About document signing

[jan6 at tilde.ninja]

May 18, 2020 5:20 PM, "defdefred" <defdefred at protonmail.com> wrote:
>> As a reminder: TLS is end-to-end encrypted!
> 
> Not End-to-End (Writer-to-Reader)... Only Server-to-Browser, without protection for the hosted
> files.

even for PGP, unless you encrypt in a way decryptable with a specific key, you still only can trust as far as your server...
otherwise you need either some out of band way to get the key

if you get the key over gemini or other unencrypted connection, how do you know the key AND the data haven't been modified?
if you send plain content and then key, how do you know the separate key or signature was not modified on the server, or in transmission?

you can not have writer-to-reader encryption *AND* have it accessible to lots of people, without trusting the server...