Verification of Senders
Verifying a sender of a message means ensuring that the person/email address who appears to have sent you a message is actually who they claim to be, and not an impersonator or scammer.
Internal emails (from Private.Ki users)
All internal messages (from and to Private.Ki users) are automatically signed with PGP. When you sign an email in Private.Ki, you are appending a cryptographic signature generated with your private PGP key. This process is automatically enabled when you compose an email to a Private.Ki user:
Sign is activated by default. You can turn it off manually - but why would you do so?
When you receive a message from an internal user whose signature has been verified, it will look like this:
Like this, you can be sure that this message is coming from the Private.Ki account that is associated to the sender's email address.
Be careful: This only means that the email is coming from the Private. Ki account. You can assume that the sender's account is safe, and only he is in possession of the login password and the passphrase. But in reality, there is no way to be 100% sure that it's this person using his account sending this email.
External emails (from non-Private.Ki users)
You can also verify the PGP signature of external (non-Private.Ki) users. For that, you need to import the public key of the sender first.
As long as you have not imported the public key of the external user, Private.Ki is technically unable to verify the authenticity of the signature, and it will look like this:
When you have imported the sender's PGP public key, the signature will be automatically verified as soon as it reaches your device. If successful, it will show as "Signature: Verified":
This example shows an encrypted and signed message.
It's also possible to sign a non-encrypted message.
This is how a non-encrypted external message with a verified signature looks like:
Same as with internal emails: When you see the green checkmark and Signature: Verified, the digital signature of the recipient has been successfully checked and is valid. You can be sure that this message is legitimately coming from the sender's email account.