Teemu Likonen writes:
* 2020-08-22 00:17:19+02, Linux-Fan wrote: > The copy I receive from the list does not verify correctly here, > either. The content between MIME separator lines are signed. The separators itself are not part of the signature and also the last empty line is not part of the signature.
[...]
So if the signature is in "signature.asc" and the content between the
separator lines are in file "content.txt" this command should verify it:
gpg --verify signature.asc content.txt
It seems that the signatures are made with "gpg --textmode" so that it
doesn't matter if the content has LF or CR + LF newlines.
Your "sent" and "received" messages even have different MIME part
headers and encoding. At least those things change after the signature
is made. See the attached "diff -u" output. But I can't verify any of
your messages even if I manually edit the MIME parts and try different
things.
Thank you for sharing this analysis. I was trying to figure it out but thought the signature was only over the text and not over the headers. I cannot get it to verify with manual editing, either. Yet somehow, my mail client's `mimegpg` command can do it, given the unmangled .eml file -- the one I had sent to the list also got changed during the transfer. Attached is a compressed version in the hope that it will come across without being changed. The file's sha256sum should be as follows: 04076b5cc68367f1bfda394ba32416891ffa1800b8f7214a04cb2fc4efa21004 sent.eml ac2a25bc54417db2b62d883b9ef31a93d25e9afc113cd9f9d555d87d2720baa8 sent.eml.xz The source code is available, I will just need to find some time to analyze what it does exactly. Maybe I should ask on the e-mail client's maling list, too... Thanks Linux-Fan
Attachment:
sent.eml.xz
Description: application/xz
Attachment:
pgp8Y07rC0wYH.pgp
Description: PGP signature