Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

howto digitially sign emails programmatically with pgp?

39 views
Skip to first unread message

Philipp Ott

unread,
Mar 12, 2004, 5:06:04 AM3/12/04
to
Hello!

I m looking for a solution to generate a digitally signed mime-email
with linux/perl and to feed/pipe this then to sendmail. I found RFCs
related to mime-signed etc. but somehow fail to implement them or rather
make it work.

Is there a fininshed cpan module that can do this? I didnt find one though.

Second, what if i want to use verisign/thawte digital certs for email
signing, howto do this programmatically?

Thank you for any help,
regards
Philipp

Nagy Daniel

unread,
Mar 12, 2004, 8:35:49 AM3/12/04
to
Could you please be a little more specific about what you want to achieve?

As I understand, you want to sign emails. There are many digital signature
standards, which one do you want to follow?

S/MIME, PGP/MIME or PGP cleartext signature?

In what form are your emails available? Plain text, MIME payload or
RFC-822 complete with headers?

--
Daniel

Philipp Ott

unread,
Mar 15, 2004, 10:04:04 AM3/15/04
to Nagy Daniel
Hello!

Nagy Daniel schrieb:

> Could you please be a little more specific about what you want to achieve?

Well, given are a text file with the message content and 1+ PDF files.
It works fine to generate MIME-Emails and we can send them sans problem.

> As I understand, you want to sign emails. There are many digital signature
> standards, which one do you want to follow?

Well, any that the majority of ppl can use: current versions of Outlook,
Outlook Express, Mozilla, Netscape.

> S/MIME, PGP/MIME or PGP cleartext signature?
> In what form are your emails available? Plain text, MIME payload or
> RFC-822 complete with headers?

Well the emails dont need to be encrypted or so, what we just want to
ensure with the digital signature is that the contents are from us and
not tampered with. To your question I would replay that the to-be-signed
content of the email is available as a list of 7bit mime-parts, the
message contents and the encoded PDF attachments.

Thank you,
regards
Philipp Ott

Nagy Daniel

unread,
Mar 18, 2004, 4:57:30 PM3/18/04
to
On Mon, 15 Mar 2004, Philipp Ott wrote:

> > As I understand, you want to sign emails. There are many digital signature
> > standards, which one do you want to follow?
>
> Well, any that the majority of ppl can use: current versions of Outlook,
> Outlook Express, Mozilla, Netscape.

In that case, you're tied to S/MIME signatures, as I am not aware of
PGP plugins for Outlook & Co. S/MIME is handled by "openssl" in a
scriptable fashion. You can generate S/MIME signed messages automagically.

Even though I have to admit that I strongly dislike S/MIME and all the
PKI/X509 business. I think it's a scam to extort money for certification
and has a lot of very real shortcomings when compared to OpenPGP and
PGP/MIME. For Mozilla and Netscape there is a plug-in called "enigmail"
which handles PGP/MIME. I have a sript that generates PGP/MIME signed
messages, if you need that. But, again, it might not work for Outlook and
Outlook Express.

> > S/MIME, PGP/MIME or PGP cleartext signature?
> > In what form are your emails available? Plain text, MIME payload or
> > RFC-822 complete with headers?
>
> Well the emails dont need to be encrypted or so, what we just want to
> ensure with the digital signature is that the contents are from us and
> not tampered with. To your question I would replay that the to-be-signed
> content of the email is available as a list of 7bit mime-parts, the
> message contents and the encoded PDF attachments.

It doesn't answer my question. But if you want it to work out-of-the box
for the most popular email clients, go for S/MIME as much as I hate it.

--
Daniel

Clement Seveillac

unread,
Mar 19, 2004, 10:59:16 AM3/19/04
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nagy Daniel <nagy...@cs.bme.hu> wrote:

> In that case, you're tied to S/MIME signatures, as I am not aware of
> PGP plugins for Outlook & Co.

Well the commercial PGP versions (Personal, Workgroup and Enterprise)
have plugins for Outlook, Outlook Express, Eudora, Entourage, and Apple
Mail at least [1]. Since you talk about Enigmail afterwards, I think you
don't mean Mozilla and Mozilla Thunderbird in your "& Co." :)

There are also free solutions to sign, verify, encrypt and decrypt
text & files, more or less integrated to mail clients. For example
WinPT has a 'tray' icon that can process files, or the text which is in
your clipboard, plus it has Eudora and Outlook Express plugins [2].

[1] http://www.pgp.com/products/personal.html for example
[2] http://winpt.sourceforge.net/en/download.php



> For Mozilla and Netscape there is a plug-in called "enigmail"
> which handles PGP/MIME. I have a sript that generates PGP/MIME signed
> messages, if you need that. But, again, it might not work for Outlook and
> Outlook Express.

I really like Enigmail, as you can see in my GnuPG comment :-) Could
you send your PGP/MIME signing scripts by the way, I'd like to see how
it looks like?

Best regards,
- --
clem
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Secure Email! http://dudu.dyn.2-h.org/gpg-enigmail-howto

iQEVAwUBQFsYb5C029jjKP/wAQJrjQf/SVh7Q7bjeUiD52LL/xvetJwDT0LypLjQ
KI+qvPlZgkxmsKEusChxyZ/4EtJ5nz2N+qEqFwRijaked+MaunbIxQrhhCdxgGtG
mCfh9PmTtBUmwMqX2qcYnbrpFxX+n2JHbTSWQeQ71x+JxQyKXLxcPgUHPLe3pLTO
3l7K9CiUqKZMI9drHIwFiC68u6xx9isQ5ETQakD9PAT8NaEQjn0fwhURWTWb4sl/
l4CfaVKRJh+W1SqLE3eKnPFdVSjSPS7mT8ALYsLOXCkt7ER8dn3NSgFvo8JedzIF
PDx9dQTOnZ6Qcd7X71Xsij+Ewws36ZnQlc2Dk124mqkiMX2SzbeGUw==
=L4AL
-----END PGP SIGNATURE-----

0 new messages