How does a signing a post with a pgp key prove that you are actually the person behind the post?

Fizz@lemmy.nz · 1 year ago

How does a signing a post with a pgp key prove that you are actually the person behind the post?

Crul@lemmy.world · edit-2 1 year ago

EDIT: changed encryption / decryption to signing / veryfing. Thanks for the corrections

Not an expert, those who know more please correct me.

From what I understand, what they post is not a PGP key, but the same content published in clear text signed with their private key. That way anyone can verify it with the author’s public key to check it has been generated with the private one (that only one person should have).

dohpaz42@lemmy.world · 1 year ago

You’ve got it backward. You encrypt with the public key, and decrypt with the private key. Otherwise, you’re spot on.

Crul@lemmy.world · 1 year ago

Isn’t that for when you want to send a message to someone so only the recipient can read it?

If I understand correctly, OP is asking about signatures to prove the posted content comes from a specific source.

Anyway, thanks for the review!

dohpaz42@lemmy.world · 1 year ago

In a digital signature system, a sender can use a private key together with a message to create a signature. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot find any message/signature pair that will pass verification with the public key

https://en.m.wikipedia.org/wiki/Public-key_cryptography

Crul@lemmy.world · edit-2 1 year ago

Sorry, but I still think I’m saying the same thing as in that paragraph:

[from your link] a sender can use a private key together with a message to create a signature

[from my post] the same content published in clear text encrypted with the[ir] private key

[from your link] Anyone with the corresponding public key can verify

[from my post] anyone can decrypt it with the author’s public key

dohpaz42@lemmy.world · 1 year ago

You’re not though. You said encryption occurs with the public key and decryption occurs with the private. That’s the opposite of what happens and what the quoted text says.

From the same source:

In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt

Crul@lemmy.world · 1 year ago

You said encryption occurs with the public key and decryption occurs with the private

I’m sad that I edited some typos on my original message because now you will probably think I changed it. But I said the opposite.

Anyway, there is probably some missunderstanding here and I don’t think this conversation is useful.

Thanks for the feedback.

dohpaz42@lemmy.world · 1 year ago

Funny story: you didn’t change the wrong info. The sad part is that you’re spreading misinformation and unwilling to hear otherwise. This is more dangerous than helpful.

uberrice@feddit.de · 1 year ago

How is Crul wrong in anything other than the terminology? You sign a document with your private key - generating basically a hash of the document entangled with your key information. Anyone holding the public key can then verify that hash with the public key - that the document contents are intact and unchanged (from the hash), and generated by the person holding the private key (entangled key information)