This was written after one too many tiring discussion when someone wanted to support inline PGP in e-mail. The title was inspired by South Park. This is a live document, and your feedback will improve it. Contributions will be acknowledged.
This document assume some familiarity with e-mail message formats, MIME and PGP.
This document is based on my experience with actually implementing and supporting inline PGP in the real world, in the Gnus message user agent.
Inline PGP is sending the OpenPGP blobs directly inside a e-mail message. Example:
From: Simon Josefsson <[email protected]> To: Simon Josefsson <[email protected]> Subject: Don't do this, Mm'kay? Date: Thu, 09 Dec 2004 02:49:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is signed text. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.93-cvs (GNU/Linux) iQC1AwUBQbevJO2iHpS1ZXFvAQLa/AT+Koj9YgqqYr1y5G/BlaEhQIqZlcXKqRXb +rE3AIz5TCI3mYpSpZ9mwEwrdWByT6duEqjxErVoHvBYZhLgX7BahqkiFMeLwXPD MR0fE/G9Gg8oANj3UHe64G3JqoQbfa/a8k5luYe2b7px2yLtaaTXJZpZqK+x/qIa 9fW0rsc1q1XXPDR1Z+CHQ/JqYzoIQZvzhq3/27Vpy8VxE03RAhQc6w== =uI1y -----END PGP SIGNATURE-----
The problems include:
Some people don't regard the above as problems. Some people just don't care. Reluctantly, I have to admit that sending inline PGP can work reliable if you follow the following rules:
Use PGP/MIME, aka RFC 3156. For example:
From: Simon Josefsson <[email protected]> To: Simon Josefsson <[email protected]> Subject: Do this, Mm'kay? Date: Thu, 09 Dec 2004 02:58:58 +0100 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" --=-=-= This is signed text. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.93-cvs (GNU/Linux) iQC1AwUAQbexYu2iHpS1ZXFvAQK/IAT/Ue2hYtwW9oPTlKf3cI25LdzyxjU2x2/j W8KxE56fENCGUvztBG8f/DQUW+ovLFDarao4Oc52TiMuxvFC5LrHQlsfVpuYavQh fIlekzDTG84FHXGV9ETy2DOURDQKPFi1aoiWb8gktluheJ2SeF5CRcGaWazLWFdV eLWdTlRZ2UP3tAY0VVTMPa51Pc0IYBABmdKEgPVmKLQVBmTzcIX39g== =kmls -----END PGP SIGNATURE----- --=-=-=--