Re: [Evolution] pgp unusable?

From: "Thomas O'Dowd" <tom nooper com>
To: Jeffrey Stedfast <fejj ximian com>
Cc: lfarkas mindmaker hu, evolution ximian com, evolution-hackers ximian com
Subject: Re: [Evolution] pgp unusable?
Date: Fri, 30 Nov 2001 10:15:47 +0900

On Thu, Nov 29, 2001 at 08:10:15PM -0500, Jeffrey Stedfast wrote:

On Thu, 2001-11-29 at 19:50, Thomas O'Dowd wrote:

On Thu, Nov 29, 2001 at 03:33:32PM -0500, Jeffrey Stedfast wrote:


In-line pgp mode is a broken way to do it - so many things can go
"wrong". Should I first QP/Base64 encode the text before signing? or
should I do it afterward? Do I From-escape before? afterward? ever? Do I
CRLF encode before signing?


Sure, its broken but everyone does it. I've had to do it for ages now
because my windows loving friends have too much trouble reading the 
standard. Anyway, I don't quite see the problems that you see with
implementing it at least not with pgp. I've never used gpg so I don't
know about it. Here are some answers to your questions.

to just encrypt

 mailtext | pgp +verbose=0 +encrypttoself +batchmode -feat RECEIVERS

or to sign and encrypt

 mailtext | pgp +verbose=0 +encrypttoself +batchmode -feast RECEIVERS

If you do this then, it will sign, encrypt, handle the line feeds and
encode everything in the correct order. About From escaping, why would
you ever do it in a client? It is only a storage requirement for mbox
mail spools. If you are talking about archival in the sent folder, then
you never have to worry about that with PGP encrypted text as you won't
find the combo "^From " in the encoded text.


I wasn't talking about encrypting...obviously with encrypting I don't
have to worry about the problems I mentioned, but I *do* have to worry
about them when I am just signing the text.

The reason the client should do From-escaping when signing is to make it
so that the client on the other end doesn't have to From-escape. Why
would you wanna do that? Because if the other end has to From-escape
(because it uses mbox or something), then it won't be able to verify the
signature.

the PGP/MIME specification suggests that clients do this, but seeing as
how there isn't a spec for doing it in-line - who's to say what you
should and shouldn't do?

The problem is that you guys don't fully understand the problem, to you
it sounds as simple as "just pipe it to pgp or gpg and whallah" but it's
not that simple. Well, not if you expect the other end to be able to
verify your signatures at least. Sure, I could just pipe to pgp/gpg, but
if the other end can't verify the signature, what good is it?


Hi Jeff,

Good point but if you tried it you would see... that you also don't
need to worry about it at least with PGP 6.5.8.

I've indented this example:

        $ cat > test << EOF
        this is a test
        From me
        to you
        EOF

Now lets pgp sign it and see what we get...

        $ pgp -ast test
        $ cat test.asc
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        this is a test
        - From me
        to you

        -----BEGIN PGP SIGNATURE-----
        Version: PGP 6.5.8

        iQA/AwUBPAbdiAVmK8O1hNViEQIC0ACgpjndfv9DftJq3z47a1K8IdQt39oAn2GF
        Mt0EzASefhVVmqqzmz8HNPI4
        =E7Jh
        -----END PGP SIGNATURE-----

It takes care of escaping the "^From " for you so you don't have to
worry about it.

Tom.
-- 
Thomas O'Dowd. - Nooping - http://nooper.com
tom nooper com - Testing - http://nooper.co.jp/labs

Follow-Ups:
- Re: [Evolution] pgp unusable?
  - From: Jeffrey Stedfast

References:
- [Evolution] pgp unusable?
  - From: Levente Farkas
- Re: [Evolution] pgp unusable?
  - From: Jeffrey Stedfast
- Re: [Evolution] pgp unusable?
  - From: Thomas O'Dowd
- Re: [Evolution] pgp unusable?
  - From: Jeffrey Stedfast

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]