Why cleartext PGP signatures are risky and should be avoided

TL;DR

Cleartext PGP signatures make signed text immediately readable but can be spoofed or manipulated by display-layer tricks and malformed headers. The author recommends using detached signatures or PGP/MIME and shows how to extract the true signed content with GnuPG tools.

What happened

Cleartext signatures have been part of PGP implementations since the early 1990s, created so recipients could read signed ASCII messages without special software. While the format preserves human readability, it is fragile: escaping rules, header/comment lines and terminal control sequences can be abused so that what appears on-screen is not the exact bytes that were signed. To reliably learn what was signed you must let a PGP tool output the canonical signed text (for example with GnuPG: gpg –verify -o signed.txt message.asc or gpgv -o signed.txt message.asc). The blog traces the format’s origin in dial-up BBS-era messaging and notes that PGP/MIME (introduced in 1996) and detached signatures are safer alternatives. The post lists multiple longstanding attack techniques against cleartext signatures—fake armor lines, injected unsigned headers, hidden delimiters and other tricks—and concludes that cleartext signatures should be avoided except for legacy reasons.

Why it matters

• Display-layer tricks can make unsigned content look signed, risking deception or fraud.
• Only a verification tool can reliably show the exact bytes that were signed; visual inspection is insufficient.
• Using detached signatures or PGP/MIME reduces ambiguity and lets signed files be processed directly.
• Scripts and automated checks should use gpgv or explicit verification options to enforce trusted keys.

Key facts

• Cleartext signatures date back to early PGP releases in the 1990s and were designed for readable ASCII messaging.
• GnuPG can extract the verified signed text with commands like: gpg –verify -o signed.txt message.asc or gpgv -o signed.txt message.asc.
• gpgv is recommended for scripts because it verifies signatures only against keys in trustedkeys.gpg or trustedkeys.kbx.
• The gpg option –assert-signer can be used as an alternative to using gpgv in some workflows.
• Detached signatures are verified with commands such as: gpg –verify message.sig message.txt or gpgv message.sig message.txt.
• PGP/MIME was developed in 1996 (RFC2015) and later became the standard for sending signed or encrypted PGP email.
• Known weaknesses against cleartext signatures include fake armor lines, misleading comment headers, hidden delimiters (terminal control or UTF-8 trickery) and overlong lines.
• Some mail clients that use the GPGME library can handle cleartext signatures correctly, but a number of clients still offer the option to send cleartext-signed messages.

What to watch next

• Mail clients that still offer an option to send cleartext-signed messages — users and administrators should prefer PGP/MIME where available.
• Scripted verification pipelines should use gpgv or explicit trusted-key checks rather than relying on visual inspection of clearsigned output.
• not confirmed in the source: any new attack techniques that exploit modern terminal or Unicode features to bypass verification should be monitored closely.

Quick glossary

• Cleartext signature: A PGP signature format where the signed message is included in readable text followed by an ASCII-armored signature block.
• Detached signature: A separate signature file that signs a specific file's bytes directly, avoiding ambiguity about what was signed.
• PGP/MIME: A MIME-based standard for sending signed or encrypted email that packages signatures and content in structured MIME parts.
• Armor header: The ASCII lines that delimit PGP armored blocks (for example BEGIN/END markers) used to encode signatures or encrypted data.

Reader FAQ

Are cleartext signatures readable without tools?
Yes — the signed text is human-readable, which was the original purpose of the format.

Is what I see on-screen always the text that was signed?
No. Terminal escape codes, altered armor headers, comment lines and hidden characters can make displayed text differ from the signed bytes; only a PGP tool’s extracted output is authoritative.

How should I verify a clearsigned message safely?
Use a PGP tool to extract the verified signed text, for example: gpg –verify -o signed.txt message.asc or gpgv -o signed.txt message.asc, then inspect or process signed.txt.

Should I use cleartext signatures for email?
The source advises against using cleartext signatures except for legacy reasons; prefer detached signatures or PGP/MIME instead.

Cleartext Signatures Considered Harmful Posted December 26, 2025 by Werner Since the very first PGP versions from the early 1990ies PGP and all other implementations support a thing called cleartext…

Sources

• Cleartext signatures considered harmful
• 15 reasons not to start using PGP
• Security and Usability Issues of Clear Signed Checksum Files
• The PGP Problem: A Critique (2020)

Related posts

• First in vivo CRISPR therapy edits genes in a newborn, saving life
• How Communication Gave Way to Entertainment on Social Platforms
• How Communication Channels Became Content Networks, Eroding Trust