interesting creatures // ? for the open-pgp bestiary

<vedaal@hush.com> Mon, 31 July 2006 21:17 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G7f8t-0006VC-1y for openpgp-archive@lists.ietf.org; Mon, 31 Jul 2006 17:17:39 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G7f8r-0005jS-KT for openpgp-archive@lists.ietf.org; Mon, 31 Jul 2006 17:17:39 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6VKrf38088827; Mon, 31 Jul 2006 13:53:41 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k6VKrfLH088826; Mon, 31 Jul 2006 13:53:41 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k6VKrcDw088815 for <ietf-openpgp@imc.org>; Mon, 31 Jul 2006 13:53:40 -0700 (MST) (envelope-from vedaal@hush.com)
Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 77331A32D5 for <ietf-openpgp@imc.org>; Mon, 31 Jul 2006 13:53:37 -0700 (PDT)
Received: from mailserver8.hushmail.com (mailserver8.hushmail.com [65.39.178.61]) by smtp3.hushmail.com (Postfix) with ESMTP for <ietf-openpgp@imc.org>; Mon, 31 Jul 2006 13:53:36 -0700 (PDT)
Received: by mailserver8.hushmail.com (Postfix, from userid 65534) id 1F72BDA820; Mon, 31 Jul 2006 13:53:36 -0700 (PDT)
Date: Mon, 31 Jul 2006 16:53:35 -0400
To: <ietf-openpgp@imc.org>
Cc:
Subject: interesting creatures // ? for the open-pgp bestiary
From: <vedaal@hush.com>
Content-type: text/plain; charset="UTF-8"
Message-Id: <20060731205336.1F72BDA820@mailserver8.hushmail.com>
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 37af5f8fbf6f013c5b771388e24b09e7

in rfc 2440 bis-18, section 6.2 
ASCII Armor is described, as well as the different types of header 
lines

in commandline versions of pgp and gnupg,
it is possible to just Armor a file,
not armor sign, or armor encrypt, 
just armor

this is a useful way for including any file type as part of an 
inline message, and then signing and encrypting the entire message,
thereby avoiding any attachments, and questions as to the safety 
and authorship of the attachment,
but also not leaving one's signature on the file itself

this type of pgp 'output' is not described anywhere in rfc 2440

here are some examples 
(using .txt for convenience, but any file type could be used):

[1] from pgp classic,
using the command: pgp -a filename

-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia-multi06
comment: armored, unsigned, no time

owFbI5HElpimV1JRwgAEiUW5+UWpKQppmTmpAA==
=qOEV
-----END PGP MESSAGE-----

the same can be done from commandline 6.5.8
(have not tried the newest pgp commandline)


[2] from gnupg,
using the command: gpg --enarmor filename

-----BEGIN PGP ARMORED FILE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Use "gpg --dearmor" for unpacking

YXJtb3JlZCBmaWxl
=qvGS
-----END PGP ARMORED FILE-----


[3] from gnupg,
using the command: gpg -a --store filename

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: armored with timestamp included

owFbI53EqV+kn5imV1JR4nIuTC6xKDe/KDVFIS0zJxUA
=4HLX
-----END PGP MESSAGE-----


now,
each of these 3 examples fit the general description of 
" - The ASCII Armored data "
listed in 6.2 
under the paragraph: "Forming ASCII Armor"

the header "BEGIN PGP MESSAGE"
is described as  "Used for signed, encrypted, or compressed files."

the above examples would technically fit under 'compressed files'
(even if compression is 0 )

one unusual feature in all three examples,
is that the line of armored message block is less than 64 
characters.

is there a minimum length to a line of pgp armor?

(and if so,
should this type of armored file be padded to that minimum length?)

[really a 'nit', as it would occur only in extremely short files 
such as a .txt of a few words, and would then just be quoted as 
part of the inline message, and not armored anyway,
but am asking because am curious if there is a minimum line length 
for pgp armor or not]


and should this type of message be listed anywhere in the rfc
as an open-pgp object?

(n.b.
some implementations, especially front-ends, have a little 
difficulty dealing with this type of message,
as they expect either a signed or encrypted armored message,

so it might be helpful to alert implementors about this type,
and allow for simple de-armoring and saving the original file)


vedaal









Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485