[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sylpheed
Subject:    [sylpheed:21996] sylpheed and PGP/MIME signatures
From:       Ian Bruce <ian_bruce () fastmail ! fm>
Date:       2003-11-26 12:22:59
[Download RAW message or body]

It appears to me that sylpheed does not fully implement the PGP/MIME
standard with respect to signed and encrypted messages. RFC 3156
describes two methods for encoding mail which is both signed and
encrypted.

The first method is described in section 6.1:

   RFC 1847 Encapsulation

   In [RFC1847], it is stated that the data is first signed as a
   multipart/signature body, and then encrypted to form the final
   multipart/encrypted body.  This is most useful for standard MIME-
   compliant message forwarding.

Sylpheed both generates and accepts this format.

The second method is described in section 6.2:

   Combined method

   The OpenPGP packet format [RFC2440] describes a method for signing
   and encrypting data in a single OpenPGP message.  This method is
   allowed in order to reduce processing overhead and increase
   compatibility with non-MIME implementations of OpenPGP.  The
   resulting data is formatted as a "multipart/encrypted" object as
   described in Section 4.

It seems that sylpheed (Debian Linux v9.7) will decrypt such messages
but will not verify the signature, even though GnuPG itself has no
problem in doing so. Given that this format conforms to the standard,
and is produced by some versions of PGP (at least with MS-Windows MUAs),
isn't it important for sylpheed to understand it, even if it doesn't
generate it? Is there some peculiarity of the GPGME library that makes
this difficult to do?

Can anyone clarify this issue? Am I missing something?


<ian_bruce@fastmail.fm>

[prev in list] [next in list] [prev in thread] [next in thread]