I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything.

I created a key and ran gpg --export --armor fizz@… and I ran that twice and both blocks were identical. If I posted my public key block couldn’t someone copy and paste that under their message and claim to be me?

  • Crul@lemmy.worldEnglish
    0·
    1 year ago

    You said encryption occurs with the public key and decryption occurs with the private

    I’m sad that I edited some typos on my original message because now you will probably think I changed it. But I said the opposite.

    Anyway, there is probably some missunderstanding here and I don’t think this conversation is useful.

    Thanks for the feedback.

    • dohpaz42@lemmy.worldEnglish
      0·
      1 year ago

      Funny story: you didn’t change the wrong info. The sad part is that you’re spreading misinformation and unwilling to hear otherwise. This is more dangerous than helpful.

      • uberrice@feddit.deEnglish
        0·
        1 year ago

        How is Crul wrong in anything other than the terminology? You sign a document with your private key - generating basically a hash of the document entangled with your key information. Anyone holding the public key can then verify that hash with the public key - that the document contents are intact and unchanged (from the hash), and generated by the person holding the private key (entangled key information)