-1
I read this:
"Public-key cryptography uses key pairs, a public and a private one, that can be generated by a user at any time. As the name implies, the public key gets distributed, while the private one remains in the possession of a single person or entity. The private key is meant to be kept safe and secure by the owner. The private key can be used to sign messages such that anybody with the key pair's corresponding public key can verify with certainty that only the holder of the private key could have signed the message."
Here's what I don't understand: someone signs a public key and gives it to me. How do I verify that it was signed? All I get is the public key that everyone has?
2Off topic, belongs on crypto.stackexchange.com – ripper234 – 2011-12-07T08:45:57.507
After speaking with one of the mods from crypto.SE it seems that since this question deals more with high-level implementation than low-level internal functionality it would be more appropriate for security.SE. Since migration from beta sites is discouraged, however, and theymos has given a perfectly valid answer, we're simply closing this one. If theymos' answer is not adequate, the asker is encouraged to take their question to security.SE or flag for moderator attention at which point migration will be reconsidered if sufficient reason can be found. – David Perry – 2011-12-07T20:15:06.583