On 09/04/12 17:48, Jeremy T. Bouse wrote: > To verify PGP/MIME > vs inline is the same if you were using the GPG or PGP command to verify > a clearsigned file or not. With PGP/MIME you'd have to save the original > email which would in a multi-part MIME email be an attachment itself, > just the first one, and the signature attachment and run them through > the CLI tool to verify the signature.
Alas, this doesn't actually work[1]. As Bob expands later, you need to get the message body in its encoded format (e.g. quoted-printable), complete with the MIME headers describing the encoding[2]. This is difficult to export from most mailers, and impossible (so far as I know) from the web archives. (note that my mail client may re-wrap lines from the examples below) [1]: bryant$ cat msg On 03/04/12 17:06, Mika Suomalainen wrote: > Yes we did, but you are forgetting GPG clearsigning vs GPG S/MIME and > was there something else... ☺ I missed that part of the discussion (but that has reminded me to re-setup my mailer to sign ☺) bryant$ cat msg.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPfCpsAAoJEAkHQJYGqqqqUIIP/jr/WeTTTr0Ig8EtAKvFiTFu vRH20HOf0OhqXs7eBeJ0QZdXPONPHCFokB75khuBOgEP6Ed1SnY2XPMZUXBL97R4 Li2l8oVHGF4omVkbNYZ1nItbz95fhLCqxIu/9TouPYsH0fNI4WTrjWFQH2c+zD4k iLeumt03He+l/3j24RxKKQ2qZt1qx2558kKMQCB2WmCRmjUc79uYTl09n4XVZvhc yOklofhCMlQXsaCPwpfed5zZZBvpRtpLNsgL4nWKbsmFDdVhmf/CLB1PlSn0H3lV xr8IwPsn1MC7Ums+nEzuabGzy2JMRrZaRrEVERFwtkW7xftEqy4N63Ua+g9AzQuH T4XYmYFq0vZXliF/zRkoStEmfUZke7OonxUEGhjz3MdeIaMoxlw2V+Zi9NF5U9A7 pdX/CRhPfG2q5VYsyGyCeBtF5PLiIAs6bEUHKf0IJy0MXk01cIUL69Yfm6XqoJ8j R8sK0eL7JphwX3cjgJ8L2cyIBW8Z1YqSc1d93kjiwDZeewNw6dueuXNkvvsVhhis uJU2iapDo8Q4FiHcop+uqpEOuCT0DeUS6wgPlsD3fMp1a2LMzrWMkAU6Wo0zAWDM Gk9TlVzJjT4jrTffkLM4rxoYYvhUUdUsOKrHukRsxB7E++NXpqUkqV0pi0486lYc 7NADA1QrTNgixFBBONCa =Zjte -----END PGP SIGNATURE----- bryant$ gpg --verify msg.asc gpg: Signature made Wed 04 Apr 2012 12:03:08 PM BST using RSA key ID 06AAAAAA gpg: BAD signature from "Jon Dowland <j...@debian.org>" [2]: bryant$ cat raw Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 03/04/12 17:06, Mika Suomalainen wrote: > Yes we did, but you are forgetting GPG clearsigning vs GPG S/MIME and > was there something else... =E2=98=BA I missed that part of the discussion (but that has reminded me to re-setup my mailer to sign =E2=98=BA) bryant$ gpg --verify raw.asc gpg: Signature made Wed 04 Apr 2012 12:03:08 PM BST using RSA key ID 06AAAAAA gpg: Good signature from "Jon Dowland <j...@debian.org>" Primary key fingerprint: E037 CB2A 1A00 61B9 4336 3C8B 0907 4096 06AA AAAA -- Jon Dowland
signature.asc
Description: OpenPGP digital signature
