Skip to main content
Review of Key Issues

Best Practices

Digital Signature

Like a hand written signature in a printed document, a digital signature can be used to identify and authenticate the originator of an electronic document. A digital signature is an unforgeable piece of data, which asserts that a certain person either wrote or otherwise agreed to the electronic document to which the digital signature is attached. The recipient of a digitally signed electronic document can verify both that this document came from the person whose digital signature is attached and that this document is not altered after it is signed.

Pretty Good Privacy (PGP)

Sending e-mail message over the Internet is more like sending a paper mail on postcard than on a sealed envelope. Everybody who has the authority to get into the mail passageway can easily read or even alter the mail. Pretty Good Privacy (PGP), created by Philip Zimmermann, is software that allows the sender of an electronic mail to encrypt and digitally sign the e-mail message or files using the sender’s private key. Only the designated e-mail recipient can use the sender’s public key to decrypt this e-mail message or files. While the recipient decrypting the e-mail message or files, the sender authenticates himself/herself to the recipient that the sender is the person who he/she claimed he/she is and the e-mail message or files are not altered after the sender signed the e-mail message or files. Once a digital signature is created, it is impossible for anyone to modify either the message or the signature without being detected by PGP.

Each PGP user must initially generate a pair of complementary keys: a public key and a secret key. Public key and private key are generated at the same time and each key unlocks the code that the other key makes. Public key is publicly distributed to whoever wants to send e-mail message to the person who distributed the public key. Only the person who distributed the public key knows the secret key and it should be guarded carefully.


On June 11, 1996, Governor’s Task Force on Information Resource Management (now known as 'The Office for Technology') released ‘Technology Policy 96-14 New York State Use of Electronic Mail.’ The purpose of this policy is to promote the use of e-mail as an efficient communication and data gathering tool, and to ensure that State agencies have the information necessary to use e-mail to their best advantage in supporting agency business. It states general policies and security issues about using e-mail communications.