0

How does a signing a post with a pgp key prove that you are actually the person behind the post?

posted
by
Avatar
Fizz@lemmy.nz
in
Avatar
askscience@lemmy.world
9 comments
hidereport

I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything.

I created a key and ran gpg --export --armor fizz@… and I ran that twice and both blocks were identical. If I posted my public key block couldn’t someone copy and paste that under their message and claim to be me?

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments
Avatar
Crul@lemmy.world
0 points
*

EDIT: changed encryption / decryption to signing / veryfing. Thanks for the corrections

Not an expert, those who know more please correct me.

From what I understand, what they post is not a PGP key, but the same content published in clear text signed with their private key. That way anyone can verify it with the author’s public key to check it has been generated with the private one (that only one person should have).

permalink
report
reply
Avatar
dohpaz42@lemmy.world
0 points

You’ve got it backward. You encrypt with the public key, and decrypt with the private key. Otherwise, you’re spot on.

permalink
report
parent
reply
Avatar
Crul@lemmy.world
0 points

Isn’t that for when you want to send a message to someone so only the recipient can read it?

If I understand correctly, OP is asking about signatures to prove the posted content comes from a specific source.

Anyway, thanks for the review!

permalink
report
parent
reply
Avatar
dohpaz42@lemmy.world
0 points

In a digital signature system, a sender can use a private key together with a message to create a signature. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot find any message/signature pair that will pass verification with the public key

https://en.m.wikipedia.org/wiki/Public-key_cryptography

permalink
report
parent
reply
Show more comments

Ask Science

!askscience@lemmy.world

Create post

Ask a science question, get a science answer.

Community Rules

Rule 1: Be respectful and inclusive.

Treat others with respect, and maintain a positive atmosphere.

Rule 2: No harassment, hate speech, bigotry, or trolling.

Avoid any form of harassment, hate speech, bigotry, or offensive behavior.

Rule 3: Engage in constructive discussions.

Contribute to meaningful and constructive discussions that enhance scientific understanding.

Rule 4: No AI-generated answers.

Strictly prohibit the use of AI-generated answers. Providing answers generated by AI systems is not allowed and may result in a ban.

Rule 5: Follow guidelines and moderators' instructions.

Adhere to community guidelines and comply with instructions given by moderators.

Rule 6: Use appropriate language and tone.

Communicate using suitable language and maintain a professional and respectful tone.

Rule 7: Report violations.

Report any violations of the community rules to the moderators for appropriate action.

Rule 8: Foster a continuous learning environment.

Encourage a continuous learning environment where members can share knowledge and engage in scientific discussions.

Rule 9: Source required for answers.

Provide credible sources for answers. Failure to include a source may result in the removal of the answer to ensure information reliability.

By adhering to these rules, we create a welcoming and informative environment where science-related questions receive accurate and credible answers. Thank you for your cooperation in making the Ask Science community a valuable resource for scientific knowledge.

We retain the discretion to modify the rules as we deem necessary.

Community stats

  • 428

    Monthly active users

  • 124

    Posts

  • 967

    Comments

Community moderators