Running Linux, 5th Edition - Matthias Kalle Dalheimer [104]
So to verify the signature, the recipient calculates the same checksum of the data, and then compares the value with the value stored in the signature. If they match, two things have been proved: first, that the data has not been changed since it was signed, and second, that the message was signed using your secret key. If the data was changed, the checksum would not come out the same. Likewise, if the original checksum was encrypted with some other key than yours, the decryption result when using your public key would be gibberish, and the checksums would also fail to compare.
OpenPGP allows two different types of signatures: clearsigned and detached. In clearsigning, the original message is modified to include the data and the signature of the data in one file. Detached signatures, on the other hand, do not modify the original file, but write the signature to a second file, usually with .gpg or .asc appended. You should use only detached signatures, becuase they work for all types of files, while clearsigning works only with (plain) text files.
To sign a file, you need only your secret key. Use the following command to create a detached signature of a file named music.ogg:
gpg --sign music.ogg
The signature file will be named music.ogg.gpg. As usual, you can redirect the data to another file by using the --output (-o) option. The shortcut for --sign is -s.
It will not come as a surprise to you to learn that verifying a signature works by just running GnuPG on the signature file: gpg music.ogg.gpg.
Signing and encrypting can be combined into a single operation. Indeed, this is the usual mode of operation:
gpg -es -r recip_1 -r recip_2 ... file
Note that in this case of combined operation, the signature is encrypted together with the signed data, so that there is no third file containing the signature. It is all nicely packaged into the .gpg file.
Note that as of this writing, signing does not yet work with --multifile. You have to revert to using a shell for loop:
for i in *.ogg; do gpg --sign $i ; done
The Web of Trust
We have noted earlier that for public-key cryptography to work, one needs to be certain that the public key obtained from the keyserver is actually authentic and has not been changed or created by an impersonator.
To this end, OpenPGP uses the concept of a Web of Trust, in which keys known to belong to the person described by a user ID can in turn certify that another key is authentic. This is done using signatures on the key material, that is, the public key and the associated user ID.
As an example, consider the scenario where Alice wants to send an encrypted message to Bob, the ex of her friend Carol. She does not know Bob personally, and so she cannot be certain that the public key she finds when searching for Bob on the keyservers indeed belongs to Bob.
However, she knows Carol personally, and they have in the past cross-certified their keys. This means that Carol's key now contains a signature by Alice stating more or less, "I, Alice, confirm that this key does belong to the owner listed in the user ID—that is, Carol."
Carol, in turn, knows Bob, of course.[*] From their time together, they still have their keys cross-signed, although it has been a long while since they were used to send secret love letters.
If Alice trusts Carol to not be careless about certifying other people's keys, she can use Carol's key to create a trust path from herself to Bob: her own signature on Carol's key makes that key valid. She trusts the owner of the key to certify other keys, and has indicated this to GnuPG by specifying a corresponding ownertrust value for Carol's key. Because Bob's key carries Carol's signature of certification, Bob's