Quote from: Guru on August 22, 2012, 11:25 amQuote from: LouisCyphre on August 22, 2012, 10:22 amQuote from: BenCousins on August 22, 2012, 07:39 amso how do i sign?With GUIs it varies, but usually it will be a checkbox or a menu option.On the command line it is: gpg --clearsign message.txtSigning and encrypting on the command line is: gpg -sear <recipient> message.txtAs the old saying goes, "A little knowledge is a dangerous thing." It certainly is.Quote from: Guru on August 22, 2012, 11:25 amI can understand peoples' interest in PGP-clearsigning, however they ave to realize that by signing emails, posts, etc. you lose all plausible deniability. Yes, it's also important to understand the value of it and when not to use it.Quote from: Guru on August 22, 2012, 11:25 amIf the signature verifies, then it cannot be disavowed as a forgery. If you sign a message to a vendor ordering contraband, and the vendor is busted, should the message somehow be retrieved, if it's signed, and the signature verifies, then you, as th signer, are fucked. If the signature on a message verifies, then you simply CANNOT deny having written it. Signing can be a valuable tool, but it is a double-edged sword that can just as easily be turned against you. Exactly. Signing address or ordering information is not helpful. Using signatures and being able to verify them so you can confirm an official announcement from DPR, however, is another matter entirely.