I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything....
Look at the words you used, encryption is not the same as a signature, with a signature you can prove that a person with access to the private key wrote the message.
What you’re talking about in your message is encryption, and you have it the wrong way around, messages gets encrypted with the public key, and can only be read with the private key.
So they are not excrypting it, but do we agree that with signatures the author uses their private key + the clear message to generate “something”?
Yeah sure, and I think the person you are arguing with is saying as much as well, it’s just that this is not encrypting it, when you encrypt something you obfuscate it in a way that is possible to deobfuscate, think the caesar cipher as a simple encryption, a hash/signature on the other hand is something that is generated from the clear text using your private key, which is not possible to decrypt, think very simplified that the person would just put the amount of each letter of the alphabet used in in the text, then add the length of the thread, and then multiplied by your private key. This way it’s proven that the holder of the private key is the person writing the text, and that the text hasn’t changed since the signature was generated.
… so then anyone can use the author’s public key to check that “something” against the clear mesage to confirm the author’s identity?
They can confirm that the person holding the private key (not identity, just that they have the key) and also that nobody changed it since they signed it (like the person adminning the forum or a moderator or something)
If that’s the case, then my error is that the operation to generate the signature is not an encryption. So, may I ask… what is it? A special type of hash?
How does a signing a post with a pgp key prove that you are actually the person behind the post?
I saw that people on the dark web would sign their posts with a PGP key to prove that their account has not been compromised. I think I understand the concept of how private and public keys work but I must be missing something because I don’t see how it proves anything....