I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything.

I created a key and ran gpg --export --armor fizz@… and I ran that twice and both blocks were identical. If I posted my public key block couldn’t someone copy and paste that under their message and claim to be me?

  • perviouslyiner
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    1 year ago

    Key signing parties used to be the thing to do at conferences - imagine a line of people, sheets of paper listing all their key fingerprints, and people showing ID to each other.