Rotors of M-209 cipher machine.

Digitally Signed Messages

Verifying a Digital Signature

In the past, up to the mid-2010s, you might have been reading this because you received an e-mail from me with this signature:

This message was digitally signed.  If you are curious, or worried about
an "unknown attachment", see
All unencrypted communication by Internet, telephone, and fax is subject
to interception and archiving.  Corporate announcements of desire for
deletion by unintended recipients accomplish nothing.
PGP key fingerprint: 6E6E 1DF0 C381 9172 55B4  AC00 8344 6EEA 41E1 A929

Probably not, see why below. You probably followed a link from my cybersecurity pages to here. But to continue...

A digital signature is a security mechanism based on cryptography. It allows someone to verify two crucial aspects of information security:

Message integrity — The message received is identical to what was originally sent. Nothing, not a single character, has been changed, added, or deleted.

Sender authentication — The message was in fact sent by the person or other entity the message claims to be from.

More formally, that's Proof of Content and Proof of Origin.

If the digital signature can be verified, then you can have very high confidence in data integrity and sender identity. If it cannot, then either the data has been somehow modified or it is an attempt to spoof the identity of another sender. You cannot tell precisely how it was modified — what was changed, added, or deleted — and certainly not who modified it, just that someone did something to it.

How Do You Verify A Digital Signature?

The simple answer is that you just need to import the needed public key into your PGP keyring.

The OpenPGP standard has been around since November 1998. However, some mail tools such as Outlook Express do not understand it. If you're reading this because you were puzzled or worried by mysterious "unknown attachments" reported by your mail tool, there's the reason.

If you're curious about the cryptography, about the mechanics (or really the mathematics) of how a digital signature is created and verified, see my "Just Enough Cryptography" page for an overview.

Digital Signatures Do Not Provide Confidentiality!

You must understand that digital signatures do not provide confidentiality. That just isn't their point.

While they are based on cryptography, digital signatures do not encrypt the message. Anyone can read a digitally signed message. The signature itself is just a distraction or is ignored if you or your mail software do not use it. If a digitally signed message needs confidentiality, then encrypt the original message as the first step and then digitally sign the resulting ciphertext.

All communication on public telecommunication networks — Internet, telephone, facsimile, etc — is subject to interception and archiving. It is easy for governments to do this because Internet and telephone traffic must pass through a limited number of backbone interconnection points. The governments simply force the telecommunications companies to provide access, or even to do the data collection on behalf of the government.

Yes, this process was greatly expanded in the U.S. during the Cheney/Bush administration, but it had already been underway for many years. See, for example:

The Puzzle Palace,
James Bamford, 1982
Body of Secrets,
James Bamford, 2001
May 2006
May 2006
Feb 16 2007

ASIN: 0140067485

ASIN: 0385499086

The only defense, potentially very powerful if done very carefully, is to encrypt the message. The encrypted message, the ciphertext, can still be intercepted and archived. However, the intercepting agency would have to decrypt the message to make any sense of it beyond the fact that at some time person A sent a message to person B.

Again, see my "Just Enough Crypto" page to see what would be involved to protect your communication, and what would be required to attack the encryption.

The Form of a Digitally-Signed Message

Below is an actual message. Notice the in-line markup indicating the start of the signed message, the end of the message and start of the signature, and the end of the signature, all of those highlighted in yellow.

Then the protected message body itself has a green background.

Finally, the PGP digital signature itself has an orange background.

From: Bob Cromwell <>
Subject: Here is an example of an OpenPGP message
Message-ID: <>
Date: Mon, 19 Dec 2016 20:37:32 -0400
User-Agent: Mozilla/5.0 (X11; OpenBSD amd64; rv:38.0) Gecko/20100101
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Hash: SHA256
This is the message body.
All of the message body has been protected with cryptographic
tamper protection" in the form of a digital signature.
- --
This message was digitally signed, see
- ---___-_-_-_-___-_____-_---_---___-_---___-_---_-_-___-_---_-_-___-_-_-_
All unencrypted communication by Internet, telephone, and fax is subject
to interception and archiving.  Corporate announcements of desire for
deletion by unintended recipients accomplish nothing.
PGP key fingerprint: 6E6E 1DF0 C381 9172 55B4  AC00 8344 6EEA 41E1 A929
Version: GnuPG v2

As you can see from the message header and the PGP signature block, this message was digitally signed with GNU Privacy Guard (GnuPG) which I used as a plugin with the Thunderbird mail tool, running on the OpenBSD operating system.

However, since the message uses the OpenPGP standard format (which has been around since November, 1998), modern mail tools should be able to handle it regardless of application, graphical environment, or operating system.

The digital signature was made with the SHA-2-256 hash function followed by encryption with my 4096-bit RSA private key.

You can get the correponding public key from any of:

My site key server MIT PGP key server

Now for some skepticism...

Back to the top

As Matthew Green, Moxie Marlinspike, and others have pointed out, PGP is actually a pretty horrible choice for strangers who are trying to establish secure communications.

More recently, and (as it should be) more harshly, see the Latacora article on The PGP Problem.

Unless you work at the same place or otherwise share a trusted PKI (or Public Key Infrastructure), you are forced to do manual key management. What's worse, you're in an environment where you almost certainly have no means of determining key validity.

Then there are the cryptographic drawbacks. PGP doesn't provide forward secrecy. And, as Matthew Green says, the quest for backwards compatability turns a current OpenPGP implementation into a museum of 1990s crypto.

Finally, as Moxie Marlinspike points out, the quest for cross-compatability is largely pointless given the vanishingly small sliver of Internet users struggling to use PGP.

I Finally Gave Up on Routine PGP Use

I used to routinely sign email messages with PGP. I gave up on that.

It was little more than performance art. Worse yet, performance art with a miniscule audience. My excuse was that at least it got a few people thinking about what is possible if you work at an organization with PKI for trustworthy key management and configuration management for restricting operation to secure ciphers and operating modes.

But the reality was that only a very small number of my email correspondants, single digits at most at any one time, also used it. The overwhelming majority of the people I correspond with either never noticed it, or were puzzled by it once and ignored it ever since.

Finally go back and see how Matthew Green and Moxie Marlinspike point out PGP's failure.