Why sign messages?

Would you sign a handwritten letter to a friend? Most likely, you would. You sign it to prove that the letter was really written by you and not just anyone who knows your name and return address. Your signature authorizes the message as really being by you. In that same thread, you should sign your e-mail messages. Just as you would be suspicious of an unsigned letter, even if it looks like its from a friend, you should be suspicious of unsigned e-mails. Today, few people sign their messages, let alone verify such signatures, making e-mail an exercise in blind faith.

Aren’t most messages signed?

A PGP/S-MIME signature is different from the clear text signatures that most people use. Those are like business cards or the heading of a business letter, while a PGP/S-MIME signature is more secure than your hand written signature.

Why encrypt messages?

Think about security envelopes. They prevent letters from being read when in transit by casual on lookers. Fortunately, for letters that’s enough since it is usually obvious when a letter has been tampered with (opened, put in a new envelope, etc.). With e-mail, it is possible to tamper with headers so that no one can tell if it were intercepted and changed. Worse yet, reading others’ e-mail is non destructive, so there is no way to know if someone else is reading your e-mail. To prevent this, e-mail messages should be encrypted.

But who wants to read my messages?

Well, hopefully no one. But, how would you feel if the employees of the post office read your letters before delivering them? With e-mail, anyone with some knowledge and a little interest can read anyone’s messages. Despite what you might believe, e-mail systems are not secure. It is up to you to protect your messages. Even if you don’t think that you have anything to hide, you cannot allow your privacy to be violated. Today it might ‘just’ be e-mail; tomorrow it might ‘just’ be the Web sites you visit or your files or who knows what else. The only way to protect your rights is through vigilance and active protection on your part, because at the end of the day no one really cares about your rights but you.

(Adapted from the online documentation of the Mac GNU Privacy Guard program package.)