I noticed that RT 3.2 now makes use of Mail::GPnuG.
Actually, there are two modules to handle email messages with GPG:
- Mail::GPG
- Mail::GnuPG
The first one claims:
“I know the Mail::GnuPG module. I worked a long time with it and
submitted a few patches adding features and fixing bugs. The problems
with MIME signed messages mentioned above led me to my own
implementation. In the meantime I know, that regarding the implemented
RFC’s Mail::GnuPG works as correct as Mail::GPG does. Only that
Mail::GnuPG’s documentation is not aware of these MIME signature
problems resp. encoded vs decoded data storage.”
Anyone aware of this problem? What is the current status, is this fixed?
Thanks for your support!
The reference above to the problems with MIME signed messages is:
"MIME-tools PATCH
Some words about MIME-tools: MIME::Entity internally stores all data in
decoded form, that is without any content transfer encoding like
quoted-printable or base64 applied. In particular if you parse with
MIME::Parser, e.g. a MIME signed mail, the entity will always be stored
that way.
But RFC 3156 requires the encoded version of the MIME entity, because
the signature is calculated based on the encoded form. Some content
transfer encodings are ambigious and you can’t reverse the process and
get back the correct encoded version without breaking the signature.
The shipped MIME-tools patch adds the ability of having encoded data in
a MIME::Entity object and a method to advise MIME::Parser to use this
ability and store the parsed data in encoded form.
Additionally MIME-tools does not reproduce preambles which consist only
of empty lines. This also invalids signatures. E.g. mutt and sylpheed
are known to add such empty preambles. The patch fixes this problem.
Mail::GPG generally works without this patch, but it’s strongly
suggested that you apply it. Otherwise you have no guarantee that MIME
signed messages are verified correctly by Mail::GPG.
Unfortunately the maintainer of MIME-tools currently seeks for a new
maintainer and stopped development, so there is no chance to get the
patch into an official CPAN version of MIME-tools. That’s why you have
to apply the patch manually."
http://cpan.uwinnipeg.ca/htdocs/Mail-GPG/Mail/GPG.html
Best regards,
Ruediger Riediger
Dr. Ruediger Riediger Sun Microsystems GmbH
NSG - SunCERT Komturstr. 18a
mailto:Ruediger.Riediger@Sun.com D-12099 Berlin
NOTICE: This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
PGP 2048RSA/0x2C5020E9 964C E189 0FF0 8882 2BAB 65E2 6912 1FF2