What is message signing?
Let’s imagine that you received a letter in the mail from someone you know named John Smith. How do you know that it was really John who sent you the letter and not someone else who simply forged his name? With PGP, it is possible to apply a digital signature to a message that is impossible to forge. If you already have a trusted copy of John’s public encryption key, you can use it to check the signature on the message. It would be impossible for anybody but John to have created the signature, since he is the only person with access to the secret key necessary to create the signature. In addition, if anybody has tampered with an otherwise valid message, the digital signature will detect the fact. It protects the entire message against undetectable change.