A recent exchange of encrypted mail with a friend who uses a
few different programs to process encrytped mail (Claws, K9,
and P=P) led to interesting discoveries of pgp/inline vs pgp/
mime.
For instance, the Pgpg app on my Blackberry (BB) only supports
pgp/inline. This has lead to the recipient unable to properly
verify my signature.
My friend writes:
"A couple of things that I earned from this investigation:
"a) pgp/inline is not very robust - there are some interesting points at this URL
https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/
"b) K9 does autocrypt signing - I don't remember if BB deals with it properly, but this provides the signing at the header level, and gpg is definitely
OK with that approach. OKC is likely the same.
"c) gpg cannot seem to deal FULLY with either the signed output of the BB,
or the signed output of Claws.
"I suspect that since neither Claws or BB do autocrypt signing, we won't get this resolved.
"That is a different beast from what is traditionally to be used for pgp/inline,
and apparently something in our path is screwing up the signature when it is not in the autocrypt header.
I'm not TOO overly concerned about the Pgpg app on my
Blackberry (BB) to be limited to pgp/inline since I would
primarily use it to preview/read an encrypted message. I can
use OpenKeyChain to preview/read multipart mime encrypted
messages.
--
../|ug
--- OpenXP 5.0.51
* Origin: (2:221/1.58)