| Jeff Abrahamson on Thu, 4 Sep 2003 10:41:07 -0400 |
|
Yup, that works, thanks. Indeed, just "|gpg -o /dev/null" confirms it, since the sig appears alone if it's a real sig. -J On Thu, Sep 04, 2003 at 09:43:34AM -0400, Erin Mulder wrote: > [79 lines, 421 words, 2777 characters] Top characters: enioar\n_ > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > What if you also run |gpg -o temp.txt, then cat temp.txt and compare. > > (temp.txt should only get the message not the signature, so if the > signature's in there too, then it's a spoof.) > > Cheers, > Erin > > Jeff Abrahamson wrote: > | I received an encrypted and signed email which I decrypt and verify by > | piping through gpg (no options). The output looked like below (the > | part indented by two spaces). > | > | In mutt, I type "|gpg<return>" > | > | Now, I don't suspect Erin was trying to spoof me, and she had enclosed > | a semi-random string that I had encrypted to her. So this one case > | doesn't bother me. > | > | But, in general, how can I distinguish between the end of the > | encrypted message and the beginning of the "gpg: Signature ..." stuff? > | Couldn't someone just include such a (forged) signature block at the > | end of their message, then encrypt the whole thing without signing, > | and so convince me that the message was signed by someone else? > | > | You need a passphrase to unlock the secret key for > | user: "Jeff Abrahamson <jeff@purple.com>" > | 2048-bit ELG-E key, ID 29595FCD, created 2002-05-02 (main key ID > 0D1DAE4B) > | > | gpg: encrypted with 2048-bit ELG-E key, ID ADD31B0A, created 2003-08-28 > | "Erin Mulder <meara@alumni.princeton.edu>" > | gpg: encrypted with 2048-bit ELG-E key, ID 29595FCD, created 2002-05-02 > | "Jeff Abrahamson <jeff@purple.com>" > | Hi Jeff, > | > | It was great meeting you all. Thanks for signing my key. > | > | Cheers, > | Erin > | > | Jeff Abrahamson wrote: > | > Hi, Erin. > | > > | > Could you please respond to this message, signed and encrypted, so > | > that I know you are who you say you are? > | > > | > Here's a semi-random string to include in your response: > | > > | > 153758709bcbdfc23f745c0b4656939632cfb6df > | > > | > Thanks. > | > > | gpg: Signature made Thu 04 Sep 2003 12:15:32 AM EDT using DSA key ID > A54DA2DF > | gpg: Good signature from "Erin Mulder <meara@alumni.princeton.edu>" > | gpg: WARNING: This key is not certified with a trusted signature! > | gpg: There is no indication that the signature belongs to > the owner. > | Primary key fingerprint: 8609 5F8C E335 F93F 40CC 14B8 10FA 4C88 > A54D A2DF > | > | > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQE/V0GGEPpMiKVNot8RAjz6AKCYcnD/raL6J+ovny2dkPuwRaI5vQCcDPKC > kEBNJ3OGZ8EqIV6sxIxAubs= > =9YVl > -----END PGP SIGNATURE----- > > _________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce > General Discussion -- http://lists.netisland.net/mailman/listinfo/plug -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B Attachment:
pgp4r7UtrIQzS.pgp
|
|