B.7. What Are Digital Signatures?
Digital signatures can be compared to your written signature. Unlike
traditional correspondence, in which it might be possible to tamper with
your written signature, digital signatures can not be forged. That is
because the signature is created with your unique secret key and can be
verified by your recipient using your public key.
A digital signature timestamps a document; essentially, that means that
the time you signed the document is part of that signature. So if anyone
tries to modify the document, the verification of the signature
fails. Some email applications, such as Exmh
or KDE's KMail, include the ability to sign
documents with GnuPG within the application's interface.
Two useful types of digital signatures are
clearsigned documents and detached
signatures. Both types of signatures incorporate the same
security of authenticity, without requiring your recipient to decrypt your
entire message.
In a clearsigned message, your signature appears as a text block within
the context of your letter; a detached signature is sent as a separate
file with your correspondence.