Using GPG to Sign and Verify a Message

First off GPG stands for GNU Privacy Guard , and is a open source implementation of PGP.

So what can you do with GPG , and why should we care?

One common use of is to sign your messages, this way the receiver can verify it did in fact come from you, and that it hasn’t been altered.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: keyserver.ubuntu.com

mQENBFJgLEgBCADcYnqxjoWIUoaRQEdvyIKu0g2UkTRRUidpkLhqqLCMmP4EQgB9EosoTUVn
NiLyXrqpSUvD5RkOtzj4rHIn2trSey9D7pu++5u1x0hGTIaCxcbQMK6l+MhqwLdPshyEvTv/
b+aNUZSiES4azzbTNX06O0uUT3qQqAgkZsFA1tBY4Fcw6GavvgifWL83XNJADpKV72tXraVE
mHGeQltwMUT/klzTeamjiN/C/+/3POz8ogH7PQ2JAtd5us4bl/zVLPoi/tLIs+rizxP7EGnJ
aILVTDxj14gDzSMPsxuLpOKwxZP08w4rdmIil9iBqDlc6YhSiGr48EIZP6qEIYQyuQmNABEB
AAG0IEplZmZyZXkgTmVzcyA8ZmxpcDM4N0BnbWFpbC5jb20+iQE+BBMBAgAoBQJSYCycAhsD
BQkHhM4ABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAVgZxb+A0sKJBJB/oCr8/1rIvD
/b+trpmmMcStYAT+K/U41bWpCbE6yOIh+ab7Dgh3l3QRM48rUVYbR0gwWE9q8eE/NRaHDBDq
2jYaOv7kZMJ5KTiU3svnq0qDlbuA5MTvEis6rr+iNy1ne2kxOoukSiAfU6dIkQuSHU0Dz5Ns
2bAu0YBwoxtanDntqAjEOOr/VOYJKBP1fUhd413O3WOKRIUciGneDihUM+TGyG50wFmE7J7x
j8ydkYZDvLrDNxOVqFm5SxugLke8jkaiiPSTk/mlckHupkJHtAPlxeq69N7HQVT+/aCKzIty
Se4dQqJFV6VhlQVjLS3QYKUStja1bZJeE3rIKjOjBY0+tCVKZWZmcmV5IE5lc3MgPGpuZXNz
QGZsaXAtZWRlc2lnbi5jb20+iQE+BBMBAgAoBQJSYCxIAhsDBQkHhM4ABgsJCAcDAgYVCAIJ
CgsEFgIDAQIeAQIXgAAKCRAVgZxb+A0sKPbHB/4sSHuZvEdt3KIkIj5RRnNRXgJ0PnImp5Gk
PY4vxuokWndmJUTF8JnGmmdJqBhpQ/bzWHdm9xYUd6QJ6IzSBCcYarBF7h7XcjY8nFheJsyF
jfRcm90RsIMjDNhKtwB9aChCznVBnVujwRafVnyuerzexpsIrE6McN2s8redDlR0WBx+LZwm
fwzZ+qX7PjCRlFsoNy0nUqI33EYP0QAbx6PCPcTiDcou5UFuOEK70uZh/k2l2hBOajWJN9x1
6UQVfGuOmERVsD6dXiCbNs1C7pce0Rj7WFwolpBBeYk9g5OHLmBdlf9pta3gJXExEJWJPLTS
euQtKkTdj5Pu2HKX7qxyuQENBFJgLEgBCADY1aF23k3eLLGghn0xugEPKNaG6Ve1lozmCWK9
RgkQVhx070ktG5iVkT7Zx3VMMG0M2g/Aas/l5XC6Z3Gx3Fm3U5TQ43pNnR2vea1yhA1LrahN
PwqQcNld+mtJca2go5hcX0pTqcYBNVkHtn+cMQJNPdyE1bWCh77BH/oScWNrwJVljPBsJju+
Wg5cFzHyujCaYd+RW7hG5nKC6Bz5ldXvUyeEAWyEjvXNM7gSmsXTBOOuFzyK2F50j7rLAyEI
IyDN16zAyqiHOaq+4NJBRxLJmvR5bwOtTCSdtQPMxusG54Qc65VbJalGs90B4F+okP3FtNWs
MaQzshuo8yaQJ9H5ABEBAAGJASUEGAECAA8FAlJgLEgCGwwFCQeEzgAACgkQFYGcW/gNLCjN
yAgAoLtLiEuoq/NAkcXgrJtykicbXgeDDrXwlCEOeMuChsfAJeExN3GV1rGomq0AGySGuxgH
+U61OAfeKcCWNCS3Sr7AVPbeqgomy4DDwkf60nks7/SKVEaOxMbdBaCBbYBi8gQWGc+3VTHM
s4m9135nfQhhh5e8yAF0YiOv8+b7K+uLjrh6ggYXhvXWMvhqT5xN3NatAasfHIgbRVg26VxN
GXWg6urEppXCeeNFosPSZrCHfMs+ncQR0+at7OAcbp8E8wGVLslYDbZSz/YGK+jVcfqzLKj7
DtK57lyAxrc+EY7385PPHhd0Lf5tRufsPce/Q2s/ItQTaYBKXWq0s5sFhg==
=pePB
-----END PGP PUBLIC KEY BLOCK-----

