How can I get a new / non-technical user to verify my GnuPG / PGP signed email?

I'm looking for a web front-end or some easy way to get a user who's never been exposed to cryptography / digital signatures etc. to simply copy/paste my GPG signed (not encrypted) email and specify whether that email/text has been correctly signed - meaning contents are untampered and from me - the sender.

Ideally, it would be able to pull my public key off a key server in order to verify or allow a user to upload the key along with the signed text for verification.

Basically - how would I be able to convince an ordinary user that the email sent is indeed from me.

UPDATE: I found something similar here, but apparently it only works for users who've signed up for HushMail.

Sparx

Posted 2010-12-12T09:26:36.173

Reputation: 1 667

3thats the main reason why crypto is not (yet) deployed among non-techies :) – akira – 2010-12-12T10:02:03.837

@akira, well not when using PGP maybe. S/MIME signed email is handled fine by sane email clients.

– Arjan – 2010-12-13T13:26:47.890

Answers

Try the enigmail Thunderbird extension.

It "just works" and shows you a little icon and offers you to verify signatures, import public keys, sign them, etc... No cut & paste involved.

totaam

Posted 2010-12-12T09:26:36.173

Reputation: 1 692

I personally already use Enigmail as well as GPGShell. Both work exceedingly well. However, getting an ordinary user to switch from what is undoubtedly the majority interface (webmail) to a client isn't practical. I'm looking for some way to let a total n00b click one or two links and know whether or not the message was tampered with / originated from me. – Sparx – 2010-12-12T16:18:45.560

I have not tried FireGPG yet, but it should do what you had in mind. Unfortunately, it's discontinued, but maybe the latest version fits your needs.

user54114

Posted 2010-12-12T09:26:36.173

Reputation: 457

i have tried it, but it's only meant for the Firefox browser. – Sparx – 2010-12-12T17:26:45.840