5

I have started signing my mail with PGP, and it attaches the file signature.asc to my messages to verify that I sent them with content, as you'd expect, like this:

-----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJUHRK/AAoJEMJWYKCGVRRfo+8QAJ+of0o30gPA3+OAWK/03JZN STWaF+DQIsxFX6vuLgl10b8D1SyH78vMfMBy785+P/Do/hAzk2g+cBNz0q4oUi7/ cCAI7w3s6EJ5CUCPr3iaP3C9DpMnpj5i0wEZ+ZsGGQ0xiiTTKGPyvQp0KteDvX1l v7+ljufmFAm2KGir80AjwLyU9HypYr9K9hz6KBwkgm9dk0ocLhB6cSR+lDjDMUBH Sfdpgim8Yt1NqBBA/HidKcEuGPWsdN2A9Kr0/8pu0qhwHIvQPRVG+51jM5gUN1yr /+NBALvNWPL0dh61Z0gHe0APu0C+bKx941RRzCi1e4kb/NCVkijX1rcgUzguY4H3 h3tFK30UK1/mtMW5SLV/AwE0XVi/qmXc6i0Tvvd6fpRmfT8rlnJyyiEC7GNHWS7F yTCNUaqRrcPwGTnEPSUm2n/y3Yst0lo0k4NVvv3/M+eauFqu6WmMrefMBWQU03DQ EITaOTakmwDFBlxa9VyP5/s7OftgMKcSIgxXROclIWNiid2eu843JhGshH3HrCe2 SakzKKyR/17ISdIsuDOpzRhfa0ghXWfXg+ksqSqx5FYaOOJlBOWXSVJu4sbDORGr aeY6c+5tzyUxkNHkrIOzOXfJDh/86TughlYmi71WqonDndm0N5n1o0WZL569xkwg kwi1/SZI1k27sk/e3yku =Xyfk -----END PGP SIGNATURE-----

Is it possible to include a "comment" with the signature file? If someone uses PGP/GPG they will just see a message that the email was signed. But most people I send mail to do not use PGP, so they will see this attachment and perhaps will be confused - is it possible to include a "comment" in this file (ideally auto-generated) which explains that what the signature means to the uninitiated?

Improve this question

3 Answers 3

Reset to default
6

OpenPGP, RFC 4880 "Forming ASCII Armor", defines a way to add comments to ASCII-armored OpenPGP data.

Using GnuPG (no matter whether using GPGTools or not), this comment can be configured using the comment option, either as gpg --comment or in the GnuPG config file ~/.gnupg/gpg.conf, for example

comment Comment you want to add in each file.

The Apple Mail plugin does not overwrite the option, thus the comment will also be added to mails sent using Apple Mail.

Improve this answer
1
  • ok gpg.conf is a trick I haven't thought of. +1. Commented Sep 20, 2014 at 10:42
3

Yes it is possible. See this as an example. RFC 2440 allows arbitrary comment lines starting with "Comment:":

Currently defined Armor Header Keys are:

  • "Version", that states the OpenPGP Version used to encode the message.

  • "Comment", a user-defined comment.

  • [...]

The spec is silent about whether multiple comments may be specified but with my tests with gpg --verify it accepted multiple comments.

Changing or adding comments (for example with a text editor) doesn't make the signature invalid, as they are not part of the signed message.

Theroretically it is possible to use them, but for GPGTools I can't think of a way to add them on an automated basis. Note that I came to this conclusion through review of the source code, and a screenshot on this site.

You can however add a "signature" to your email telling about the asc file and its contents.

Improve this answer
3
  • Thanks! Can you elaborate more on how to do this practically? Commented Sep 20, 2014 at 7:25
  • Which tool do you use? Commented Sep 20, 2014 at 7:27
  • GPGTools for mac Commented Sep 20, 2014 at 7:28
1

I put a comment at the end of the message text (part of a sig, really), where people are much more likely to see it: About PGP signatures (http://xkcd.com/1181)

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.