Discussion:
clearsign and sign
(too old to reply)
cactusbin
2009-04-12 16:43:51 UTC
Permalink
Probably a pretty noob question but... What's the difference between a
message being clearsigned and a message being signed?
Neil W Rickert
2009-04-12 20:05:32 UTC
Permalink
Post by cactusbin
Probably a pretty noob question but... What's the difference between a
message being clearsigned and a message being signed?
A clear signed message can be read without any special software.
A signed message can sometimes be ascii armored (base64 encoded),
which makes it not directly readable.

By the way, I could not find your signing key on the keyservers,
so was unable to check your signature.
Neil - Salem, MA USA
2009-04-12 22:31:15 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by cactusbin
Probably a pretty noob question but... What's the difference between a
message being clearsigned and a message being signed?
A clear signed message can be read without any special software.
A signed message can sometimes be ascii armored (base64 encoded),
which makes it not directly readable.
By the way, I could not find your signing key on the keyservers,
so was unable to check your signature.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkniSAcACgkQvmGe70vHPUMHhwCaAgcHbFqh/NQqnoQIlM3NQMlD
kYYAoJobdOcKk8R/tkhQPraOioiIcPiN
=7FsB
-----END PGP SIGNATURE-----
Just to add a bit to Neil Rickert's response...

You can see that Neil's post is clear-signed. Also, Microsoft always sends
out Security Bulletin emails that are clear-signed. People that don't have
PGP can read the email. Those of use who do have PGP can not only read it
but also verify it.

For example, I got a Security Bulletin email from Microsoft with this info:

From: ***@newsletters.microsoft.com
Date: Tuesday, March 10, 2009 3:41 PM
Subject: Microsoft Security Bulletin Major Revisions

The email began with:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

then came the body of the email, in clear text (not included here)...

...and the email ended with:

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.0 (Build 397)
Charset: utf-8

wsFVAwUBSXkYEmA17vDdGxdTAQi5/w//Xz2vakFSufs1mfPMOcYed48gfnSFKZTo
rPHJn8GZt/jVs+0HFwCxCL9Z+FYoMWdth/X7AWn4DyAALE7PJo4HUO+Rbat9SvGM
TpcigtJpPSjY9hqnc/SSKZ55mOa3HvIMDs7nyMxXW0qFgDK+bmxiXDspwD+QpV50
zm13td3dAFBe85SqS4yxl1+hV924B9U4rWTyP0xen3zUNimeFu1gOcH3udtbsXYc
VEJJOf1VfdW+n8RdvSCQhzVdfen6jgBkGTpPWcppeGE/9Wtcjm9tM8p4syC6q7Gz
RWsRMMmQJ6kbAsW9EjDY3DR4v50tUiOGJGZQbYBgVNTRbri2I4RNk+Ognhspo8w8
28GpI4BvpNrYQAtBJquOfpCNMofS12UkGFDTH1MXTnRvAygOp+MhgxmW1s8W2zLX
bQgI7Kh2jn3SbgP45i6ixI+aL06Lg5JOswKKsAXGMJTJkJwW3E928q1T5O1mBLLf
xMFSag9ngv3lxsDyNH/Wo3EXakGHZrKthQhBszIMldIT19UbPZbAalYkBOPN4bi+
t2BNQbN9oHisrAAeS7qltr/gszqmycIHEUni7k7oROGeQ5UaaCIkTQbV2w/Se4Cf
pDqzyX4bd1Zs4RxFxsVYA6ez0oFEF9ZZEIofndOGLPkribJxTA1huw7Kh857pD0k
4hwX9yApyww=
=sxrD
-----END PGP SIGNATURE-----

and, because I had the right key, I was able to verify that integrity and
authorship of the email. PGP reported:

*** PGP SIGNATURE VERIFICATION ***
*** Status: Good Signature
*** Signer: Microsoft Security Response Center <***@microsoft.com>
(0xDD1B1753)
*** Signed: 3/10/2009 12:40:16 PM
*** Verified: 4/12/2009 6:15:56 PM
*** BEGIN PGP VERIFIED MESSAGE ***

Neil - Salem, MA USA
Charlie Kroeger
2009-04-13 17:38:42 UTC
Permalink
Microsoft and security you don't see that every day.
--
CK
Loading...