Author gagern
Recipients barry, collinwinter, gagern, georg.brandl
Date 2007-08-28.01:55:07
SpamBayes Score 0.260286
Marked as misclassified No
Message-id <1188266108.44.0.614013799164.issue1670765@psf.upfronthosting.co.za>
In-reply-to
Content
Take the attached test5.eml. Run it through the following python script:

import email
print (email.message_from_file(open("test5.eml")).as_string(False))

The result will have both instances of the X-Long-Line header rewrapped.
As the second instance is included in the digest calculation, the
signature verification will now fail.

This is a real world signature algorithm, following RFC 3156 (if I
didn't make a mistake). If you have an OpenPGP-enabled mailreader (e.g.
enigmail for Thunderbird) and have some way of injecting a mail as is
into your mail folders (e.g. a maildir-based server), then you can use
this setup to verify that the signature was correct in the first place
and is broken after parsing and reconstruction by python.

If you don't have such a setup available, and you don't believe me that
rewrapping the header breaks the signature, then I could either devise
some unrealistic but easy-to-check signing process, or could try to get
this working with an S/MIME signature using an X.509 certificate. I
would rather avoid this, though.
Files
File name Uploaded
test5.eml gagern, 2007-08-28.01:55:07
History
Date User Action Args
2007-08-28 01:55:08gagernsetspambayes_score: 0.260286 -> 0.260286
recipients: + gagern, barry, georg.brandl, collinwinter
2007-08-28 01:55:08gagernsetspambayes_score: 0.260286 -> 0.260286
messageid: <1188266108.44.0.614013799164.issue1670765@psf.upfronthosting.co.za>
2007-08-28 01:55:08gagernlinkissue1670765 messages
2007-08-28 01:55:07gagerncreate