• pgp/inline is not very robust

    From August Abolins@2:221/1.58 to All on Fri Jan 7 20:28:00 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    A recent exchange of encrypted mail with a friend who uses a
    few different programs to process encrytped mail (Claws, K9,
    and P=P) led to interesting discoveries of pgp/inline vs pgp/
    mime.

    For instance, the Pgpg app on my Blackberry (BB) only supports
    pgp/inline. This has lead to the recipient unable to properly
    verify my signature.

    My friend writes:

    "A couple of things that I earned from this investigation:

    "a) pgp/inline is not very robust - there are some interesting points at this URL

    https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/

    "b) K9 does autocrypt signing - I don't remember if BB deals with it properly, but this provides the signing at the header level, and gpg is definitely
    OK with that approach. OKC is likely the same.

    "c) gpg cannot seem to deal FULLY with either the signed output of the BB,
    or the signed output of Claws.

    "I suspect that since neither Claws or BB do autocrypt signing, we won't get this resolved.

    "That is a different beast from what is traditionally to be used for pgp/inline,
    and apparently something in our path is screwing up the signature when it is not in the autocrypt header.

    I'm not TOO overly concerned about the Pgpg app on my
    Blackberry (BB) to be limited to pgp/inline since I would
    primarily use it to preview/read an encrypted message. I can
    use OpenKeyChain to preview/read multipart mime encrypted
    messages.
    - --
    ../|ug
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEE0OsqKVIE8xZ+slA87w6JZVeJWJsFAmHY6NQACgkQ7w6JZVeJ WJsItAf8D2TAqe0SfJ0Hb93oIP6wwtiZ7trcOEKk7afC5qLj+Sueslx6UL7j2qC7 C4dIvPFF1Xjt48N6fFuwgvOTJEtolgbs8IRHB42jLp405vF+Re4auoIaefzIQk9p zy/CcnJAfebAzy5Qj8+/cgxZs7ljLk3KBAUN8c8gE14hMvu+mc/dT8yqfAobazHV pOClfyOMGL6elCTwRUWNn9sGUtcf0WN459JotHw4WdumWjeGbizmBnGMpqospbbV T3zxhDebP1xF/HTQh0e8dNiyU+46SOFni+KVBExf1c99+i6JeEZ+eG9B2dkXLWlS pBZUqqK6qz8fDMifu6ILk1MBzJHTSQ==
    =9YIT
    -----END PGP SIGNATURE-----

    --- OpenXP 5.0.51
    * Origin: Key ID = 0x5789589B (2:221/1.58)