"annoying" inline gpg signatures (Was : Re: How to put a file in RAM)

Joe(theWordy)Philbrook jtwdyp at ttlc.net
Thu Apr 6 12:38:05 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


It would appear that on Mar 30, Kenneth P. Turvey did say:

> On Thu, 30 Mar 2006 16:37:34 -0500, Phillip Susi wrote:
> 
> > Is there a way you can configure gpg to get rid of these annoying inline
> > signatures and generate the signature as a mime attachment instead?
> 
> That is non-standard for USENET and I read this list and most others
> through USENET gateways using my USENET client.  
> 
> I agree they are a bit annoying, but we can't seem to all agree on a
> standard, so that's the way it goes. 

I also happen to use a usenet gateway to access ubuntu-users, but even if
I was actually having it sent to my e-mail inbox, I'd still find those
mime attachment signatures MUCH more annoying than the inline kind like
Kenneth & I both use...

As far as I can tell, when they decided to do it that way they wanted to
use the signature to authenticate the entire message, and not just it's
content. Making it difficult for me to verify them.

I noticed that on such messages the message body is also
actually an attachment, or at least pine seams to think so, this is from
the attachment listing from one such message:

   1.1    ~21 lines   Text/PLAIN (charset: ISO-8859-1 "Latin 1 (Western 
   1.2    196 bytes   Application/PGP-SIGNATURE
   2        4 lines   Text/PLAIN

I tried saving the attachments to files and attempted to get gnupg to
verify them using the command line form for detached signatures: 

gpg --verify  sigfile [files] 

But I wasn't able to do so... I tried it using just the file I saved the
1.1 attachment, and I tried listing both files. Neither worked.

So it seams to me that the only way to check the sig is if you
choose to use an email client that has gpg functions built in. 

THAT is annoying! Especially since I happen to be addicted to pine,
which doesn't have such functions built in. Though with filters supplied
by something called "ez-pine-gpg" it can automatically verify the in
line gpg signatures of messages like Kenneth's or mine etc... Or simply
by saving the UNMODIFIED message body to a file with almost any mail
client (even mailx) the message can then be verified from the command
line. 

Incidentally, Pine displays the two text attachments as if they were a
normal message body just fine, but if I try to reply it bundles them up
into attachments and I'm left without any quoted text to reply to in the
message body. And using the clipboard and manually inserting the quote
">" characters is a real pain... THAT too is annoying! 

I'd have more respect for mime attached signatures, if they had
been designed for it to be possible to save the parts to files and
verify from the command line, rather than ONLY being able to be
verified by a gpg aware mail client.



   #############################################################
   ##_if_you'd_prefer_an_clearsigned_".asc"_text_file_of_this_##
   ##message_as_an_mime_encoded_attachment,just_ask_me_while__##
   ##it's_STILL_IN_my_outbox_folder_._._._=+=+=+=+=+=+=+=+;-)_##
   #gpg sig for: Joe (theWordy) Philbrook DSA key ID 0x6C2163DE#
   # You can find my public gpg key at http://pgpkeys.mit.edu/ #
   #############################################################
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFENQtGRZ/61mwhY94RAjRxAJ4o1eJr91TNWtd7K+ExmPEpMLrzYACgqGrP
pAKxiOaDamhtQC/25cxNs4Y=
=JCLG
-----END PGP SIGNATURE-----
-- 
|    ^^^   ^^^
|    <o>   <o>	     Joe (theWordy) Philbrook
|	 ^    		  J(tWdy)P
|	___	       <<jtwdyp at ttlc.net>>
|           
|      <sigh>

More information about the ubuntu-users mailing list