I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything.

I created a key and ran gpg --export --armor fizz@… and I ran that twice and both blocks were identical. If I posted my public key block couldn’t someone copy and paste that under their message and claim to be me?

  • @stoicmaverick
    link
    English
    11 year ago

    That’s exactly my point. The gold standard would be a key signing party, but given that humans don’t tend to talk to each other in meat space much these days, it’s more of a rare occurrence than it used to be. I don’t really know what the ideal solution would be that would be a good mix of trust, privacy, and ease of use though.