Chapter 5. Message Signatures

Q: What is message signing?
Q: How do I sign a message and keep it readable?
Q: Can't you just forge a signature by copying the signature block to another message?
Q: Are PGP signatures legally binding?
Q: Is the date on a PGP signature reliable?

Q: What is message signing?

A: Let's imagine that you received a letter in the mail from someone you know named John Smith. How do you know that it was really John who sent you the letter and not someone else who simply forged his name? With PGP, it is possible to apply a digital signature to a message that is impossible to forge. If you already have a trusted copy of John's public encryption key, you can use it to check the signature on the message. It would be impossible for anybody but John to have created the signature, since he is the only person with access to the secret key necessary to create the signature. In addition, if anybody has tampered with an otherwise valid message, the digital signature will detect the fact. It protects the entire message against undetectable change.

Q: How do I sign a message and keep it readable?

A: Sometimes you are not interested in keeping the contents of a message secret, you only want to make sure that nobody tampers with it, and to allow others to verify that the message is really from you. For this, you can use clear signing. Clear signing only works on text files, it will not work on binary files. The command format is:

pgp -sat +clearsig=on <filename>

The output file will contain your original unmodified text, along with section headers and an armored PGP signature. In this case, PGP is not required to read the file, only to verify the signature.

You should be careful when you "clearsign" a text file like this. Some mail programs might alter your message when it is being sent, for example because there are very long lines in the message. This will invalidate the signature on the message. Also, using 8-bit characters in your message can cause problems; some versions of PGP will think the file is actually a binary file, and refuse to clearsign it.

For this reason, PGP 2.6.3i will automatically ASCII armor messages with very long lines in it.

When using PGP/MIME, the signature is sent as an attachment to the message. This keeps the signed text readable like usual, even to MIME-compatible email programs that do not support PGP.

Q: Can't you just forge a signature by copying the signature block to another message?

A: No. The reason for this is that the signature contains information (called a message digest or a one-way hash) about the whole message it's signing. When the signature check is made, the message digest from the message is calculated and compared with the one stored in the encrypted signature block. If they don't match, PGP reports that the signature is bad.

Q: Are PGP signatures legally binding?

A: Simone van der Hof maintains the Digital Signature Law Survey adressing these issues. In short: digital signatures (such as provided by PGP) are only legally binding on their own under very specific situations in a few countries, if at all. In many countries this is rapidly changing though.

Even if the digital signature is not binding in itself, in many jurisdictions one can arrange to accept valid digital signatures as binding via a prior agreement in writing. If you are going to be swapping many digitally-signed agreements with another party, this approach may be useful. You might want to check with a lawyer in your country if the digital signatures will be used for important or valuable contracts.

Q: Is the date on a PGP signature reliable?

A: No. The date and time you see when you verify a PGP signature on a file (often called a timestamp) is the time and date the computer was set to when the signature was created. On most computers, it is extremely easy to reset the date and time to any time you want, so you can generate documents with a forged timestamp.

For this reason, you can use a so-called "digital notary" or time-stamping service. This is a system that does nothing but sign documents you send to it, after inserting a date and time somewhere in the text. The service uses a numbering scheme which makes it impossible to insert timestamps at a later time. One such service is run by Matthew Richardson. For more information about it, please see the PGP Digital Timestamping Service website.