Verification of signatures

Verifying a signature means confirming that a message was indeed signed by the key belonging to the purported sender and that it hasn’t been altered in transit. (Don't confuse this with email signatures, we're talking about cryptographic signing here.)

Signed emails from other Private.Ki users

Private.Ki does signature verification automatically for incoming internal messages that are signed.

When you receive an email or chat from another Private.Ki user, the digital signature of the sender is automatically checked, using the sender’s public key.

If the signature matches, the message is marked as authentic by showing a green arrow and the text Signature: Verified, like this:

Be absolutely careful if you should ever receive a message from a Private.Ki user that does not have a verified signature. Please contact our technical support immediately.

Signed email from non-Private.Ki users

If you receive a signed message from an external (non-Private.Ki) sender, you can also verify the signature easily, but you need to import the public key of the sender first.

As long as you have not imported the public key of the external user, Private.Ki cannot verify the authenticity of the signature, and it will look like this:

As soon as you have imported the sender's PGP public key, the signature will be automatically verified by Private.Ki. If successful, it will show as "Signature: Verified":

By the way, this example shows an encrypted external message to your Private.Ki account. For signature verification, it makes absolutely no difference if the message is encrypted or not.

This is how a non-encrypted external message with a verified signature looks like: