About PGP Signing a File.

Tony Arnold tony.arnold at manchester.ac.uk
Sun Feb 11 09:28:35 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,

John Dangler wrote:
> On Sun, 2007-02-11 at 09:15 +0000, Tony Arnold wrote:
>> Matthew Flaschen wrote:
>>> Joel Bryan Juliano wrote:
>>>> Hi,
>>>>
>>>>  I have a question regarding signing a file or binary, I installed
>>>> Seahorse which is really awesome tool! And it has a nautilus-extension
>>>> that easily Encrypt and Sign a file or directory by right-clicking the
>>>> file. Can someone please tell me the use of signing a binary file or
>>>> directory? I know it's important, but I really don't get it.
>>> There's no use, unless you're planning on sending the file to someone.
>>> If you do send it to someone, they can check the signature to verify you
>>> sent it.  Emails and most forms of electronic communication can be
>>> easily forged, but signatures can't be.
>> Verifying the signature also confirms that the file has not been
>> modified since you signed it but some malicious person. So it acts a bit
>> like an MD5 checksum with the added benefit that you can check who
>> signed it.
>>
>> Regards,
>> Tony.
> So, how can I get a valid signature that I can put in my evolution
> emails?

You need to use gpg to generate a key pair, a secret key and the
corresponding public key. gpg keeps these in a 'keyring' for you.

You can then use evolution to sign outgoing messages. It's a while since
I used Evo, but I think you can set it to do this automatically.

You also need to make your public key available as recipients will need
this to verify your signature.

An additional feature of PGP is that keys can be signed themselves.
Typically you get someone who can confirm you are who you say you are to
sign your key. Broadly speaking the more signatures a key has, the
greater the chance of it being trustworthy.

Regards,
Tony.
- --
Tony Arnold, IT Security Coordinator, University of Manchester,
IT Services Division, Kilburn Building, Oxford Road, Manchester M13 9PL.
T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
E: tony.arnold at manchester.ac.uk, H: http://www.man.ac.uk/Tony.Arnold
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFzuHDIsyKE/d21hkRAqwTAJ9mVO+NeX4wd3OAkXVrFH8g26pNyQCgyL65
oo+AdGwDCy5nfTmHjuTIIqE=
=eAB4
-----END PGP SIGNATURE-----

More information about the ubuntu-users mailing list