Corrupt pgp-signed messages

Chan Min Wai dcmwai at AMTB-M.ORG.MY
Sat Mar 15 04:21:52 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Rick,
~ I'm sure you know what is pgp sinature check for with the signature.
The Signature is just like the "Parity Bit" On the Digital Message. And
you cannot Modify anything inside the body of the message however. You
can try to modify the subject of the message that will solve the problem
but you will never be able to add footer on the Message.

~ There is one gpg Signature that is static "Non Changing with the
content" But that will not be a secure to your message and people does
be able to change the content during transmisttion.

~ I'm not sure if there is a way to solve this problem.
~ This problem become worst if you are transmisting an Encryted message.

~ If you get the answer, please do tell me as well.

Thank You
Chan Min Wai


Rick Emery ´£¨ì:

|I searched the documentation and list archives (at least, I think I did it
|right; I've never used listserv before) but couldn't find anything on this.
|
|I configured MailScanner (a *great* product, by the way) to sign all clean
|messages. My mail client is configured to verify pgp signatures, and I
noticed
|that I started getting a lot of "BAD pgp signature" messages. A little
research
|showed that the MailScanner signature was being added to the bottom of
(inside)
|the signed part of the message, apparently corrupting it.
|
|I am a member of several MailMan mailing lists, and noticed that
several of them
|were configured to sign all messages as well. However, it appears that the
|mailing list signature is added after the pgp signature, outside of the
signed
|portion of the message. I don't know enough to explain this with technical
|accuracy, so I hope this makes sense.
|
|My questions are:
|
|1. is there a way to configure MailScanner to sign the message _after_
the pgp
|signed portion?
|
|2. Am I the only one seeing this behaviour?
|
|Thanks in advance for any guidance,
|Rick
|
|P.S. I turned off the MailScanner signature, and everything is working
fine (I
|can tell by the headers that mail is being scanned). I just like the
idea of a
|signature telling everyone that the message was scanned (and I like
advertising
|MailScanner too :-)
|
|------------------------------------------------
|This email was sent using IMP v4.0-cvs, part of
|the Horde suite of information management tools.
|http://horde.org/
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+cqpfV0p9slMZLW4RAmcQAKDI0SwgRF/MPf/zrD8gLDLU4nRYXwCgqrJw
Ynqq4W6erfAWJxVfkRSocpU=
=NkTI
-----END PGP SIGNATURE-----




More information about the MailScanner mailing list