Signatures stored as information inside a "public key"/certificate?
Morton D. Trace
classpath at arcor.de
Fri Jun 13 17:35:36 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
bezna wrote:
> Hello,
>
> Which is correct?
Are signatures an inherent part of the key
or are they
> stored extrinsically?
>
>
> George
i would put it this way,
when I run gpg in command line mode I create a user ID and a secret
key + a public key.
that is assigned my real name and armored,
Then I meet up at the keysigning party and they all verify it,
later I think i can append other email addresses to the same
private key, I don't know if i can assign a fake private name like
Lordbyte Whirlfield or Dick Tracey or whatever,
as long as you don't take the identity from someone else, your digital
name can be whatever.
but for privacy and spam and prevention of identity theft
I hope that can be possible.
Some people prefer not to put that on a keyserver,
simply for preventing spam, and fraud.
But I am only familiar to gnuPG, what is the case for a root
certificate or exactly how that can be revoked I don't know.
http://www.gnupg.org/gph/en/manual.html
http://www.gnupg.org/gph/en/manual.html#CONCEPTS
signatures are an inherent part of a key, but you can anytime create new
keypairs,
for any key you can assign a new artificial name.
This is only my limited understanding of this,
please correct me if I'm wrong.
Morten
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhSk8gACgkQ9ymv2YGAKVTKAQCeMB17XYXPxp5O4EkW4sl2U1nO
IwcAn3GcCIDin8BaDHoOcs5Zw4khj6Wq
=+WJ3
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list