kaie/extract-and-verify.txt

## extract-and-verify.txt
If you have received an encrypted and signed email from Thunderbird 78,
it contains two nested MIME layers. The outer layer contains encrypted
data. If you decrypt it using a tool such as GnuPG, the result is a
PGP/MIME signed message. If you want to verify the signature using
GnuPG, you must split the MIME message into separate parts, the first
message part, and the second signature part.

Ideally a tool should be used that fully understands MIME, and which can
flexibly react to the format of the message. However, at the time of
writing this text, no such tool was known.

As a workaround, below is a hack that relies on the specific MIME
formatting produced by Thunderbird 78, which looks like this:


Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W
Content-Type: multipart/mixed; ...

--TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W
Content-Type: application/pgp-signature; ...

--TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W--


For this structure, the following series of commands can be used to
process an input file named pgp-mime-signed, and extract the message and
signature parts to separate files. Then gpg can be used to verify
the message.


BOUNDARY=`cat pgp-mime-signed|grep boundary | head -1 | sed 's/^[^\"]*\"\([^\"]*\)".*$/\1/'`
START=`grep -n -e "--$BOUNDARY" pgp-mime-signed | awk -F':' '{print $1}' | head -1`
MIDDLE=`grep -n -e "--$BOUNDARY" pgp-mime-signed | awk -F':' '{print $1}' | head -2 | tail -1`
LAST=`grep -n -e "--$BOUNDARY" pgp-mime-signed | awk -F':' '{print $1}' | tail -1`
STARTAFTER=`expr $START + 1`
MIDDLEAFTER=`expr $MIDDLE + 1`
MIDDLEBEFORE=`expr $MIDDLE - 2`
LASTBEFORE=`expr $LAST - 2`
sed -n "${STARTAFTER},${MIDDLEBEFORE}p;${MIDDLE}q" pgp-mime-signed > message
sed -n "${MIDDLEAFTER},${LASTBEFORE}p;${LAST}q" pgp-mime-signed > signature
gpg --verify signature message
	If you have received an encrypted and signed email from Thunderbird 78,
	it contains two nested MIME layers. The outer layer contains encrypted
	data. If you decrypt it using a tool such as GnuPG, the result is a
	PGP/MIME signed message. If you want to verify the signature using
	GnuPG, you must split the MIME message into separate parts, the first
	message part, and the second signature part.

	Ideally a tool should be used that fully understands MIME, and which can
	flexibly react to the format of the message. However, at the time of
	writing this text, no such tool was known.

	As a workaround, below is a hack that relies on the specific MIME
	formatting produced by Thunderbird 78, which looks like this:


	Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W"

	This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
	--TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W
	Content-Type: multipart/mixed; ...

	--TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W
	Content-Type: application/pgp-signature; ...

	--TAzMUIQgbKodzb5YcUhmWPnKWT3fxj07W--


	For this structure, the following series of commands can be used to
	process an input file named pgp-mime-signed, and extract the message and
	signature parts to separate files. Then gpg can be used to verify
	the message.



	BOUNDARY=`cat pgp-mime-signed\|grep boundary \| head -1 \| sed 's/^[^\"]\"\([^\"]\)".*$/\1/'`
	START=`grep -n -e "--$BOUNDARY" pgp-mime-signed \| awk -F':' '{print $1}' \| head -1`
	MIDDLE=`grep -n -e "--$BOUNDARY" pgp-mime-signed \| awk -F':' '{print $1}' \| head -2 \| tail -1`
	LAST=`grep -n -e "--$BOUNDARY" pgp-mime-signed \| awk -F':' '{print $1}' \| tail -1`
	STARTAFTER=`expr $START + 1`
	MIDDLEAFTER=`expr $MIDDLE + 1`
	MIDDLEBEFORE=`expr $MIDDLE - 2`
	LASTBEFORE=`expr $LAST - 2`
	sed -n "${STARTAFTER},${MIDDLEBEFORE}p;${MIDDLE}q" pgp-mime-signed > message
	sed -n "${MIDDLEAFTER},${LASTBEFORE}p;${LAST}q" pgp-mime-signed > signature
	gpg --verify signature message