What does "BEGIN PGP SIGNED MESSAGE" mean?

Home » General Computing » Encryption

Summary: PGP SIGNED MESSAGE means that a message has been cryptographically signed. That means who signed it can be verified, and tampering can be detected.

I get email from some folks that have a line at the beginning:

BEGIN PGP SIGNED MESSAGE

And then near the end of their message there's:

BEGIN PGP SIGNATURE

followed by some gobbledygook. Now I see that same stuff in some of your responses to comments on your site. What's it all about?

What you're seeing is called a "signature". It's digital data that accompanies a message, and is somewhat similar to a hand-written signature, except for two important facts:

It can be used to validate that the message came from who it claims to come from.
It can be used to prove that the message wasn't tampered with.

These days both of those can be pretty important.

Let's look at how, at a high level, this type of signing works.

•

I've actually discussed this technology before, in the context of sending encrypted email. That's because signing and encryption are tightly coupled, and the same tools and "keys" can be used for both.

We need to start with a concept: public key encryption. With this type of encryption, you generate a key pair. Call them "A" and "B". Something encrypted using key "A" can only be decrypted with key "B", and something encrypted with key "B" can only be decrypted with key "A".

Now, if I create a pair of those keys, I can make one public and keep the other one a closely guarded private/secret key. That means a few interesting things can happen:

Someone can take my public key and use it to encrypt something. Once encrypted only I can decrypt it using my matching private key. Even the person who encrypted it cannot decrypt it. It's a secure way to encrypt data such that it can be seen only by the intended recipient.
I can encrypt something with my private key, that then anyone can decrypt with my public key. Now, that seems kinda silly, if anyone can decrypt it. Except that if it can be decrypted using my public key, then only I could have encrypted it using my private key. It validates that the encryption could only have been performed by me.

That last point forms the basis for message signing.

•

I can hear you saying "But ... the message isn't encrypted! I can still read it!"

That's correct, but something is, and that's an important second half of the signing process.

And it's time for another concept: the hash. A hash is nothing more than a complex mathematical function. It takes all the characters in a message, number-crunches the heck out of them, and produces a number. The hash function most commonly used today is called "SHA1". In fact, underneath that "BEGIN PGP SIGNED MESSAGE" line, you'll probably see a line that says "Hash: SHA1". That means that as part of the signing process the SHA1 hash function was used on the message to calculate the hash value ... the number.

The SHA1 hash function has some very important characteristics:

If anything within the message changes by even the slightest amount, the number calculated by the hash function will change fairly dramatically.
The chances of any two messages generating exactly the same hash value is statistically insignificant. It's almost guaranteed that the hash will always be different for different messages, no matter what.
It's impossible to alter a message in order to have it generate a specific, desired hash value.
Given a hash value, you can tell nothing about the message that produced it.

•

So now we put it all together to "sign" a message.

First, we calculate the hash value of the message. In the messages you've seen, the message is the part between "BEGIN PGP SIGNED MESSAGE" and "BEGIN PGP SIGNATURE".

Next, we encrypt that hash value with someone's private key. For example when I sign something, I use my private key to do so.

"If the signature can be decrypted using the appropriate public key, it must have come from the person who holds the matching private key."

Finally, a text version of that encrypted hash value is placed at the end of the message, between the "BEGIN PGP SIGNATURE" and "END PGP SIGNATURE".

OK, now what?

Two things:

If the signature can be decrypted using the appropriate public key, it must have come from the person who holds the matching private key. If using my public key you can decrypt the signature of a message I sign, then it must have come from me.
If you calculate the hash value of the message, and it matches the hash value that you just decrypted, then you know that the message was not altered in any way after it was signed.

Both of those are pretty powerful statements to be able to make.

•

Now, we tend to think of signing with respect to email. Email messages travel over an untrusted network and we might want to be able to confirm they haven't been changed, and came from whom they claim to have come from.

So why have I started occasionally using it when I post a comment on this site?

Because anyone can claim to be me. There's no validation of the user name or email address when someone posts a comment. While I do try to remove imposters, some may slip through. By signing my comments using this technique, anyone can independently verify that I was the author of the message by validating the signature.

In fact, here's that previous paragraph, signed:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Because anyone can claim to be me. There's no validation of the user
name or email address when someone posts a comment. While I do try to
remove imposters, some may slip through. By signing my comments using
this technique, anyone can independently verify that I was the author of
the message by validating the signature.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
e5AJIRuLUIUikjNWQIW63QE=
=aAhr
-----END PGP SIGNATURE-----

Validate that against my public key, and you'll confirm that only I could have created that signature, and thus only I could have signed that message. It further validates that the message wasn't altered after being signed.

Another thing to note: we keep talking about "messages". In fact, any digital data can be signed. I could sign a download, and after you download it you could validate that download's signature using my public key. If it validates, you know that the download came from me, and was not altered.

In fact, the open source "GnuPG" tools used for all this are, themselves, signed and verifiable exactly that way.

But... as you might expect, there's a gotcha...

•

You pretty much have to be a geek to do it.

For email, there are plugins available for some email clients, but for random other uses you need to get familiar with the tools, techniques and terminology. If you take a look at How do I send encrypted email? you'll see some of the tools and how they're used to send encrypted email. Those same tools are used for signing as well.

Now, while I use the Enigmail plugin for Thunderbird that handles encryption and signing transparently for email, I still have to do things by hand, using those tools, for anything else. Like signing my comments.

I truly wish that public key encryption and signing were more accessible and more widely adopted. Unfortunately complexity, as well as competing approaches to email security specifically, are keeping that from happening.

But for now, if you have the need to perform this type of encryption and/or validation, the tools are definitely out there.

Related:

Ask Leo! - What's your public key?
Ask Leo! - How do I send encrypted email?
Ask Leo! - Email Encryption - Failure to Launch?

Article 11148 | Posted February 4, 2007

•