mark(_at_)unicorn(_dot_)com writes:
Ian Grigg [iang(_at_)systemics(_dot_)com] wrote:
I suggest we clarify this in the standard by saying that clearsigned
messages SHOULD be signed with sig type of 01, and that readers MAY
assume that cleartext messages are so signed.
It's a long time since I implemented the clearsigning code so I don't
remember the details very well, but one feature that I would have liked
to put into my PGP-aware email program was to take the signature from a
signed, encrypted message and use it to create a clearsigned message for
archiving. Presumably if normal encrypted messages have binary sigs and
clearsigned messages have text sigs, this will be impossible? I think
this was the situation with the PGP version (2.3a?) I was testing for
compatibility.
Signed-and-encrypted messages can sign in either text mode or binary mode.
If they are done in text mode then it will often work to convert to
a cleartext signature.
Unfortunately the text mode signature is done slightly differently than
the cleartext signature. The difference is that cleartext signatures
remove trailing whitespace on each line when calculating the hash.
I believe this was added because some mailers and gateways munged mail
which had trailing whitespace. This is not a problem with signed/encrypted
messages since the cleartext is protected from munging.
If the message you are signing has no trailing whitespace, you could convert
a signed-and-encrypted message into a clearsigned one by decrypting,
wrapping it in the appropriate headers, and appending the signature in
ascii armor form. The sender could remove any trailing whitespace before
sending it to allow this to happen.
I am considering doing sign-and-encrypt by clearsigning and then
encrypting the clearsigned message. This way you just decrypt and are
left with a nice clearsigned message, which you can then verify.
Hal