pull down to refresh
0 sats \ 3 replies \ @ek OP 24 Feb freebie \ parent \ on: The Curious Case of Digital Signatures crypto
interesting π
You use GPG suite? If so, can't test myself, only available for macOS
You use GPG suite?
yes
found a fun read here
https://www.qubes-os.org/security/verifying-signatures/
reply
The point is that we must decide who we will trust (e.g., Linus Torvalds, Microsoft, or the Qubes Project) and assume that if a trusted party signed a given file, then it should not be malicious or negligently buggy. The decision of whether to trust any given party is beyond the scope of digital signatures. Itβs more of a social and political decision.
this so much
That's why I mentioned "the person you trust" here
When you verify a digital signature, you make sure that the software was created by the person you trust and think it was created by (authenticity) and that it was not modified (integrity).
But they explain this part very well, I didn't