[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: extra dashes in PGP-related blocks?



-----BEGIN PGP SIGNED MESSAGE-----

To: [email protected] (Andrew Brown)
cc: [email protected] (Jonathan Rochkind), [email protected]
Subject: Re: extra dashes in PGP-related blocks? 

> >> From: Jonathan Rochkind
> >
> >When people have been posting their public keys, or encrypted address
> >blocks, to various lists I'm on, all of the "-----BEGIN whatever..." lines
> >seem to have a "- " preppended to them. So, for instance, they look like:
> >
> >- -----BEGIN PGP MESSAGE-----
> >Version: 2.6.2
> >[stuff]
> >- -----END PGP MESSAGE-----
> 
> pgp is putting those extra "- " pieces in (guess you didn't read all
> your pgp docs :-),  it does that so that it can tell the difference between
> pgp begin/end blocks and other stuff, kinda like sendmail "quoting" lines
> beginning with a dot with an extra dot.  the difference here is that
> sendmail removes any leading dots before delivery and pgp doesn't after
> removing a signature.  yeah, you do have to load it into an editor but
> mailing something to a remailer shoud not "hork" it.  the pgp running on
> the remailer will just "- " the stuff and include it literally.

Uhh, this is not at all true.  When PGP verifies a message, it will
strip out the quoting dashes in the output.  This is documented in RFC
822 (I think) about quoting messages.

Just run the message through PGP and it will strip out the first level
of quoting in the output message, and you should be able to then run
PGP on the rest of the message as well.

This is not a bug, it is a feature to let PGP know *WHAT* was being
signed, so that nested PGP clearsigned-messages don't interfere with
each other.  If it didn't quote, then if I wanted to clearsign a PGP
message, the output would look something like:

- -----BEGIN PGP SIGNED MESSAGE-----

stuff here

- -----BEGIN PGP SIGNED MESSAGE-----

more stuff here

- -----BEGIN PGP SIGNATURE-----
inside signature
- -----END PGP SIGNATURE-----

- -----BEGIN PGP SIGNATURE-----
outside signature
- -----END PGP SIGNATURE-----

If you have this, how do you deal with it?  This is the same as the
paranteses-matching-problem: If you are trying to match opens with
closes, you have the problem that you could always have so many opens
that you overrun your counter before you get to any closes!

So, PGP uses the RFC-822 quoting mechanism to quote internal messages.
This is perfectly legal.

As for MIME: If you are using PGP to secure MIME objects, you should
take the _OUTPUT_ from PGP and send that back into the MIME reader.
MIME should NOT be going inside the PGP block.  So, the behavior you
are seeing is perfectly reasonable for a broken mail-reader!  Fix your
mail reader to run the PGP-secured message through PGP, and then run
the output through MIME, and you will be fine!

Enjoy!

- -derek

         Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
       Member, MIT Student Information Processing Board (SIPB)
    Home page: http://www.mit.edu:8001/people/warlord/home_page.html
       [email protected]    PP-ASEL     N1NWH    PGP key available

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBuAwUBLuzEuDh0K1zBsGrxAQFcUgLDB1WGn7TQTf4+8FgYyszcNHgcMQTcVd3w
aTXunh0K7vPjos4JkVl4p5MQkNICjDxNC2KkgQkxeIs7Yy8VgaACSwIfhDrxs3+K
gMalhp2FHO3S/ZvnIo7RSmk=
=btQx
-----END PGP SIGNATURE-----