Mailinglist Archive: opensuse (946 mails)

< Previous Next >
Re: [opensuse] sig changes from "--" to "- --"
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Wed, 27 Oct 2010 18:26:00 +0200 (CEST)
  • Message-id: <alpine.LNX.2.00.1010271810100.5866@xxxxxxxxxxxxxxxxx>
Hash: SHA1

On Wednesday, 2010-10-27 at 16:19 +0200, Per Jessen wrote:

Carlos E. R. wrote:

It is part of the standard. Certain letter combinations that are used
for other things have to be defanged (is that the word?). The begin
line-dash-dash means something else for pgg, so the signature can not
start that way or it breaks. This change is intentional and
documented, but I can't remember where.

Interesting, I didn't know. Does that mean that gpg-aware email agents
should be decoding this too?


I found the reference to this, by Patrick 3 years ago, who got it from the mutt mail list:


Why is the <dash><dash><space> signature indicator not display
properly in inline gpg signed posts, ie:

This is so that no software deletes the mail's signature including the
gpg signature even by accident. I don't know if it's the official
reason but at least it makes sense... :)

It's required by RFC2440 (the OpenPGP standard). See section 7.1

And here it is an official reference:



RFC 2440 OpenPGP Message Format November 1998

7.1. Dash-Escaped Text

The cleartext content of the message must also be dash-escaped.

Dash escaped cleartext is the ordinary cleartext where every line
starting with a dash '-' (0x2D) is prefixed by the sequence dash '-'
(0x2D) and space ' ' (0x20). This prevents the parser from
recognizing armor headers of the cleartext itself. The message digest
is computed using the cleartext itself, not the dash escaped form.

As with binary signatures on text documents, a cleartext signature is
calculated on the text using canonical <CR><LF> line endings. The
line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
SIGNATURE-----' line that terminates the signed text is not
considered part of the signed text.

Also, any trailing whitespace (spaces, and tabs, 0x09) at the end of
any line is ignored when the cleartext signature is calculated.


PGP requires that you exchange keys in person, face to face, with the
person you are going to communicate, so that you know that the keys
are really from that person.

I'm sure I've heard of a scheme in Germany whereby you were able to use
Deutsche Post as an intermediary - Postident I think it is. I don't
know if it still works.

That is interesting.

I have not seen such meetings here, in Spain. What we have is, that the same entity that prints paper money (the mint?) emits pkcs certificates. or signs them. We go to a web page, do something, we print the page, then go in person to a government office where an official sees the page, our identification, our face, and then prints another page with which we can obtain the electronic certificate, which thus identifies us for things that need official identification, like paying taxes.

- -- Cheers,
Carlos E. R.
(from 11.2 x86_64 "Emerald" at Telcontar)

Version: GnuPG v2.0.12 (GNU/Linux)

< Previous Next >