级联GPG签约
我正在尝试解决安全邮件列表的问题,
其想法是:
A 签署(或加密)邮件并将其发送到组邮件。在服务器上,该邮件根据正确的密钥进行验证,再次签名(加密)并发送给收件人(每封邮件单独)。
收件人首先根据组邮件密钥进行验证(解密),而不是根据个人 A 密钥进行验证(解密)。
我制作了 python 脚本来执行此操作,并进行级联堆栈。问题是 enigmail 只能识别信封符号,而不能识别内部符号。也许是 engmail 的问题,但是 我认为,我应该在电子邮件中添加一些标头,以表明这是两次签名的。
现在看起来像:(标头 OpenPGP 是我自己创建的,哈希键被剪切)
(...)
OpenPGP: id=A028D47A; id=09813F09
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TEST
- - --
Tomasz Brzezina
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNZPioAAoJEGDoB6ygKNR6RKYH/A7gNGf+C5TERWDIVQUmykfs
Y+XAv2u3b9aK48T+WRWsS+mwt0fRhMy1TFjLua2Xta5FfBFzZdXFH9mobSAOQFw=
=/YoZ
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1k+KQACgkQNgqC2gmBPwnWjQCfSTbWixnGXMEa3mjiUhaOMttB
=iZWb
-----END PGP SIGNATURE-----
邮件的结果是:
********* *BEGINNING OF SIGNED/CIPHERED PART* *********
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --
Tomasz Brzezina
Sekretarz Generalny UPR
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNZPioAAoJEGDoB6ygKNR6RKYH/A7gNGf+C5TERWDIVQUmykfs
Y+XAv2u3b9aK48T+WRWsS+mwt0fRhMy1TFjLua2Xta5FfBFzZdXFH9mobSAOQFw=
=/YoZ
-----END PGP SIGNATURE-----
********** *END OF CIPHERED/SIGNED PART* **********
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1k+KQACgkQNgqC2gmBPwnWjQCfSTbWixnGXMEa3mjiUhaOMttB
xtAAn2PoG+HhPg2RO1YoqKObFevZErHv
=iZWb
-----END PGP SIGNATURE-----
I'm trying to solve problem with secure mailing lists
the idea is:
Person A signs (or cipher) mail and sends to groupmail. On server this mail is verified against correct key, signed (ciphered) again and send to recipients (each mail separately).
the recipients first verifies (deciphers) against groupmail key, than against Person A key.
I made python script to do this, and stack on cascading. The problem is that enigmail can only recognize the envelope sign, and no inner sign. Maybe its a problem of engimail, but
I think, that I should add some headers to email to suggest that this is twice signed.
Now this looks like: (header OpenPGP is created by myself, the hash keys are cutted)
(...)
OpenPGP: id=A028D47A; id=09813F09
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
TEST
- - --
Tomasz Brzezina
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNZPioAAoJEGDoB6ygKNR6RKYH/A7gNGf+C5TERWDIVQUmykfs
Y+XAv2u3b9aK48T+WRWsS+mwt0fRhMy1TFjLua2Xta5FfBFzZdXFH9mobSAOQFw=
=/YoZ
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1k+KQACgkQNgqC2gmBPwnWjQCfSTbWixnGXMEa3mjiUhaOMttB
=iZWb
-----END PGP SIGNATURE-----
The result of mail is:
********* *BEGINNING OF SIGNED/CIPHERED PART* *********
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --
Tomasz Brzezina
Sekretarz Generalny UPR
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNZPioAAoJEGDoB6ygKNR6RKYH/A7gNGf+C5TERWDIVQUmykfs
Y+XAv2u3b9aK48T+WRWsS+mwt0fRhMy1TFjLua2Xta5FfBFzZdXFH9mobSAOQFw=
=/YoZ
-----END PGP SIGNATURE-----
********** *END OF CIPHERED/SIGNED PART* **********
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1k+KQACgkQNgqC2gmBPwnWjQCfSTbWixnGXMEa3mjiUhaOMttB
xtAAn2PoG+HhPg2RO1YoqKObFevZErHv
=iZWb
-----END PGP SIGNATURE-----
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
正如上面 Helmut Grohne 所发表的,MIME 可能会帮助您解决问题。是的,engimail 确实支持 MIME。
As posted by Helmut Grohne above, MIME may help your problem. Yes, engimail does support MIME.