B.7. What Are
Digital Signatures?
Digital signatures can be compared to your written signature.
Unlike traditional correspondence, in which it might be possible to
tamper with your written signature, digital signatures can not be
forged. That is because the signature is created with your unique
secret key and can be verified by your recipient using your public
key.
A digital signature timestamps a document; essentially, that
means that the time you signed the document is part of that
signature. So if anyone tries to modify the document, the
verification of the signature fails. Some email applications, such
as Exmh or KDE's KMail, include the ability to sign documents with
GnuPG within the application's interface.
Two useful types of digital signatures are clearsigned documents and detached signatures. Both types of signatures
incorporate the same security of authenticity, without requiring
your recipient to decrypt your entire message.
In a clearsigned message, your signature appears as a text block
within the context of your letter; a detached signature is sent as
a separate file with your correspondence.
