It's like a checksum. If you have the sender's public PGP key stored on your machine, you can use the PGP sig to verify that it came from the sender.
Only the sender can produce the sig, using his/her private key. Recipients can then use their own copy of the sender's public key to verify. Yuri >[snip] >iD8DBQE+h8uNT21+qRy4P+QRApb3AKC/CW5yf7DR9k6QWTWXD7EAEkBzMACeNeB7 >> LkFu46ipBgp0CH4hFM5kC04= >> =hZ7D >> -----END PGP SIGNATURE----- > What's this PGP signature thing?? >--Slosh
