X-PGP-Sig header, and thoughts on key agent daemons

Oct 14, 2007 14:59

So yesterday I tweaked my emacs and gnus configuration so that it generates an X-PGP-Sig header on outgoing messages. Now all my outgoing emails and netnews posts are unobtrusively signed. (My GPG key is here on the keyserver networks ( Read more... )

gpg, geek, pgp, emacs, crypto, ssh, gnus

Leave a comment

Comments 2

dossy October 14 2007, 22:17:37 UTC
Unobtrusively signed? Do you just treat the entire payload as data which gets signed? Otherwise, without start/end markers (which is always a great joy for multipart-MIME messages) how will a PGP/GPG consumer know exactly which bytes have been signed?

Reply

fallenpegasus October 15 2007, 00:25:52 UTC
The X-Pgp-Sig definition is over ten years old, it dates back to tale@uunet working out how to sign USENET control messages.

Basically it canonicalizes the message body, and then makes a canonical header set, puts them together, runs it thru PGP, then builds a header line that contains some version info, a list of the signed headers, and then the sig.

It breaks if something rewrites the message body, but it's hard to call that a bug.

Reply


Leave a comment

Up
[]