"BEGIN PGP MESSAGE" mandatory? - PGP

This is a discussion on "BEGIN PGP MESSAGE" mandatory? - PGP ; Hi, I wonder if in an encrypted multipart/mixed mail each attachment MUST be surrounded by "BEGIN PGP MESSAGE" and "END PGP MESSAGE". I got today the following mail, in which the attachment is encrypted, but no pgp tags arround (the ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: "BEGIN PGP MESSAGE" mandatory?

  1. "BEGIN PGP MESSAGE" mandatory?

    Hi,

    I wonder if in an encrypted multipart/mixed mail each attachment MUST
    be surrounded by "BEGIN PGP MESSAGE" and "END PGP MESSAGE".

    I got today the following mail, in which the attachment is encrypted,
    but no pgp tags arround (the body has pgp tags arround). The mail come
    from outlook with pgp 8.1.

    Mail I got:
    --bar
    ....cut
    Content-Transfer-Encoding: base64
    Content-Description: filename.asc
    Content-Disposition: attachment;
    filename="filename.asc"

    LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQpWZXJzaW9uOi BQR1AgOC4xDQoNCnFBTlFSMURC
    .....cut
    --bar

    This is what I would expect:
    --bar
    ....cut
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment;
    filename="filename"

    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v1.2.4 (MingW32)

    hQIOA8ylkLvq/5UGEAgA4S/PR6dx6UCKadh6kmbSG3kexbzVQqofMxLhBoiihfqq
    pZPYjF95AjLKDx+YYXMhHNwkbwIhyPT2o
    ....cut
    -----END PGP MESSAGE-----
    --bar

    Q: is "BEGIN PGP MESSAGE" mandatory? Any RFC?

    tx,
    Jean-Marc


  2. Re: "BEGIN PGP MESSAGE" mandatory?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "Jean-Marc Autexier" writes:

    >I wonder if in an encrypted multipart/mixed mail each attachment MUST
    >be surrounded by "BEGIN PGP MESSAGE" and "END PGP MESSAGE".


    Yes.

    >I got today the following mail, in which the attachment is encrypted,
    >but no pgp tags arround (the body has pgp tags arround). The mail come
    >from outlook with pgp 8.1.


    >Mail I got:
    >--bar
    >...cut
    >Content-Transfer-Encoding: base64
    >Content-Description: filename.asc
    >Content-Disposition: attachment;
    > filename="filename.asc"


    >LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQpWZXJzaW9uOi BQR1AgOC4xDQoNCnFBTlFSMURC


    Notice that the attachment is base64 encoded.

    If I decode that line you posted, it gives:

    -----BEGIN PGP MESSAGE-----
    Version: PGP 8.1

    qANQR1DB

    (indented so it will stand out).

    - --
    DO NOT REPLY BY EMAIL - The address above is a spamtrap.

    Neil W. Rickert, Computer Science, Northern Illinois Univ., DeKalb, IL 60115

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)

    iD8DBQFFfu0kvmGe70vHPUMRAuzwAKDP7pOkFSJlNl7DO43aPi LuUZCM9wCfasLF
    +d5RBY8T53cWoTdDyrVy8Tg=
    =LFA+
    -----END PGP SIGNATURE-----


  3. Re: "BEGIN PGP MESSAGE" mandatory?

    Jean-Marc Autexier wrote:
    > Hi,
    >
    > I wonder if in an encrypted multipart/mixed mail each attachment MUST
    > be surrounded by "BEGIN PGP MESSAGE" and "END PGP MESSAGE".
    >
    > I got today the following mail, in which the attachment is encrypted,
    > but no pgp tags arround (the body has pgp tags arround). The mail come
    > from outlook with pgp 8.1.
    >
    > Mail I got:
    > --bar
    > ...cut
    > Content-Transfer-Encoding: base64
    > Content-Description: filename.asc
    > Content-Disposition: attachment;
    > filename="filename.asc"
    >
    > LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tDQpWZXJzaW9uOi BQR1AgOC4xDQoNCnFBTlFSMURC
    > ....cut
    > --bar
    >
    > This is what I would expect:
    > --bar
    > ...cut
    > Content-Transfer-Encoding: 7bit
    > Content-Disposition: attachment;
    > filename="filename"
    >
    > -----BEGIN PGP MESSAGE-----
    > Version: GnuPG v1.2.4 (MingW32)
    >
    > hQIOA8ylkLvq/5UGEAgA4S/PR6dx6UCKadh6kmbSG3kexbzVQqofMxLhBoiihfqq
    > pZPYjF95AjLKDx+YYXMhHNwkbwIhyPT2o
    > ...cut
    > -----END PGP MESSAGE-----
    > --bar
    >
    > Q: is "BEGIN PGP MESSAGE" mandatory? Any RFC?
    >
    > tx,
    > Jean-Marc
    >


    See RFC 2440 at . Look in Section
    6.2, which also discusses multi-part messages.

