Update: I realize I'm doing sort of an apples-oranges thing talking about server-client relationships and signatures. Please ignore my brainfarting i.e, this node) until I manage to get my wits together and express myself more clearly.

Of course the signature is paired with the message. But the logic that says "This signature matches that document" can't be on the client side, or it can be faked. That's why I suggested something like a database connection to verify authenticity. It's the digital equivalent of my bank calling me up and saying "Hey, did you write a cheque for $100 to the EFF?"

Rule #1 of any client-server based encryption work or security-related programming: Don't trust the client.

LAI