Sign a multipart mail using PGP/MIME

混江龙づ霸主 提交于 2019-12-23 13:16:12

问题


I'm trying to sign a mail using PGP in php. I could bring the boundaries and headers to work correctly but the mail signature isn't valid (as Thunderbirds Enigmail states).

My question here is what part is to sign and what is to take attention to while doing it.

At the moment the source of the generated mail looks like this (Text and signature replaced by placeholders to keep it easy to read):

Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_1b5364229a82b654fad7cf2aa969f02e"
MIME-Version: 1.0

This is a message in Mime Format.  If you see this, your mail reader does not support this format.

--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: multipart/alternative;
  boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
Content-Transfer-Encoding: 7bit


--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/plain; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
& 
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/html; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
& 
&HTML CONTENT ENCODED IN QUOTED PRINTABLE

--=_53ba9ef8c471e6c8d72f215feaad8033--

--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

PGP SIGNATURE HERE
-----END PGP SIGNATURE-----

--=_1b5364229a82b654fad7cf2aa969f02e--

Currently the lines starting with a & are used to generate the signature. Line breaks are just new lines (PHP_EOL).

I tried following RFC2015 but this seems not to apply for multipart/alternative conent.

Please help me out here so I can get this finished.


回答1:


I found out myself...

First of all I needed to convert all line breaks to CRLF like the RFCs state. Then I needed to think of the whole multipart/alternative inclusive its headers as the message to sign. So it should have been:

Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_1b5364229a82b654fad7cf2aa969f02e"
MIME-Version: 1.0

This is a message in Mime Format.  If you see this, your mail reader does not support this format.

--=_1b5364229a82b654fad7cf2aa969f02e
&Content-Type: multipart/alternative;
&  boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
&Content-Transfer-Encoding: 7bit
&
&
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/plain; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
& 
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/html; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
& 
&HTML CONTENT ENCODED IN QUOTED PRINTABLE
& 
&--=_53ba9ef8c471e6c8d72f215feaad8033--

--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

PGP SIGNATURE HERE
-----END PGP SIGNATURE-----

--=_1b5364229a82b654fad7cf2aa969f02e--

Where the lines starting with & are the ones to be signed.



来源:https://stackoverflow.com/questions/7891263/sign-a-multipart-mail-using-pgp-mime

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!