Re: check-traditional-pgp oddity
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ahhh, now that it's a more reasonable hour, here's a summary, for anyone
interested.
1) The message with the '^ $' after the Hash: armor header does indeed
violate the OpenPGP RFC (http://www.ietf.org/rfc/rfc2440.txt):
7. Cleartext signature framework
[...]
The cleartext signed message consists of:
- The cleartext header '-----BEGIN PGP SIGNED MESSAGE-----' on a
single line,
- One or more "Hash" Armor Headers,
- Exactly one empty line not included into the message digest,
- The dash-escaped cleartext that is included into the message
digest,
- The ASCII armored signature(s) including the '-----BEGIN PGP
SIGNATURE-----' Armor Header and Armor Tail Lines.
2) The mutt code that strips the text out is in pgp.c, in the function
pgp_copy_clearsigned. Just for fun, I tweaked one line there to keep mutt
from parsing out the first paragraph of text in this particular type of
broken clearsigned message. If I were really intending on using this, I
think it would be better to make it a regex that matched (in perl notation)
'^\s+$'.
- --- mutt-1.5.4/pgp.c~ Tue Feb 25 16:28:54 2003
+++ mutt-1.5.4/pgp.c Wed Sep 17 03:06:33 2003
@@ -179,7 +179,7 @@
if (armor_header)
{
- - if (buf[0] == '\n')
+ if (buf[0] == '\n' || mutt_strcmp (buf, " \n") == 0)
armor_header = 0;
continue;
}
- --
Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
============================================================================
It is easier to fight for one's principles than to live up to them.
-- Alfred Adler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.
iD8DBQE/aBE+uv+09NZUB1oRAjyeAKCIo6q2rVhGIC+xpHwkozW88aJEzgCgho+N
OCqDKyis8u6U85nX0utQY3k=
=LEYU
-----END PGP SIGNATURE-----