I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything.

I created a key and ran gpg --export --armor fizz@… and I ran that twice and both blocks were identical. If I posted my public key block couldn’t someone copy and paste that under their message and claim to be me?

  • dohpaz42@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Funny story: you didn’t change the wrong info. The sad part is that you’re spreading misinformation and unwilling to hear otherwise. This is more dangerous than helpful.

    • uberrice@feddit.de
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 year ago

      How is Crul wrong in anything other than the terminology? You sign a document with your private key - generating basically a hash of the document entangled with your key information. Anyone holding the public key can then verify that hash with the public key - that the document contents are intact and unchanged (from the hash), and generated by the person holding the private key (entangled key information)