Browser unable to execute script; please use the site map to navigate the site.

The Authenticity of Questioned Pretty Good Privacy (PGP)-Signed Digital Documents



(Citation)Citation information

M. S. Olivier. “The Authenticity of Questioned Pretty Good Privacy (PGP)-Signed Digital Documents”. In: AAFS 72nd Annual Scientific Meeting. (Oral presentation; abstract included in proceedings). Anaheim, CA, USA, Feb. 2020


In principle authentication of digitally signed documents is a simple computational process. PGP (Pretty Good Privacy) was created in 1991 as a cryptographic tool that enabled users to communicate privately, but also to achieve a range of other functions, including the ability to sign documents (Garfinkel 1994). For over three decades PGP (or other software compatible with PGP) was the standard tool for users who wanted to encrypt and/or sign documents. The open source implementation (GnuPG — the GNU Privacy Guard) is based on the OpenPGP standard (Callas et al. 2007). In this paper the term PGP will be used to refer to any software that implements PGP functionality.

While other (better) solutions than PGP have been developed, none has achieved the widespread acceptance and name recognition PGP has. The shortcomings of PGP are well known (Whitten and Tygar 1999), but, when used correctly, PGP remains useful.

One question about authentication of digitally signed documents is whether they will stand the test of time. This paper presents a case study in which 65 documents signed with PGP have been examined to determine whether their authenticity can (still) be established. The dates of these documents range from 22 July 1998 to 15 May 2018.

The 65 documents were not selected randomly and therefore results cannot be generalized. Moreover, the problems encountered can be seen as predictable, based on the critiques of PGP mentioned earlier. However, this empirical case study provides insight into the occurrence of the predicted problems in the ‘real world’, and provides some insight into the relative prevalence of such problems. Note that the selection of rather old documents was intentional: The forensic document examiner (FDE) is often faced with authenticity of older documents, such as a last will or a contract purportedly signed many years ago.

The primary tool used for signature examination was Gpg4win — an implementation of GnuPG for Microsoft Windows. Gpg4win version 3.1.10 released on 14 July 2019 was used.

The first problem when examining most of the earlier documents is the set of 65 documents did not even derive from the digital signature per se. The signatures were associated with email addresses that no longer exist. The oldest files originated from a university that no longer exists in it 1990s form; the domain name used then has been abandoned, invalidating all associated email addresses.

As a specific example: The second oldest of the files examined was signed by the author of the current paper on 19 October 1998. The key is still available on public key servers, even though the address associated with it has not been used for well over 15 years. The key has not been signed by anybody else and the author removed the key long ago from his own keyrings. Backups from around the year 2000 were available, but corrupted. Two option existed (claim ownership or sign the key with a current key). However, both relied mainly on the author’s recollection that the key was indeed authentic. Both lead to ‘successful’ verification of the document.

Some general remarks can be made about observations in this case study.

About half of the keys used to sign documents were available from key servers. However none of the keys used in this case study were signed by third parties. Hence key servers were not useful to find a chain of certificates between any key used and the author’s key. Availability of about half of the public keys made it possible to proceed with verification if one could find grounds to trust the public key.

As noted, many of the keys retrieved were for obsolete email addresses, and this may make it hard to obtain reliable information to confirm that the key was valid. Many users will arguably not have such information available. In any case, relying on the user’s cooperation facilitates repudiation. Searches were conducted for key fingerprints on the Web, but no reliable information was obtained for any search.

Another problem experienced is the fact that about half the keys found on key servers had expired. Whereas Gpg4win in such a case simply reports The signature is invalid: Signing certificate is expired, gpg (GnuPG) 1.4.20 and gpg (GnuPG) 2.1.11 on Lunix produced the potentially more useful result (with the caveat that ground to trust the key remains problematic):

gpg: Signature made Mon 24 Jan 2011 23:52:01 SAST using DSA key ID [Redacted]
gpg: Good signature from "[Redacted]" [expired]
gpg: Note: This key has expired!

The problem of key authenticity is pervasive. One promising possibility remains: Where the key has been used previously in multiple exchanges and some of the exchanges can be determined to be valid may be used as ground to trust the key used elsewhere. An email interchange between two users who know one another may provide grounds for such trust.

Callas, J., L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. 2007, November. “OpenPGP Message Format”. Request for comments 4880, IETF.

Garfinkel, Simson. 1994. PGP: Pretty Good Privacy. O’Reilly.

Whitten, Alma, and J. D. Tygar. 1999, August. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”. Proceedings of the 8th USENIX Security Symposium. Washington, D.C., USA, 169–184.

(BibTeX record)BibTeX reference

author={Martin S Olivier},
title={The Authenticity of {Questioned Pretty Good Privacy (PGP)}-Signed Digital Documents},
booktitle={AAFS 72nd Annual Scientific Meeting},
address={Anaheim, CA, USA},
note={(Oral presentation; abstract included in proceedings)} )