On Wednesday 26 October 2011, Pascal Nitsche wrote: > Hello folks, > > I'm trying to sign a mail of the mime type "multipart/alternative" > using pgp in PHP. > The generation of the signature and the correct boundaries works just > fine, but I can't bring it to generate a valid signature. > > I think I'm missing something important here. > > First of all I encode the text and html portions of the mail as > quoted-printable and replace every new line character with <CR><LF> > as to be found in the RFCs (which seem not to state anything about > multipart). > > Now I generate the signature of the complete mime part and put it > into its own mime part. > > So now the mail looks like this (text, html and signature were > replaced by placeholders for readablility and not all of the mail > headers are > > shown since only the Content-Type should matter here): > |Content-Type: multipart/signed; micalg=pgp-sha1; > |protocol="application/pgp-signature"; > |boundary="=_1b5364229a82b654fad7cf2aa969f02e" > > MIME-Version: 1.0 > > This is a message in Mime Format. If you see this, your mail > reader does not support this format. > > --=_1b5364229a82b654fad7cf2aa969f02e > Content-Type: multipart/alternative; > boundary="=_53ba9ef8c471e6c8d72f215feaad8033" > Content-Transfer-Encoding: 7bit > > > &--=_53ba9ef8c471e6c8d72f215feaad8033 [snip] > &--=_53ba9ef8c471e6c8d72f215feaad8033-- > > --=_1b5364229a82b654fad7cf2aa969f02e > Content-Type: application/pgp-signature; name="signature.asc" [snip] > > The lines starting with the &-sign were used to generate the > signature. > > As stated I think I missed something or did not understand something > correctly so please light it up for me ;) > > Thanks for your help in advance.
If I read your example correctly then you are missing point (5) on page
4 of RFC 3156:
(5) As described in [2], the digital signature MUST be calculated
over both the data to be signed and its set of content headers.
As far as I can see you calculated the signature only over the data but
not over the content headers of the multipart/alternative part. A
correct example (compare to the example message on page 4 f. of the RFC)
would look as follows:
=====
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="=_1b5364229a82b654fad7cf2aa969f02e"
MIME-Version: 1.0
This is a message in Mime Format. If you see this, your mail reader
does not support this format.
--=_1b5364229a82b654fad7cf2aa969f02e
&Content-Type: multipart/alternative;
& boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
&Content-Transfer-Encoding: 7bit
&
&
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/plain; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
&
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/html; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&HTML CONTENT ENCODED IN QUOTED PRINTABLE
&
&--=_53ba9ef8c471e6c8d72f215feaad8033--
--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
PGP SIGNATURE HERE
-----END PGP SIGNATURE-----
--=_1b5364229a82b654fad7cf2aa969f02e--
=====
You also do not mention whether you remove trailing whitespace. If you
quoted-printable encode trailing spaces as =20 then you do not need to
remove it.
Regards,
Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
