I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything.
I created a key and ran gpg --export --armor fizz@… and I ran that twice and both blocks were identical. If I posted my public key block couldn’t someone copy and paste that under their message and claim to be me?
Isn’t that for when you want to send a message to someone so only the recipient can read it?
If I understand correctly, OP is asking about signatures to prove the posted content comes from a specific source.
Anyway, thanks for the review!
In a digital signature system, a sender can use a private key together with a message to create a signature. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot find any message/signature pair that will pass verification with the public key
Sorry, but I still think I’m saying the same thing as in that paragraph:
[from your link] a sender can use a private key together with a message to create a signature
- [from my post] the same content published in clear text encrypted with the[ir] private key
[from your link] Anyone with the corresponding public key can verify
- [from my post] anyone can decrypt it with the author’s public key
You’re not though. You said encryption occurs with the public key and decryption occurs with the private. That’s the opposite of what happens and what the quoted text says.
From the same source:
In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt
