使用 PGP/MIME 签署多部分邮件
我正在尝试在 php 中使用 PGP 签署邮件。我可以使边界和标头正常工作,但邮件签名无效(如 Thunderbirds Enigmail 所述)。
我的问题是,签名的内容是什么,签名时要注意什么?
生成的邮件的来源如下所示(文本和签名被占位符替换以使其易于阅读):
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_1b5364229a82b654fad7cf2aa969f02e"
MIME-Version: 1.0
This is a message in Mime Format. If you see this, your mail reader does not support this format.
--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: multipart/alternative;
boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
Content-Transfer-Encoding: 7bit
--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/plain; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
&
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/html; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&HTML CONTENT ENCODED IN QUOTED PRINTABLE
--=_53ba9ef8c471e6c8d72f215feaad8033--
--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
PGP SIGNATURE HERE
-----END PGP SIGNATURE-----
--=_1b5364229a82b654fad7cf2aa969f02e--
目前 用于生成签名。换行符只是新行(PHP_EOL)。
我尝试遵循 RFC2015 但这似乎不适用于多部分/替代内容。
请帮我一下,这样我就能完成这件事。
I'm trying to sign a mail using PGP in php. I could bring the boundaries and headers to work correctly but the mail signature isn't valid (as Thunderbirds Enigmail states).
My question here is what part is to sign and what is to take attention to while doing it.
At the moment the source of the generated mail looks like this (Text and signature replaced by placeholders to keep it easy to read):
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=_1b5364229a82b654fad7cf2aa969f02e"
MIME-Version: 1.0
This is a message in Mime Format. If you see this, your mail reader does not support this format.
--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: multipart/alternative;
boundary="=_53ba9ef8c471e6c8d72f215feaad8033"
Content-Transfer-Encoding: 7bit
--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/plain; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&PLAIN TEXT CONTENT ENCODED IN QUOTED PRINTABLE
&
&--=_53ba9ef8c471e6c8d72f215feaad8033
&Content-Type: text/html; charset=UTF-8
&Content-Transfer-Encoding: quoted-printable
&
&HTML CONTENT ENCODED IN QUOTED PRINTABLE
--=_53ba9ef8c471e6c8d72f215feaad8033--
--=_1b5364229a82b654fad7cf2aa969f02e
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
PGP SIGNATURE HERE
-----END PGP SIGNATURE-----
--=_1b5364229a82b654fad7cf2aa969f02e--
Currently the lines starting with a & are used to generate the signature. Line breaks are just new lines (PHP_EOL).
I tried following RFC2015 but this seems not to apply for multipart/alternative conent.
Please help me out here so I can get this finished.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我自己发现...
首先,我需要将所有换行符转换为 CRLF,就像 RFC 状态一样。然后我需要将整个多部分/替代方案(包括其标头)视为要签名的消息。所以应该是:
以 & 开头的行是要签署的。
I found out myself...
First of all I needed to convert all line breaks to CRLF like the RFCs state. Then I needed to think of the whole multipart/alternative inclusive its headers as the message to sign. So it should have been:
Where the lines starting with & are the ones to be signed.