How to PGP-sign a message

PGP signatures are a way to show that a message was written by the intended author, and not tampered with or forged by an attacker. You can use a PGP signature to add a measure of security and verifiability to any message.

Please note: the full instructions here are for Unix-based systems, like OS X or GNU/Linux distributions. To make this work on a Windows machine, you’ll first need to install Cygwin to run Unix apps on Windows. The GPG package for Windows is called GPG4Win.

1. The first and most important step is that you must have GPGTools installed (nb: GPG and PGP are terms used interchangeably). If you’re already using PGP to encrypt your email, great, you’ve already got a keypair. If not, the best, simplest instructions I’ve seen for setting up PGP are these from the Free Software Foundation (if you get stuck, I’d love to help you set up PGP, so contact me).

2. If your keypair is all set, go ahead and open a console. On OS X, your console is called Terminal, and on GNU/Linux distributions you should find it as Xterm, terminal, Konsole, console, or something like that.

3. In the console window, you want to open your console text editor. I’m using nano, but you can use another simple command line text editor like Vi/Vim, which comes with many GNU/Linux distributions.

To run nano, type


…then hit enter. nano will open with a new interface.

4. Type out the text you want in your PGP-signed message. Since I’m making my warrant canary message here, I am going to type: “We have not been contacted by any government agencies requesting information about our workshop attendees or website visitors.”

5. Save the newly created file by holding “control” and the letter “O” at the same time.

6. nano will prompt you to name your file (you should see a line “File name to write”). I am naming my file “canary.txt”. Hit enter.

7. Hold down “control” and “X” to quit nano. Type “y” to say yes to saving. Hit enter. This will bring you back to your original terminal window.

8. Type

cat [the name of your file from earlier]

…and hit enter. Mine looks like “cat canary.txt”. This will display the text of your newly created canary file. Make sure it looks good! If so, you’re ready to sign it.

9. Type

gpg --clearsign [the name of your file from earlier]

Mine looks like “gpg –clearsign canary.txt” (note — the formatting here is wrong. The plain text dashes above are what you should be typing into your console. That’s why I put the above in its own plain-text block.)

10. Enter your PGP password to unlock your secret key. Once you’ve entered it, you should see a new terminal line that ends in $.

11. Now type

cat [the name of your file from earlier].asc

Mine looks like “cat canary.txt.asc”. This will display the newly signed text file. You can copy and paste this output into another medium where you want your signed text to display. Congratulations! You’ve created your PGP-signed message!

12. Test your signature by typing

gpg --verify [the name of your file.asc]

…and hitting enter. My command and output looks like this:

gpg --verify canary.txt.asc
gpg: Signature made Mon Mar  9 13:52:14 2015 EDT using RSA key ID CBE83CA3
gpg: Good signature from "Alison Macrina " [ultimate]
gpg:                 aka "Alison Macrina " [ultimate]

Just for funsies, you should try tampering with the message in your file, then running the –verify command again. See what happens?