The OpenPGP Format
OpenPGP messages may be signed, encrypted, or both. This section shows the message structure used for each type of message.
OpenPGP uses the multipart/signed MIME type for signing messages. It uses the application/pgp-signature protocol for digital signatures and either the MD5 checksum or the SHA.l cryptographic algorithm for message integrity checks. The micalg parameter may be set to either “pgp-md5” or “pgp-shal”.
The following example shows a short text message with a PGP signature. It uses the MD5 algorithm, so the micalg parameter is “pgp-md5” in this case.
The first part is the text message and its associated MIME headers. It is common, though not required, to encode text with the quoted printable scheme so that MTAs won’t change it en route. You may recall from Chapter 2, Simple Text Messages, that this can happen if lines contain trailing whitespace and in a few other instances. Quoted-printable encoding will prevent any changes en route. This is a good idea since if the content is changed, it will no longer match the checksum computed in the signature upon arrival! This could cause a message to be declared munged by an MUA.
The example does not show the content in quoted-printable form, but I recommend that it be done. If you are attempting to parse such a message, you should be prepared to decode quoted-printable content.
The second MIME part is the PGP signature itself. As with all PGP content prepared for email transport, the signature content begins ...
Get Programming Internet Email now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
