[Gllug] GnuPG signatures
Paul Cupis
paul at cupis.co.uk
Mon May 3 14:51:07 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 03 May 2004 10:53, Chris Bell <chrisbell at overview.demon.co.uk>
wrote:
> Hello,
> Very few people writing to this list find it necessary to use a
> GnuPG digital signature, and of those who do there appear to be two
> different methods used.
>
> Some send their email as plain text headed by a start mesaage
> followed by a start of digital signature message, and everything
> displays in my simple reader as an email followed by a few lines of
> digital signature.
>
> Others send both the text email and the signature as
> multipart/signed which appear on my system as an empty email with two
> attachments in a separate directory which I have to open separately
> if/when I wish to see the contents.
>
> Is there a good reason for the difference, such as better
> security, or are they just two alternatives? Are the separate
> attachments really necessary?
They are two alternatives. The first is to use inline/cleartext signing,
which as you say simply wraps the original message with the signature.
The second creates a detached signature, which allows you to send the
original message un-modified, with a seperate signature, attached to
the email. Some clients deal with the latter case better than others.
More information: http://www.gnupg.org/gph/en/manual.html#AEN136
Paul Cupis
- --
paul at cupis.co.uk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iEYEARECAAYFAkCWXGMACgkQIzuKV+SHX/k9ZwCeJrdlVk6qK0jBkSgqjDJrZvX6
pMIAni9Lkue9wEyzENyX8tXVHlUGeU5M
=KjO6
-----END PGP SIGNATURE-----
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list