What is that "signature.asc" attachment that you sent to me?

The file, signature.asc, is my PGP electronic signature. It is a simple ASCII file; hence, the extension asc. There are basically two kinds of PGP signatures: inline armor, and PGP/MIME attachments. The older, inline signatures can only be used with plain text emails and other text files. They do not authenticate attachments, nor do they work with HTML mail. The advantage of inline signatures is that they do not alarm those unfamiliar with the technology, and are not blocked by servers that strip all attachments.

The newer PGP/MIME standard creates a separate signature file that is based on an algorithm which takes as its variables, the data in the document(s) signed, my 1024 byte private key, and if directed to an individual with a known public key, the recipient's public key. It looks like junk in a text file. Mail systems that recognize PGP/MIME automatically decrypt and authenticate the signature, and you never see the attachment. Windows-based mail clients (MUAs) include Thunderbird, Mozilla, & Netscape 7 (with the enigmail plugin), Pegasus and Eudora automatically recognize PGP signatures. Microsoft has not yet incorporated the standard into any of its products (Outlook or Outlook Express).

There are open and commercial implementations of the PGP/RSA encryption system. OpenPGP is implemented through GnuPG available for a large number of platforms including Linux/Unix, Windows, Mac, and even the PalmOS. Get it or learn more about it at