    --

    David E. Ross


    I use SeaMonkey as my Web browser because I want
    a browser that complies with Web standards. See
    .

  4. Re: "BEGIN PGP MESSAGE" mandatory?


    boxgirlhunny@yahoo.com wrote:
    > Notice that the attachment is base64 encoded.
    >
    > If I decode that line you posted, it gives:
    >
    > -----BEGIN PGP MESSAGE-----
    > Version: PGP 8.1
    >
    > qANQR1DB


    Uh,thanks, didn't notice that.
    you saved my day :-)
    Jean-Marc


  5. Re: "BEGIN PGP MESSAGE" mandatory?

    On 11 Dec 2006 14:00:31 -0800, "Jean-Marc Autexier"
    wrote:

    >[snip]
    >I wonder if in an encrypted multipart/mixed mail each attachment MUST
    >be surrounded by "BEGIN PGP MESSAGE" and "END PGP MESSAGE".
    >[snip]
    >Q: is "BEGIN PGP MESSAGE" mandatory? Any RFC?
    >[snip]


    I don't know about any RFC on this, but PGP needs the header and footer
    to recognize that there is an encrypted block. If they aren't there, it
    won't find any encryption.

    I did a little experimenting with this using PGP 8.1 (registered).
    I don't know how it would apply to other versions.

    The encrypted file as created by PGP 8.1 is:
    -----BEGIN PGP MESSAGE-----
    Version: PGP 8.1
    Blank Line
    Encrypted block
    -----END PGP MESSAGE-----

    The minimum that PGP needs to recognize encryption is:
    -----BEGIN PGP MSG-----
    Encrypted block
    -----END PGP MSG-----
    No version needed, no blank line needed before the encrypted block,
    BEGIN PGP MSG and END PGP MSG must be capitalized, the 5 dashes before
    and after are needed.

    If someone wanted to apply elementary steganography to prevent a global
    search of all files on a drive for the header and footer, they can be
    deleted and re-entered before decryption.

    Here's a simple example:
    Let's say you have a text file called "Cousin Bessie's Fudge Recipe" in
    a folder with hundreds of other recipes.
    Enter the fudge recipe, enter enough blank lines to scroll off the
    screen, paste the encryption and delete the header and footer.
    Someone doing a cursory check will hopefully only see the recipe.
    To decrypt, you scroll down to the encrypted block and retype the header
    and footer. Run PGP current window and you can decrypt to a display
    window in PGP. If you close the original file without saving it, the
    header and footer will not be saved.

    Not the greatest additional security, but if you had that one little bit
    of info you didn't want even spotted as existing it might work. Primary
    security still remains in using PGP in the first place and keeping your
    Sec Ring protected.
    --
    Bill the Turnipman

  6. Re: "BEGIN PGP MESSAGE" mandatory?

    Turnipman wrote:
    > On 11 Dec 2006 14:00:31 -0800, "Jean-Marc Autexier"
    > wrote:
    >
    > >[snip]
    > >I wonder if in an encrypted multipart/mixed mail each attachment MUST
    > >be surrounded by "BEGIN PGP MESSAGE" and "END PGP MESSAGE".
    > >[snip]
    > >Q: is "BEGIN PGP MESSAGE" mandatory? Any RFC?
    > >[snip]

    >
    > I don't know about any RFC on this, but PGP needs the header and footer
    > to recognize that there is an encrypted block. If they aren't there, it
    > won't find any encryption.



    pgp does not need the footer, but does need the header

    here is a listing of what kinds of alterations are still
    'decryptable'/'verfiable' and which ones are not:

    http://www.angelfire.com/pr/pgpf/pgpoddities.html

    [ a pop-up blocker is recommended ;-) ]


    vedaal


+ Reply to Thread