You're talking about 2 things at once there. You sign a file with your private key and transport the signature file with the file (they are separate). The private key stays with you and other people can use your public key to verify the signature.
Have a look at the gnupg site. You can download files as well as signatures for those files. There are other ways to do this - signing/encrypting attachments for emails, etc. That's why it's worth looking through the docs.
|