Using the above public key we can verify a signed message I wrote.

For example below is a message I signed with the text “Here is a signed message from me!” .

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here is a signed message from me!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJS67emAAoJEBWBnFv4DSwoFmAH/2FNYG8JODEYvWna3kGYDHZ3
I1Td5fGxLc2vcpiRyiZJ9RATByV6sact+ITHduj7TPTDo/zrDDnoqDnAt59kZhAn
WxPbQyQXW49tnWPrJ+QjMV3J55oZWCe28hfeCDdiVslCYtxwXw+zL2g2u3sp5ndk
aJIR7PRhJoAWDt0JhYY2JDT7xKgDXtvD73MrgIJpolWiSF24oDj93rn8YO7bG2KI
oatbUN5yObQBog4IxgWagGBmvzt4gE4dTIJjdBSMmM5p1ldFpEKBdhlQ4BUVTCvU
QMQ4bxG3z+Pz3lbY5FuW97GtFgpe1BEVBxcDZU92njO6mAK4PJn6M5B8dMP4Z1I=
=/p36
-----END PGP SIGNATURE-----

To verify this message we can use GPG’s –verify option:

$ gpg --verify
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Here is a signed message from me!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org

iQEcBAEBCgAGBQJS67emAAoJEBWBnFv4DSwoFmAH/2FNYG8JODEYvWna3kGYDHZ3
I1Td5fGxLc2vcpiRyiZJ9RATByV6sact+ITHduj7TPTDo/zrDDnoqDnAt59kZhAn
WxPbQyQXW49tnWPrJ+QjMV3J55oZWCe28hfeCDdiVslCYtxwXw+zL2g2u3sp5ndk
aJIR7PRhJoAWDt0JhYY2JDT7xKgDXtvD73MrgIJpolWiSF24oDj93rn8YO7bG2KI
oatbUN5yObQBog4IxgWagGBmvzt4gE4dTIJjdBSMmM5p1ldFpEKBdhlQ4BUVTCvU
QMQ4bxG3z+Pz3lbY5FuW97GtFgpe1BEVBxcDZU92njO6mAK4PJn6M5B8dMP4Z1I=
=/p36
-----END PGP SIGNATURE-----
gpg: Signature made Fri Jan 31 08:48:06 2014 CST using RSA key ID F80D2C28
gpg: Good signature from "nessy <..@gmail.com>"
gpg:                 aka "nessy <..@flip-edesign.com>"

As seen above the, the signature states Good signature , and shows when it was signed.