PGP signed attachments being 'broken'

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I’m using RT to manage support for an academic department of 60 staff.
Many staff use PGP/MIME to sign their email[1], which is great.

Unfortunately, mail which passes through RT and is PGP/MIME signed is
‘broken’:

    • The signature is identified as a normal attachment, as far as I can
      see, and is added to the ‘Attachments’ section of the ticket display:
      this is unhelpful, since if a ticket consists of many email messages and
      replies, there will be many signatures appearing here;
    • The outgoing mail, which was originally signed in the MUA, includes
      the signature as an attachment (signature.asc), but the Content
      headers (or MIME information) is modified (as compared to the original
      message) meaning that the email arriving at its destination is no longer
      a valid PGP/MIME message.

Anyone have any hints or ideas about how to handle this?

[I can supply example messages and headers if required, but I won’t clutter the list with them unless they’re really needed: my suspicion is that this is a not uncommon problem, although I haven’t found any helpful discussion in the archives about it.]

Cheers,

Dave.

[1] Typically using Mozilla Thunderbird or Mutt


Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
Cancer Research UK / Oxford University
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7518, W 1.2016
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFq4M9bpQs/WlN43ARAtOTAJ9WcrTctlWmERMPeF3SKsAXaCQsfgCeN9q6
ux679K92WmCnDAaNPpRUiEw=
=t7hM
-----END PGP SIGNATURE-----

I’m using RT to manage support for an academic department of 60 staff.
Many staff use PGP/MIME to sign their email[1], which is great.

Unfortunately, mail which passes through RT and is PGP/MIME signed is
‘broken’:

  • The signature is identified as a normal attachment, as far as I can
    see, and is added to the ‘Attachments’ section of the ticket display:
    this is unhelpful, since if a ticket consists of many email messages
    and replies, there will be many signatures appearing here;

  • The outgoing mail, which was originally signed in the MUA, includes
    the signature as an attachment (signature.asc), but the Content
    headers (or MIME information) is modified (as compared to the original
    message) meaning that the email arriving at its destination is no
    longer a valid PGP/MIME message.

Anyone have any hints or ideas about how to handle this?

[I can supply example messages and headers if required, but I won’t clutter the list with them unless they’re really needed: my suspicion is that this is a not uncommon problem, although I haven’t found any helpful discussion in the archives about it.]

Just following up on my own post: is this a problem that no-one else has
come across?

Dave.
Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
Cancer Research UK / Oxford University
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7518, W 1.2016

signature.asc (191 Bytes)

  • The outgoing mail, which was originally signed in the MUA, includes
    the signature as an attachment (signature.asc), but the Content
    headers (or MIME information) is modified (as compared to the original
    message) meaning that the email arriving at its destination is no
    longer a valid PGP/MIME message.

Anyone have any hints or ideas about how to handle this?

For RT 3.8, we’re currently working on full GPG integration, which
should handle all of this natively.

Jesse

  • The outgoing mail, which was originally signed in the MUA,
    includes the signature as an attachment (signature.asc), but the
    Content headers (or MIME information) is modified (as compared to
    the original message) meaning that the email arriving at its
    destination is no longer a valid PGP/MIME message.

Anyone have any hints or ideas about how to handle this?

For RT 3.8, we’re currently working on full GPG integration, which
should handle all of this natively.

Ah, excellent: I’d be happy to help test this, of course.

Dave.
Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
Cancer Research UK / Oxford University
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7518, W 1.2016

signature.asc (191 Bytes)