On Sat, Apr 09, 2005 at 12:29:47AM +0200, Denis Barbier wrote: > it signs mail body. > Your gpg-signed message is very different: > * it contains the following header field: > Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; boundary="cvVnyQ+4j833TQvp" > * GPG signature encloses the whole mail, including attachments. > Of course this can be emulated, but then you have to sign mails for every > translation. Or did I miss something?
oh, i didn't realize that the script sent mails with attachments in
them, that's a different matter altogether. all the above patch did was
clearsign the message body (which still at least verifies the
authenticity of the message).
unfortunately clearsigning doesn't work with attachments, so what would
need to be done is encapsulate the entire message body in a
multipart/mixed mime object, sign it and tack the signature on as
an attachment, and thenput that in a multipart/signed object.
well, guess i get to do that then :)
sean
--
signature.asc
Description: Digital signature

