-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2010-10-27 at 16:19 +0200, Per Jessen wrote:
Carlos E. R. wrote:
It is part of the standard. Certain letter combinations that are used for other things have to be defanged (is that the word?). The begin line-dash-dash means something else for pgg, so the signature can not start that way or it breaks. This change is intentional and documented, but I can't remember where.
Interesting, I didn't know. Does that mean that gpg-aware email agents should be decoding this too?
Yep. I found the reference to this, by Patrick 3 years ago, who got it from the mutt mail list: +++··········· <http://lists.opensuse.org/opensuse/2007-06/msg00841.html>
Why is the <dash><dash><space> signature indicator not display properly in inline gpg signed posts, ie: <dash><space><dash><dash><space>.
This is so that no software deletes the mail's signature including the gpg signature even by accident. I don't know if it's the official reason but at least it makes sense... :)
It's required by RFC2440 (the OpenPGP standard). See section 7.1 therein. ············++-
And here it is an official reference: <http://www.ietf.org/rfc/rfc2440.txt> +++··········· RFC 2440 OpenPGP Message Format November 1998 7.1. Dash-Escaped Text The cleartext content of the message must also be dash-escaped. Dash escaped cleartext is the ordinary cleartext where every line starting with a dash '-' (0x2D) is prefixed by the sequence dash '-' (0x2D) and space ' ' (0x20). This prevents the parser from recognizing armor headers of the cleartext itself. The message digest is computed using the cleartext itself, not the dash escaped form. As with binary signatures on text documents, a cleartext signature is calculated on the text using canonical <CR><LF> line endings. The line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP SIGNATURE-----' line that terminates the signed text is not considered part of the signed text. Also, any trailing whitespace (spaces, and tabs, 0x09) at the end of any line is ignored when the cleartext signature is calculated. ············++-
PGP requires that you exchange keys in person, face to face, with the person you are going to communicate, so that you know that the keys are really from that person.
I'm sure I've heard of a scheme in Germany whereby you were able to use Deutsche Post as an intermediary - Postident I think it is. I don't know if it still works.
That is interesting. I have not seen such meetings here, in Spain. What we have is, that the same entity that prints paper money (the mint?) emits pkcs certificates. or signs them. We go to a web page, do something, we print the page, then go in person to a government office where an official sees the page, our identification, our face, and then prints another page with which we can obtain the electronic certificate, which thus identifies us for things that need official identification, like paying taxes. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkzIUqIACgkQtTMYHG2NR9VO8wCeJDdDTd73rXa58/Ji1oHeSpAm EbwAnjH344kX9U4cqbtrrQhAv5BZUAlC =uo4Z -----END PGP SIGNATURE-----