP SIGNATURE-----
bryant$ gpg --verify msg.asc
gpg: Signature made Wed 04 Apr 2012 12:03:08 PM BST using RSA key ID
06AAAAAA
gpg: BAD signature from "Jon Dowland <jmtd@debian.org>"

[2]:

bryant$ cat raw
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 03/04/12 17:06, Mika Suomalainen wrote:
> Yes we did, but you are forgetting GPG clearsigning vs GPG S/MIME and
> was there something else... =E2=98=BA

I missed that part of the discussion (but that has reminded me to
re-setup my mailer to sign =E2=98=BA)

bryant$ gpg --verify raw.asc
gpg: Signature made Wed 04 Apr 2012 12:03:08 PM BST using RSA key ID
06AAAAAA
gpg: Good signature from "Jon Dowland <jmtd@debian.org>"
Primary key fingerprint: E037 CB2A 1A00 61B9 4336  3C8B 0907 4096 06AA AAAA


-- 
Jon Dowland

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- [OT] Manually verifying PGP/MIME signature with GPG
  - From: Mika Suomalainen <mika.henrik.mainio@hotmail.com>
- Re: [OT] Manually verifying PGP/MIME signature with GPG
  - From: Camaleón <noelamac@gmail.com>
- Re: [OT] Manually verifying PGP/MIME signature with GPG
  - From: Mika Suomalainen <mika.henrik.mainio@hotmail.com>
- Re: [OT] Manually verifying PGP/MIME signature with GPG
  - From: "Jeremy T. Bouse" <jeremy.bouse@undergrid.net>

Prev by Date: Re: Free as in speech hardware ebook reader
Next by Date: Re: [OT] Manually verifying PGP/MIME signature with GPG
Previous by thread: Re: [OT] [SOLVED] Manually verifying PGP/MIME signature with GPG
Next by thread: Debian Installer flaw
Index(es):
- Date
- Thread