<<< Date Index >>>     <<< Thread Index >>>

Re: problem with mime-attachment



G'day Carsten,

* carsten.schwant@xxxxxxxxxxxxxxxxxxxx <carsten.schwant@xxxxxxxxxxxxxxxxxxxx> 
[040514 10:54]:
> Hi guys,
> 
> we have a problem with a mime attachment and windows.
> 
> Background:
> We offer a server, which signs files. So the files must not be changed
> after signing, otherwise the verification is not successful.
> 
> Problem:
> We get via telnet emails from a pop3-box, extract the attachment and sign
> it.
> After that we use mutt to send it to a windows email client (lotus notes).
> After extracting the attachment, i try to verify the original and the
> signature, but it fails.
> 

Can you verify that the problem is with mutt, and not with your use of
GPG or even how you transfer files?  

For example, get the MD5 sum of a particular file (just text) and then
attach it to a mail message, send it through to your POP3 box.  Then
rather than GPGing it, get the MD5 sum again, and then reattach and
send it off to the windows machine.  Extract the attachment and then
compare MD5 sums.  I suspect that you will find a problem in the way
you are transferring these files around (but that's only a guess).

Also there is a _major_ hole in your logic here.  If you want to sign
a file, using telnet to move things around is a _bad_ idea.  Use SSH
(protocol 2), as then you know at least that the message you sent from
one end of the connection (to be signed) is the same as the message on
the signing machine.



Cheers,

S.