Lenny Domnitser’s
domnit.org

⇙ Jump to content

explicit

This is a static archive of the domnit.org blog,
which Lenny Domnitser wrote between 2006 and 2009.

Clearmime – PGP/MIME to Clearsign Converter

If you want to skip the explanation, here’s the download link: clearmime.

Written for the Binghamton ACM key signing “party”, which is in 20 minutes!

PGP (a.k.a. OpenPGP) is a technology that, among other applications, is used to prove the authenticity of data with a digital signature. This can be used with email 2 ways: by attaching the signature to the email, or by including clearsigned text.

So what’s the benefit of clearsign? GPG, GNU’s PGP program, works with plain old files and text streams, not email. If you regularly use PGP for email, you should use a mail program that supports it, if you are using GPG directly, you can’t use PGP/MIME (you can use clearsign or 2 separate files).

I use web mail, I like it, and I don’t need PGP most of the time. I could install a browser addon, but for the small amount I use PGP, I’d rather just use the GPG tool directly. (Update 2008-03-16: Actually, FireGPG only works on clearsign, so the browser addon can’t verify PGP/MIME anyway. I would need to use a desktop email program.)

For this case, I wrote a utility called clearmime, which takes a PGP/MIME email as input, and replaces the PGP/MIME signed parts with clearsigned text. It can be invoked as a filter before gpg --verify:

$ clearmime | gpg --verify # expects you to paste a raw email message
$ clearmime < myemail.txt | gpg --verify # reads the raw email from a file

Your mail program has to offer the raw email for this to work. For example, Gmail calls function this “Show original”.

Here’s a demo video of clearmime being used with Gmail:

Clearmime is written in Python and uses the standard library.

Download: clearmime.