Helping people with computers... one answer at a time.

PGP SIGNED MESSAGE means that a message has been cryptographically signed. That means who signed it can be verified, and tampering can be detected.

I get email from some folks that have a line at the beginning:

BEGIN PGP SIGNED MESSAGE

And then near the end of their message there's:

BEGIN PGP SIGNATURE

followed by some gobbledygook. Now I see that same stuff in some of your responses to comments on your site. What's it all about?

What you're seeing is called a "signature". It's digital data that accompanies a message, and is somewhat similar to a hand-written signature, except for two important facts:

  • It can be used to validate that the message came from who it claims to come from.

  • It can be used to prove that the message wasn't tampered with.

These days both of those can be pretty important.

Let's look at how, at a high level, this type of signing works.

I've actually discussed this technology before, in the context of sending encrypted email. That's because signing and encryption are tightly coupled, and the same tools and "keys" can be used for both.

We need to start with a concept: public key encryption. With this type of encryption, you generate a key pair. Call them "A" and "B". Something encrypted using key "A" can only be decrypted with key "B", and something encrypted with key "B" can only be decrypted with key "A".

Now, if I create a pair of those keys, I can make one public and keep the other one a closely guarded private/secret key. That means a few interesting things can happen:

  • Someone can take my public key and use it to encrypt something. Once encrypted only I can decrypt it using my matching private key. Even the person who encrypted it cannot decrypt it. It's a secure way to encrypt data such that it can be seen only by the intended recipient.

  • I can encrypt something with my private key, that then anyone can decrypt with my public key. Now, that seems kinda silly, if anyone can decrypt it. Except that if it can be decrypted using my public key, then only I could have encrypted it using my private key. It validates that the encryption could only have been performed by me.

That last point forms the basis for message signing.

I can hear you saying "But ... the message isn't encrypted! I can still read it!"

That's correct, but something is, and that's an important second half of the signing process.

And it's time for another concept: the hash. A hash is nothing more than a complex mathematical function. It takes all the characters in a message, number-crunches the heck out of them, and produces a number. The hash function most commonly used today is called "SHA1". In fact, underneath that "BEGIN PGP SIGNED MESSAGE" line, you'll probably see a line that says "Hash: SHA1". That means that as part of the signing process the SHA1 hash function was used on the message to calculate the hash value ... the number.

The SHA1 hash function has some very important characteristics:

  • If anything within the message changes by even the slightest amount, the number calculated by the hash function will change fairly dramatically.

  • The chances of any two messages generating exactly the same hash value is statistically insignificant. It's almost guaranteed that the hash will always be different for different messages, no matter what.

  • It's impossible to alter a message in order to have it generate a specific, desired hash value.

  • Given a hash value, you can tell nothing about the message that produced it.

So now we put it all together to "sign" a message.

First, we calculate the hash value of the message. In the messages you've seen, the message is the part between "BEGIN PGP SIGNED MESSAGE" and "BEGIN PGP SIGNATURE".

Next, we encrypt that hash value with someone's private key. For example when I sign something, I use my private key to do so.

"If the signature can be decrypted using the appropriate public key, it must have come from the person who holds the matching private key."

Finally, a text version of that encrypted hash value is placed at the end of the message, between the "BEGIN PGP SIGNATURE" and "END PGP SIGNATURE".

OK, now what?

Two things:

  1. If the signature can be decrypted using the appropriate public key, it must have come from the person who holds the matching private key. If using my public key you can decrypt the signature of a message I sign, then it must have come from me.

  2. If you calculate the hash value of the message, and it matches the hash value that you just decrypted, then you know that the message was not altered in any way after it was signed.

Both of those are pretty powerful statements to be able to make.

Now, we tend to think of signing with respect to email. Email messages travel over an untrusted network and we might want to be able to confirm they haven't been changed, and came from whom they claim to have come from.

So why have I started occasionally using it when I post a comment on this site?

Because anyone can claim to be me. There's no validation of the user name or email address when someone posts a comment. While I do try to remove imposters, some may slip through. By signing my comments using this technique, anyone can independently verify that I was the author of the message by validating the signature.

In fact, here's that previous paragraph, signed:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Because anyone can claim to be me. There's no validation of the user
name or email address when someone posts a comment. While I do try to
remove imposters, some may slip through. By signing my comments using
this technique, anyone can independently verify that I was the author of
the message by validating the signature.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFFxqRFCMEe9B/8oqERAqA2AJ91Tx4RziVzY4eR4Ms4MFsKAMqOoQCgg7y6
e5AJIRuLUIUikjNWQIW63QE=
=aAhr
-----END PGP SIGNATURE-----

Validate that against my public key, and you'll confirm that only I could have created that signature, and thus only I could have signed that message. It further validates that the message wasn't altered after being signed.

Another thing to note: we keep talking about "messages". In fact, any digital data can be signed. I could sign a download, and after you download it you could validate that download's signature using my public key. If it validates, you know that the download came from me, and was not altered.

