That signature.asc file in my emails

You mean the thing that looks like this?

Version: GnuPG v2


GPG signature

The file that’s attached to my emails, is called a GPG signature (or PGP signature). GPG is short for “GNU Privacy Guard”, a free (i.e. open source) implementation of the Pretty Good Privacy (PGP) protocol.

It basically is intended to prove that the message you received, was indeed written and sent by me. Because of the way how email works, I believe that these things matter.

How signing works

A short checksum is calculated from the contents of the email I’m about to send you, and this checksum is then signed with my private key. This results in the digital signature.

When you receive my message, along with the digital signature, you can decrypt that checksum (or hash) using my public key. This decryption results in a checksum that should match my original checksum. When the decrypted hash matches my original, the integrity of my message can be considered proven.

How to integrate GPG in your mail client

There are several solutions for integrating GPG with your mail client. If you use Mozilla Thunderbird, you can install a simple security add-on named Enigmail. Outlook users, have a look at Gpg4win, Apple Mail users can use GPGMail. Mutt supports it out of the box.