Tuesday, September 8, 2015

How to make digital signature of documents using GPG ?

Digital signatures are made to verify authenticity and integrity of a document. You can digitally sign a document using GPG to ensure that it has indeed come from the right sender and it is unmodified after it is signed by the sender. 







In GPG, you can generate your own public private key-pair. You need to sign a document using your private key and send it to the recipient. The recipient, after receiving the document, can verify the signature using your public key and decrypt it. If the signature does not match, that would mean the document has been modified after signing it.

Normally, when we want to sign a document using GPG, we have couple of options.


  • We can sign and encrypt the file and store the signed file in the same file
  • We can encrypt and sign the file and mention not to compress it while signing
  • We can sign and encrypt the file, but store it in a separate output file, to keep the input file intact
     
Please see the corresponding commands for each option below.


How to digitally sign a document using GPG ?


To sign a document using your private key, use the following command:

# gpg --armor –ouput file.txt.sign.asc --sign file.txt


This will sign the document file.txt and create the ASCII-armored output file file.txt.sign.asc.

How to verify a signed document in GPG ?


The recipient, after receiving the document, can verify the signature of the sender. To verify the signature, the recipient should run the following command:

# gpg --verify file.txt.sign.asc

If the signature is valid, it will output that it is a good signature.


How to extract the original document from the signed file in GPG ?


Normally, when we sign a file in GPG, we do sign and encryption together. To retrieve the original document from the signed document, the recipient should execute the following command:

# gpg --output file.txt --decrypt file.txt.sign.asc

This will extract the signed file in the output file file.txt.


How to clearsign a document using GPG ?


Sometimes, it is not desirable to compress the document while signing it. For that purpose we use the option –clearsign.

# gpg –armor –output sign.asc –clear-sign file.txt

Verifying the clearsigned document is same as verifying binary signed document.


How to make a detached signature using GPG ?

Sometimes it is not desirable to output the signed document in the same document of the original document. We use the option –detach-sig for that purpose.

# gpg –armor –output sign.asc file.txt

This will create a seperate file sign.asc which will contain the signature.
To verify the signature, the recepient should run the following command:

# gpg –verify sign.asc file.txt

It will output whether the signature is valid.

 

Hope this helps.



Read More

How to encrypt and decrypt files using GPG ?

How to sign and encrypt emails using GPG ?

How to edit a GPG keypair ?

How to distribute GPG keys with others ?

What is Bitmessage and how can it be used in sending encrypted messages ?

How are S/MIME and PGP different from each other in encrypting emails ?

What is Blockchain and how can Blockchain be used in Digital Signatures ?

No comments:

Post a Comment