In fact, the open source "GnuPG" tools used for all this are, themselves, signed and verifiable exactly that way.

But... as you might expect, there's a gotcha...

You pretty much have to be a geek to do it.

For email, there are plugins available for some email clients, but for random other uses you need to get familiar with the tools, techniques and terminology. If you take a look at How do I send encrypted email? you'll see some of the tools and how they're used to send encrypted email. Those same tools are used for signing as well.

Now, while I use the Enigmail plugin for Thunderbird that handles encryption and signing transparently for email, I still have to do things by hand, using those tools, for anything else. Like signing my comments.

I truly wish that public key encryption and signing were more accessible and more widely adopted. Unfortunately complexity, as well as competing approaches to email security specifically, are keeping that from happening.

But for now, if you have the need to perform this type of encryption and/or validation, the tools are definitely out there.

Article C2922 - February 4, 2007 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

9 Comments
Saurabh
June 24, 2008 1:51 PM

wonderful article and very good website..

Pablo B
October 21, 2008 9:19 PM

How do I decrypt the signature I receive on an email to verify against the public key?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFI/qdKhnaHw2pg3ZIRAvKfAJ9TMfSFicph4Bxk/EA4sTaFvntnqACfa3VI
JovISTyAXc5cpcSqI8tKURc=
=cS+Z
-----END PGP SIGNATURE-----

Michael Kruger
February 2, 2012 8:27 PM

@pablo,

There might be other ways, but the easiest way would be to install PGP software on your own computer. There is an OpenPGP plugin named "Enigmail" which can easily be added to the Mozilla Thunderbird mail client. Overall it works pretty well, but apparently does not handle the encryption of HTML message so well. So, it disables the sending of HTML emails.

Pushpendra
December 12, 2012 5:46 AM

Very Good Article.... It made my concepts clear.... Thanks.

DarseyG
March 4, 2013 12:11 PM

Oh yea JD, I definitely read that XKCD comic and landed here after a googling.

But now I'm interested and I have two points of skepticism:
1. If key A and key B MUST be a pair to only themselves and no others, then there must be a public key out there for EVERY private key. So how do I know I have the right public key? Joe imposter claims to be Superman, he signs his messages and distributes a public key. What's stopping someone from using JI's public key to verify that the message remains authentic?
2. Leo's comment that not even the sender can unencrypt their own message after it's been encrypted. To my understanding, computers can't even generate truly random numbers, everything follows a system. Key A must hold the key to unencrypting itself. I assume this is why thepiratebay remains so busy with microsoft "customers". Can anyone counter this logically?

D Foltz
March 4, 2013 10:17 PM

DarseyG, my understanding of point one is that if the public key is just distributed freely on the internet, essentially anonymously (because there's no way to verify the name of the provider), Joe and Mr. Kent can both create a public key and tag it "superman"; however, the actual keys will be different.
One key will always be used by Joe, one by Clark.

So the encryption scheme doesn't help you in figuring out which identity belongs who; that's where the old-fashioned human detective work comes in. (If Mr. Kent gives you a sticky-note with a public key on it, that pretty much solves the case: that public key is the "real deal")

Mark J
March 5, 2013 7:08 AM

@Darcey
1. Distribution of keys is the Achilles heel of key pair encryption. For example I can send you my public key. Someone intercepts that key and substitutes theirs and any thing you send encrypted to that key can be opened by that person. Any signed document from them appears as if it's coming from me. The scenario seems to negate any reliability of public key encryption or signing. To get around this, there are websites such as Equifax and VeriSign where you can download digital certificates. This is done automatically by your browser using SSL when accessing a website with a digital certificate.
If you exchange keys with another individual, you can mail them an SSD card or USB stick with the key by snail mail. Or you could print out the key on paper and send that. They can then scan it and recreate the digital key with OCR.
2. I don't understand the question.

DarseyG
March 8, 2013 9:14 AM

Thanks to D Foltz and Mark J for some very good answers there. Mark my second point is fairly moot and its importance arguable. I'm just putting it up for the purpose of conversation.

What I'm suggesting is that I think someone with the right software and skills should be capable of decrypting either key, without the other. I'm assuming this would be similar as a keygen software people use for pirating software. Depending on the actual difficulty and commonplace of cracking keys like this, it makes me wonder whether the extra process costs are really saving us from major problems or just stopping those who don't want to waste their time with a minor deterrent. These are a lot of assumptions from me though, I'm not an expert. It also appears that keygen software is not stopping Microsoft from using the same verification methods they have for years now. So maybe it's still worth it.

Mark J
March 9, 2013 2:58 AM

@Darsey
A strong key would be next to impossible to crack. The level of encryption is close to military grade. Someone with the right software skills and hundreds of thousands of dollars worth of computer time could eventually crack these by brute force. So for all practical purposes, you're probably not that interesting enough to exert the effort.
If you're interested in how key pair encryption works, here's a detailed handbook on the subject. It's written in very easy to understand language. Intro To Crypto.pdf

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.