B.7. What Are Digital Signatures?

Digital signatures can be compared to your written signature. Unlike traditional correspondence, in which it might be possible to tamper with your written signature, digital signatures can not be forged. That is because the signature is created with your unique secret key and can be verified by your recipient using your public key.

A digital signature timestamps a document; essentially, that means that the time you signed the document is part of that signature. So if anyone tries to modify the document, the verification of the signature fails. Some email applications, such as Exmh or KDE's KMail, include the ability to sign documents with GnuPG within the application's interface.

Two useful types of digital signatures are clearsigned documents and detached signatures. Both types of signatures incorporate the same security of authenticity, without requiring your recipient to decrypt your entire message.

In a clearsigned message, your signature appears as a text block within the context of your letter; a detached signature is sent as a separate file with your correspondence.