How to get a new / non-technical user to verify the GnuPG / PGP signed email


I'm looking for a web front-end or some easy way to get a user who's never been exposed to cryptography / digital signatures etc. to simply copy/paste my GPG signed (not encrypted) email and specify whether that email/text has been correctly signed – meaning contents are untampered and from me – the sender.

Ideally, it would be able to pull my public key off a key server in order to verify or allow a user to upload the key along with the signed text for verification.

Basically – how would I be able to convince an ordinary user that the email sent is indeed from me.

UPDATE: I found something similar here, but apparently it only works for users who've signed up for HushMail.

Best Answer

  • Try the enigmail Thunderbird extension.

    It "just works" and shows you a little icon and offers you to verify signatures, import public keys, sign them, etc... No cut & paste involved.