What is the benefit of signing an encrypted email

Robert J. Hansen rjh at sixdemonbag.org
Tue Jan 11 15:03:49 CET 2011


On 1/11/2011 6:09 AM, David Smith wrote:
> Signing a mail allows the recipient(s) to check that it really was you
> that sent it, and not someone else masquerading as you.

Not quite.  Signatures let you verify the content has not been altered
since someone else saw it.  If the signature doesn't check, you don't
get that verification, but that *doesn't* mean the message was tampered
with, or that someone is doing an impersonation.  There are tons of
innocent things that can mangle a signature, from a misconfigured MTA
mangling PGP/MIME attachments, to the original author remembering
something at the last moment and adding content after it had been
signed, to... etc.

Signatures can verify a message as good, but they cannot flag a message
as bad.



More information about the Gnupg-users mailing list