This article is from the PGP FAQ, by Jeff Licquia jalicqui@prairienet.org with numerous contributions by others.
Let's imagine that you received a letter in the mail from someone you know
named John Smith. How do you know that John was really the person who sent
you the letter and that someone else simply forged his name? With PGP, it is
possible to apply a digital signature to a message that is impossible to
forge. If you already have a trusted copy of John's public encryption key,
you can use it to check the signature on the message. It would be impossible
for anybody but John to have created the signature, since he is the only
person with access to the secret key necessary to create the signature. In
addition, if anybody has tampered with an otherwise valid message, the
digital signature will detect the fact. It protects the entire message.
 
Continue to: