I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything.

I created a key and ran gpg --export --armor fizz@… and I ran that twice and both blocks were identical. If I posted my public key block couldn’t someone copy and paste that under their message and claim to be me?

  • dohpaz42@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    You’re not though. You said encryption occurs with the public key and decryption occurs with the private. That’s the opposite of what happens and what the quoted text says.

    From the same source:

    In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt

    • Crul@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      You said encryption occurs with the public key and decryption occurs with the private

      I’m sad that I edited some typos on my original message because now you will probably think I changed it. But I said the opposite.

      Anyway, there is probably some missunderstanding here and I don’t think this conversation is useful.

      Thanks for the feedback.

      • dohpaz42@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        Funny story: you didn’t change the wrong info. The sad part is that you’re spreading misinformation and unwilling to hear otherwise. This is more dangerous than helpful.

        • uberrice@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          How is Crul wrong in anything other than the terminology? You sign a document with your private key - generating basically a hash of the document entangled with your key information. Anyone holding the public key can then verify that hash with the public key - that the document contents are intact and unchanged (from the hash), and generated by the person holding the private key (entangled key information)