Hi all, Here are some information I gathered about PGP-Mime.
PGP-Mime, decribed in RFC3156 'MIME Security with OpenPGP'[1] allows to send messages signed (and/or encrypted) with PGP or GPG using the mime protocol instead of embegging the data into an ASCII armor. I will focus on signatures for the rest of this message. As the RFC describes, the message has a MIME structure with exactly two parts: the signed data, and a detached signature. It is thus very simple to verify this signature: put the signature part in a temporary file, and feed GPG with the content of the signed part on stdin, using this kind of command: gpg --status-fd=2 --command-fd 0 --verify message.sig - < message.txt So if we have a MIME message with a "multipart/signed" content type, with a protocol parameter of "application/pgp-signature", with exactly two parts in the body, the second one having an "application/pgp-signature" content type, then we can put this second part in a temp file, and launch GPG... Simple, no ? ;) Decrypting PGP-Mime messages does not seem more complicated. [1] <http://www.ietf.org/rfc/rfc3156.txt> It is actually very short, and quite simple, for an RFC... -- Xavier Nodet "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Mahogany-Developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/mahogany-developers
