I was doing a little more experimentation last night, and the picture is besoming a little clearer. I've installed Thunderbird & Enigmail and have had successfully verified signatures on posts directed at me. This is my first post from TB to the list, so let's see what happens this time, shall we?
My lst testing session using APPle Mail and GPGMail involved sending a
test mail to the list, copied to myself at yahoo.com, and looking at the
raw source of the messages that came back in, and comparing them to what
went out (as saved in the 'sent' mailbox) using macvim in a three way
diff. I'll post the relevant extracts from the mails below, but here's
the summary:
While there were many, many differences in the general 'envelope'
headers, this is as you would expect - after all, the mails took
different paths to reach their destinations, and mail servers are
allowed to mangle them according to their whim, provided the semantic
content is not lost.
The actual text of message did not differ across either the outgoing
message, the version that returned directly to me via Yahoo, or the one
that was processed by the list server, and neither did the signature block.
What *did* differ was the format and ordering of the MIME content
headers: fields that were all on one line in the outgoing were split
over more than one line by something outboard of my Mac; a descriptive
header had vanished; the order of headers was changed; and the message
from the list was encapsulated in an extra MIME part.
I currently believe that the problem is related to various mail and/or
list servers mangling the MIME content headers, and invalidating the
hashes of the content. This is supposed (I think) to be legal, as in the
final analysis they are just RFC822 headers which can be reformatted on
the fly by intermediate mail servers as they require. It would require
that macgpg is including the MIME headers in the text to be hashed,
which I'm not so sure is correct behaviour. On the other hand, if it
isn't correct, then how are other (non-macgpg2 users) managing to
successfully verify signatures whose headers may be changing in flight?
Here're the extracts from the three mails in question. I've extracted
all the envelope headers except for the MIME-headers, and then left the
complete body of the message.
First the message as saved in my 'sent' mailbox:-
>>>>
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg=pgp-sha256; boundary="Apple-Mail-3-13890788"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v1082)
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-3-13890788
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
This is just a test. I repeat, this is only a test.
If thus had been a real life, you would have received instructions as to =
how to proceed on entry. Please do not panic.=20
I repeat, this has only be<lost carrier/>=20
- --=20
Andrew Long
andrew dot long at mac dot com
--Apple-Mail-3-13890788
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
iF4EAREIAAYFAk1BqL4ACgkQRL8D6wymVNZqPwD/Zn3PJ6Qq5RYjqbn/PTzv51RA
UqnskYBImQTx2/WzAKUA/RSp5yxCYBkcXhl7XW28IyG/pNz26qq/eZPCDxc6qazi
=LxmH
-----END PGP SIGNATURE-----
--Apple-Mail-3-13890788--
<<<<
Next the mail as it arrived back from Yahoo:-
>>>>
MIME-version: 1.0
Content-type: multipart/signed; protocol="application/pgp-signature";
micalg=pgp-sha256; boundary=Apple-Mail-3-13890788
Content-transfer-encoding: 7bit
--Apple-Mail-3-13890788
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
This is just a test. I repeat, this is only a test.
If thus had been a real life, you would have received instructions as to =
how to proceed on entry. Please do not panic.=20
I repeat, this has only be<lost carrier/>=20
- --=20
Andrew Long
andrew dot long at mac dot com
--Apple-Mail-3-13890788
Content-Disposition: inline;
filename=PGP.sig
Content-Type: application/pgp-signature;
x-mac-type=70674453;
name=PGP.sig
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
iF4EAREIAAYFAk1BqL4ACgkQRL8D6wymVNZqPwD/Zn3PJ6Qq5RYjqbn/PTzv51RA
UqnskYBImQTx2/WzAKUA/RSp5yxCYBkcXhl7XW28IyG/pNz26qq/eZPCDxc6qazi
=LxmH
-----END PGP SIGNATURE-----
--Apple-Mail-3-13890788--
<<<<
And finally the mail as processed by the list:-
>>>>
MIME-version: 1.0
Content-type: multipart/mixed; boundary="===============1106802489=="
Sender: gpgtools-users-boun...@lists.gpgtools.org
Errors-to: gpgtools-users-boun...@lists.gpgtools.org
--===============1106802489==
Content-Transfer-Encoding: 7bit
Content-Type: multipart/signed;
boundary=Apple-Mail-3-13890788;
protocol="application/pgp-signature";
micalg=pgp-sha256
--Apple-Mail-3-13890788
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
This is just a test. I repeat, this is only a test.
If thus had been a real life, you would have received instructions as to =
how to proceed on entry. Please do not panic.=20
I repeat, this has only be<lost carrier/>=20
- --=20
Andrew Long
andrew dot long at mac dot com
--Apple-Mail-3-13890788
Content-Disposition: inline;
filename=PGP.sig
Content-Type: application/pgp-signature;
x-mac-type=70674453;
name=PGP.sig
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
iF4EAREIAAYFAk1BqL4ACgkQRL8D6wymVNZqPwD/Zn3PJ6Qq5RYjqbn/PTzv51RA
UqnskYBImQTx2/WzAKUA/RSp5yxCYBkcXhl7XW28IyG/pNz26qq/eZPCDxc6qazi
=LxmH
-----END PGP SIGNATURE-----
--Apple-Mail-3-13890788--
--===============1106802489==
Content-Disposition: inline
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
_______________________________________________
gpgtools-users mailing list
gpgtools-users@lists.gpgtools.org
FAQ: http://www.gpgtools.org/faq.html
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe:
http://lists.gpgtools.org/mailman/options/gpgtools-users/andrew.l...@mac.com?unsub=Unsubscribe&unsubconfirm=1
This email sent to: andrew.l...@mac.com
--===============1106802489==--
<<<<
Comments, please?
Regards, Andy
--
Andrew Long
andrew dot long at mac dot com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ gpgtools-users mailing list gpgtools-users@lists.gpgtools.org FAQ: http://www.gpgtools.org/faq.html Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/arch...@mail-archive.com?unsub=Unsubscribe&unsubconfirm=1 This email sent to: arch...@mail-archive.com
