> > The behavior is specified by RFC4880 and is not a security risk. > > Hi,
I was testing this with the --verify switch only so I didn't see the final output with the stripped headers. Thanks for clearing this up. Your point regarding my mail client was interesting though. I use the web interface of Gmail with the firegpg plugin. I thought I'd look at this in a bit more detail. Sending the below message to me verifies as good through firegpg. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is some tested verification text. - -- key id: 0x6A8BAF97 fingerprint: 0AF9 F0A4 52D2 9775 F996 2027 41AD C31B 6A8B AF97 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: http://getfiregpg.org iEYEARECAAYFAkge2nUACgkQQa3DG2qLr5f0XwCfaZFqPy/Mx5IcydFkHX2Ytr0k MCMAoIGuwXlUuQo8ZQfBGA/pyXmCPphy =/gr1 -----END PGP SIGNATURE----- I then used the same message but modified the last header line after signing but before sending. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this is my modified line. This is some tested verification text. - -- key id: 0x6A8BAF97 fingerprint: 0AF9 F0A4 52D2 9775 F996 2027 41AD C31B 6A8B AF97 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: http://getfiregpg.org iEYEARECAAYFAkge2nUACgkQQa3DG2qLr5f0XwCfaZFqPy/Mx5IcydFkHX2Ytr0k MCMAoIGuwXlUuQo8ZQfBGA/pyXmCPphy =/gr1 -----END PGP SIGNATURE----- This also verifies good through firegpg with no message regarding an incorrect header. I'd guess as nothing is stripped and no header warning is given this may be more of an issue? Andy.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users