Hello. By way of background, I’m familiar with cryptography in general but very new go GnuPG and even some parts of PGP.
I have an employee that has sent a digitally signed message. The message arrived in PGP/MIME format. Based on the RFCs I should be able to verify the signature from the command line but the signature check is failing.
The steps I followed were, first, I got a copy of the raw email data with all the mime headers. I copied everything from in between the boundaries of the first part of the PGP/MIME section into a text file, maintaining and following guidelines related to removing trailing whitespace. But gpg always says the signature is bad. I did a conference call with my employee and it’s possible that Outlook is doing some reformatting I can’t see after computing the signature.
Questions:
-
Is it known if oulook applies some kind of standardized formatting that is not reflected in the raw text? Is there some transformation that must be done to get back to the form Outlook used to sign it.
-
Is there any way to debug exactly what message is being sent to GPGOL for signing?
-
Are there any other steps to tricks for verification of PGP/MIME signatures that I might be missing?