> Edit: Also, it's not very hard to generate a different key with signature 79DEBE35, and put it on the key servers. gpg's displaying of such short abbreviations for keys is one the worst parts of its UI.

Yup: http://www.asheesh.org/note/debian/short-key-ids-are-bad-new...

You can naturally use longer fingerprint to confirm keys. pub 1024D/274EF626 2006-07-25 [expires: 2046-07-15] Key fingerprint = 166C 5F6B 8808 A9BE B2B4 F265 AE02 7784 274E F626

Both valid points; I have no way to verify that's an authentic key.

>79DEBE35 is a key in the possession of Wired

How do you know this?

The message posted on Wired is encrypted with that key.

EDIT: While what I said was technically true, in that it is encrypted with the 79DEBE35 key, that's not Wired's key, it's the recipient's key.

One could say it was encrypted to the 79DEBE35 key.

The way this thread is going, one probably ought to say that or otherwise imply/explain it :S

It was the signing key on Wired's broadcast.

So? You can download my public key and encrypt something with it... and only I'll be able to read it with my private key.

It's still "my" key even though you're signing or rather encrypting a message with it.

I find all this public key and private key concept is confusing to general people. A private key is an actual key that you can use to unlock an encrypted message. A public key is actually a lock that you gave someone so that he can use to encrypt message and only you can open it.

I believe some people, myself included initially, misinterpreted the "encrypted with" key as being the sender's key rather than the recipient's.

We don't know who that key belongs to for sure, of course, but it could be Snowden's.