[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Public Key Confusion
I am a very confused over my PGP public key(s). I have signed my
public key and this is shown in a verbose listing of my public
keyring. The same date appears in my public keyring for my public key
as in my secret keyring for my secret key. The .asc file for my
public key has the same file date (per a file-manager program).
SOURCE OF CONFUSION: when I extract my public key from my public
keyring and insert the extracted public key into a message, the public
key that is inserted is bigger than and different from the public key
in the .asc file.
Am I correct to assume that the .asc version is a good public key but
*unsigned*, and that the larger public key extracted from my public
keyring is the same public key but has the additional component of my
signature built into the body of, or seemlessly incorporated into, or
otherwise coupled with, my public key?
People to whom I have sent the smaller .asc version of my public key
have sent me messages encrypted with that key, and I have been able to
decrypt them with no apparent problem. My confusion arose when
someone suggested that I sign my own public key, I clearsigned it (I
know, duh!), and PGP and a public key server could not find a key
block in the clearsigned message because the clearsigning put "- " at
the start of both PGP block delimiters.
Should I just stop distributing the .asc version and only let people
have the longer version extracted from my public keyring? Is that the
properly signed copy?
Tampering can be ruled out as a practical matter.
-- Best Regards, Jim