What is a real email signature.

So while at InteropITX, the use case was given that your employees should expect a consistent signature from co-workers to ensure phishing hasn’t been used to gather information from internal staff to coordinate an attack.

HOWEVER, “Thanks, -Jake” is no cryptographically sane signature, and it’s not HARD to sign emails with your private key,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

From: "Jacob Evans" <[email protected]>
To: "Bob Smith" <[email protected]>
Subject: Sales Opportunity
I have a sales opportunity, but I need you to send bitcoin to my btc address, you know this is from me because I signed this message.

Thanks,
Jake
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.70
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJZHUGmAAoJENfrgQMM+M86uhsH/AookwpXMfKd0jYn9iBy9LcE
Ioh918btNMg8vmElPrIqLsul8Yy4Rb4YhODkd0WQ1PZeV8wZbfFXsmt1NC+dAZvW
ES/xFH0oKLEGOwx1qmUc0UZ9lT1vqdy/Hj6C0A4XONZhrCtYHByMpSXY6HPNiheu
W+ai5TXMa/5uEfyqNaDCU8xitQRhDdUp6cg3jD2kaAQgCQ/pKNVinCH7oqIMASkQ
W5nmKLvGAsv0ONTMapiypPvdQPqmxAgnA11VFMhJW/SNe+1s8xaMsNO4d23Ew1mV
4K6TeLitA8Odm/tZQDIQFIcSGjRuMPLzkijKTxKF8I/GINlb11W4qlRn5aCf1rU=
=VjCx
-----END PGP SIGNATURE-----

I used keybase.io as an example, but you can use ANY implementation of OpenPGP for this and if you follow the link you see something like this:

If you are going to talk security, PLEASE actually use secure examples.

Thanks,
Jake

Say Something Nice