Signatures stored as information inside a "public key"/certificate?
Morton D. Trace
classpath at arcor.de
Fri Jun 13 17:35:36 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
> Which is correct?
Are signatures an inherent part of the key
or are they
> stored extrinsically?
i would put it this way,
when I run gpg in command line mode I create a user ID and a secret
key + a public key.
that is assigned my real name and armored,
Then I meet up at the keysigning party and they all verify it,
later I think i can append other email addresses to the same
private key, I don't know if i can assign a fake private name like
Lordbyte Whirlfield or Dick Tracey or whatever,
as long as you don't take the identity from someone else, your digital
name can be whatever.
but for privacy and spam and prevention of identity theft
I hope that can be possible.
Some people prefer not to put that on a keyserver,
simply for preventing spam, and fraud.
But I am only familiar to gnuPG, what is the case for a root
certificate or exactly how that can be revoked I don't know.
signatures are an inherent part of a key, but you can anytime create new
for any key you can assign a new artificial name.
This is only my limited understanding of this,
please correct me if I'm wrong.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (SunOS)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users