I have been playing with PGP/GPG. A whole bunch of clear thinking has been invested in that technology. The basic objective is to provide a system that supports guarantees regarding the secrecy, integrity, and authenticity of the sender of email. But I wondered how strong the guarantees really are. First of all, if your computer is already owned (hacked), then forget about it. The most protected secret in the whole system is the passphrase of each user, and if your machine is owned then your keystrokes, and passphrase, are known by the attacker. Second, I downloaded GPG using insecure HTTP. I can't be sure that I connected to the authentic download server, or that the file was not modified in transit. Providing me with a PGP/GPG signature over the same insecure channel does not help the situation. If the software is not delivered to me over a secure channel, I cannot know whether it is authentic, and therefore I cannot know what it is going to do. Third, if the computer system (operating system, hardware, etc...) is fundamentally not secure, then it is unlikely that trust can be built on top of that weak foundation. For example, if the PGP/GPG software is sitting on a file server and I am accessing those files over an insecure network file system protocol, then security is low. So my summary of the PGP/GPG situation is that the guarantees that it provides are very weak and all blame falls onto the lack of "computer security" more than any design flaw in PGP/GPG or in the algorithms that it uses. So if Bob receives a PGP-signed message that appears to come from Alice, is he justified in believing that it was sent by Alice? No.