On Sat, Jun 30, 2007 at 02:42:49PM +0530, Hardeep Singh wrote:
> On 6/27/07, David Shaw <[EMAIL PROTECTED]> wrote:
> > On Mon, Jun 25, 2007 at 02:06:55PM +0200, Werner Koch wrote:
> > > On Sun, 24 Jun 2007 12:07, [EMAIL PROTECTED] said:
> > >
> > > > If someone sends me an ASCII armoured file with some signed text, can
> > > > I convert it into cleartext sign so that I can display it to people
> > > > without GPG also?
> > >
> > > In general not because the canonicalization is different between the
> > > formats.  A conversion would break the signature.
> >
> > Interestingly enough, while you can't always go from a signed file to
> > a clearsigned file, you can safely do the opposite of what the
> > original poster asked: converting from cleartext to a signed file
> > (armored or not) is possible.
> >
> > (I'm not sure when someone would want to do this, but...)

> How do we do that?

You grab the signature from the clearsigned file, convert it to binary
form, grab the text from the clearsigned file, package it inside a
plaintext packet, and then just glue the two together.  Something like
this:

1. gpg --output text_part clearsigned_file
2. gpg --output sig_part.gpg --dearmor
   (now paste in the signature from the clearsigned file)
   ^D
3. Edit text_part and remove any whitespace at the end of each line,
   then remove the LAST (and only the last) message separator (CR, LF,
   etc).
4. gpg -z0 --textmode --store text_part
5. cat sig_part.gpg text_part.gpg > my_new_file.gpg

Step 3 is the tricky bit, of course.  Using a unix-ish system as an
example, if the text file ends with "\n\n", you still only remove the
last "\n".  Step 5 makes a old-style signed file (you could make a
new-style onepass signed file, but you'd need to create the onepass
packet).

It's an interesting side-effect of how the text canonicalization is
done.  The clearsigning rules are more strict than the regular
signature rules, so it's possible to switch the packaging like this.

David

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to