PGP 6
Digital Signatures
Using PGP to sign data files.
Quite often there is no real need to encrypt a document – for instance, a file which only needs a signature to
authorise it can have a digital signature attached to it. Signing the file guarantees that it was last modified by the
signer and not an impostor. Any subsequent changes to the document will invalidate the signature, thereby
demonstrating that it has been tampered with. There are several ways to sign a file. One is described below:
Using Windows Explorer
 Select the file(s) you want to sign
 Right click and point to PGP

Click on Sign and type your passphrase into the resulting dialogue box. This will create a detached
signature file.
Digital Signatures
Page 1 of 4
15/02/16
PGP 6
After signing, look in the folder where the original file was located. You will find there are now two files with
similar names
Checking that the signature is valid
To check the validity of the signature simply double-click on the .sig file. The following box should appear
showing who signed the file:
If, however, the file has been changed in any way after it was signed, the result will be
This type of signature meets the criteria in the Directive of the European Parliament and of the Council on a
Common Framework for Electronic Signatures, ie
(a) it is uniquely linked to the signatory,
(b) it is capable of identifying the signatory,
(c) it is created using means that the signatory can maintain under his sole control, and
(d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is
detectable.
Including the signature in the document
You can sign a document that you already have open.



Point to the padlock icon at the bottom right-hand corner of your screen
Choose Current Window and then Sign.
Supply your passphrase as required
NB - note the difference between this and the earlier passphrase box – there is no detached signature checkbox.
Digital Signatures
Page 2 of 4
15/02/16
PGP 6
The result will be something like this:
-----BEGIN PGP SIGNED MESSAGE----Hash: SHA1
This is simply the text of the message. It has not been encrypted, simply signed. You can use this sort of
procedure [called clearsigning] for Word files, but not for other file types such as Excel.
-----BEGIN PGP SIGNATURE----Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOTTwemXwVshkpUaFEQIjvgCg4ZZKcn0FxCiqXAkfsaeE+uEbrhwAn3La
vWnpCeN/Rq0T888ZXPu9ZUD6
=egqh
-----END PGP SIGNATURE-----
To verify such a signature, simply point to the PGP padlock again, but this time choose Current
Window/Decrypt and Verify. This should result in something like this:
Digital Signatures
Page 3 of 4
15/02/16
PGP 6
'Locking' a signed file
There is a possibility that the recipient of a signed file may (inadvertently or intentionally) change the content,
thereby invalidating the signature. You can prevent this by password protecting the file BEFORE you sign it.


With the relevant file open, go to Save As and choose Options in the resulting dialogue box.
In the bottom right of next dialogue box type a password into the box called Password to Modify.You will
be asked to retype this
Now when the recipient opens the file he/she will have to choose 'Read Only' in order to open it, thus preserving
its integrity. PGP will still be able to verify the signature, however.
________________________________
Digital Signatures
Page 4 of 4
15/02/16