PGP Signatures in Gmail

PGP lets you do two common things with email: encrypt it or sign it (or both).

To keep email private, encrypt it.

To let your recipients verify that the message is from you and the content did not change, you should add a signature like this:

Signing emails with PGP on Gmail

Recipients who use PGP will be able to verify this signature. Any decent PGP software will do.

In FlowCrypt, it will look like this:

Verifying PGP signed emails on Gmail

The recipient will see a green (or red) signature in the corner. Green means that the content matches the signature (and therefore was not tampered with).

Currently with FlowCrypt, you can either encrypt an email or sign it, not both. Both encrypting and signing the same email will be possible soon. Also, for now, only the content of the email gets signed – attachments will not be signed. Adding these capabilities are certainly in our plan.

Please try it out and let us know what you think!


Update: It is now possible to both encrypt and sign a message. This is even the current default.