-----BEGIN PGP SIGNED MESSAGE----- To: andrew@riskdev.ml.com (Andrew Brown) cc: jrochkin@cs.oberlin.edu (Jonathan Rochkind), cypherpunks@toad.com Subject: Re: extra dashes in PGP-related blocks?
From: Jonathan Rochkind
When people have been posting their public keys, or encrypted address blocks, to various lists I'm on, all of the "-----BEGIN whatever..." lines seem to have a "- " preppended to them. So, for instance, they look like:
- -----BEGIN PGP MESSAGE----- Version: 2.6.2 [stuff] - -----END PGP MESSAGE-----
pgp is putting those extra "- " pieces in (guess you didn't read all your pgp docs :-), it does that so that it can tell the difference between pgp begin/end blocks and other stuff, kinda like sendmail "quoting" lines beginning with a dot with an extra dot. the difference here is that sendmail removes any leading dots before delivery and pgp doesn't after removing a signature. yeah, you do have to load it into an editor but mailing something to a remailer shoud not "hork" it. the pgp running on the remailer will just "- " the stuff and include it literally.
Uhh, this is not at all true. When PGP verifies a message, it will strip out the quoting dashes in the output. This is documented in RFC 822 (I think) about quoting messages. Just run the message through PGP and it will strip out the first level of quoting in the output message, and you should be able to then run PGP on the rest of the message as well. This is not a bug, it is a feature to let PGP know *WHAT* was being signed, so that nested PGP clearsigned-messages don't interfere with each other. If it didn't quote, then if I wanted to clearsign a PGP message, the output would look something like: - -----BEGIN PGP SIGNED MESSAGE----- stuff here - -----BEGIN PGP SIGNED MESSAGE----- more stuff here - -----BEGIN PGP SIGNATURE----- inside signature - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNATURE----- outside signature - -----END PGP SIGNATURE----- If you have this, how do you deal with it? This is the same as the paranteses-matching-problem: If you are trying to match opens with closes, you have the problem that you could always have so many opens that you overrun your counter before you get to any closes! So, PGP uses the RFC-822 quoting mechanism to quote internal messages. This is perfectly legal. As for MIME: If you are using PGP to secure MIME objects, you should take the _OUTPUT_ from PGP and send that back into the MIME reader. MIME should NOT be going inside the PGP block. So, the behavior you are seeing is perfectly reasonable for a broken mail-reader! Fix your mail reader to run the PGP-secured message through PGP, and then run the output through MIME, and you will be fine! Enjoy! - -derek Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) Home page: http://www.mit.edu:8001/people/warlord/home_page.html warlord@MIT.EDU PP-ASEL N1NWH PGP key available -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQBuAwUBLuzEuDh0K1zBsGrxAQFcUgLDB1WGn7TQTf4+8FgYyszcNHgcMQTcVd3w aTXunh0K7vPjos4JkVl4p5MQkNICjDxNC2KkgQkxeIs7Yy8VgaACSwIfhDrxs3+K gMalhp2FHO3S/ZvnIo7RSmk= =btQx -----END PGP SIGNATURE-----