Re: Linux-Fan's bad signatures

Sat, 22 Aug 2020 00:15:01 -0700 

* 2020-08-22 00:17:19+02, Linux-Fan wrote:

> The copy I receive from the list does not verify correctly here,
> either.

The content between MIME separator lines are signed. The separators
itself are not part of the signature and also the last empty line is not
part of the signature.

    --=_pte5-5038-1598034269-0003
    --=_pte5-5038-1598034269-0003

In the example below the signed data begins with the "Content-Type" text
and ends with the "This is my message." plus one newline. The second
newline which creates the empty line at the end of the MIME part is not
part of the signature.

    --=_pte5-5038-1598034269-0003
    Content-Type: text/plain; charset="UTF-8"
    Content-Transfer-Encoding: quoted-printable

    This is my message.

    --=_pte5-5038-1598034269-0003

So if the signature is in "signature.asc" and the content between the
separator lines are in file "content.txt" this command should verify it:

    gpg --verify signature.asc content.txt

It seems that the signatures are made with "gpg --textmode" so that it
doesn't matter if the content has LF or CR + LF newlines.

Your "sent" and "received" messages even have different MIME part
headers and encoding. At least those things change after the signature
is made. See the attached "diff -u" output. But I can't verify any of
your messages even if I manually edit the MIME parts and try different
things.


--- sent.txt	2020-08-22 09:46:38.693668136 +0300
+++ received.txt	2020-08-22 09:46:40.989621827 +0300
@@ -1,13 +1,14 @@
 --=_pte5-5038-1598034269-0003
 Content-Type: text/plain; format=flowed; delsp=yes; charset="UTF-8"
 Content-Disposition: inline
-Content-Transfer-Encoding: 7bit
+Content-Transfer-Encoding: quoted-printable
 
 local10 writes:
 
 > Hi,
 >
-> What would be a reasonably secure and simple way to encrypt files on Linux
+> What would be a reasonably secure and simple way to encrypt files on Lin=
+ux
 > and then send them to a  non-technical Windows user so she would be able
 > decrypt and read them?
 >
@@ -17,7 +18,7 @@
 syswtems: https://www.7-zip.org/
 
 Encrypt on Linux:
-$ 7z a -ptestwort -mhe=on secret.7z secret.txt
+$ 7z a -ptestwort -mhe=3Don secret.7z secret.txt
 
 Decrypt on Windows: Double-Click or use commandline:
 % 7z x -o. secret.7z

-- 
/// Teemu Likonen - .-.. http://www.iki.fi/tlikonen/
// OpenPGP: 4E1055DC84E9DFF613D78557719D69D324539450

Attachment: signature.asc
Description: PGP signature

Reply via email to