[prev in list] [next in list] [prev in thread] [next in thread]
List: kdepim-users
Subject: Re: [kdepim-users] Bad signature
From: Graham <sweeney276 () gmail ! com>
Date: 2007-06-05 8:36:11
Message-ID: 20070605093611.07aff157 () graham-desktop
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 5 Jun 2007 00:21:44 -0700
Robert Smits <bob@rsmits.ca> wrote:
> I had a problem with my gpg signed emails always coming through as
> bad signatures until I went to Kmail Settings, Identity, Modify,
> Cryptography, and changed my preferred crypto message format from any
> to Inline GPG depracated.
>
> I don't know how long it'll be good for, but it works today.
>
> Bob.
This is basically because of a lack of understanding of how GPG works.
You have to remember its roots lie in the text based PGP.
When you sign a message, information about your message (length,
number of characters, etc) is included in the signature. In the "old
days" you could see if a message had been tampered with because it
would throw up a bad signature message, particularly as the email
system was largely text based. Even today, Inline GPG sometimes throws
up a bad signature when a message so signed goes through webmail or web
interfaces because the service sometimes converts the text and adds
spaces (making the total number of characters change). However, Inline
GPG cannot include some of the accentuated characters found in some
languages which cannot conform to the us-ascii format.
When PGP/MIME was introduced to overcome this limitation, an attempt
was made to make it more secure. In the closer "old days" there was no
fixed standard for PGP/MIME, and different MUAs (email programs)
implemented the aim of PGP/MIME in different ways. I well remember
when the Windows program Eudora initially implemented PGP/MIME: unless
you were reading it with Eudora (and sometimes the same version of
Eudora!) that created it, it was undecipherable. The main reason for
this is that PGP/MIME is a function of the MUA, not of PGP or GPG.
Things are better now as the RFCs have been firmed up, but I understand
PGP/MIME messages sent by Outlook or Outlook Express STILL do not
conform to the standard. So perhaps your recipient is using an MUA
which doesn't read PGP/MIME properly....
Also, PGP/MIME produces an attachment which holds the essential
information about signing and encryption. Some user groups strip
attachments to reduce the possibility of virus infection. When sending
to user groups or newsgroups I ALWAYS send by Inline GPG.
Inline GPG is deprecated because its slightly less secure. If you use
HTML to email, however, it's your only option, but try to ensure your
recipient uses the same MUA as you or there is a chance the message
won't get through. If you use Inline GPG you wont have this problem if
you correspond with the English speaking world, but any attachments you
add to your email won't be signed unless you sign it through Kgpg or
something similar.
If anyone is completely new to using GPG, I would suggest that they
join the PGP-Basics yahoogroup. Most of the queries are
Windows-centric but there are Linux users on it and they do cover
GPG! You can get their web page at:
http://groups.yahoo.com/group/PGP-Basics/
HTH
- --
Graham
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy
iD8DBQFGZSB70w8BadSprUsRAjoqAKCBldElLpJeukFDF04FCW2ctMMx4ACfQHgZ
DTIlDNgJTYuZazOS6iPNJQE=
=lKMv
-----END PGP SIGNATURE-----
_______________________________________________
KDE PIM users mailing list
kdepim-users@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic