I'm new to asymmetric encryption guys, I read about it thoroughly lately and I don't get one thing.
If, say, I have a message, I sign it by first hashing the message, then encrypting it with my private key. After that I publish message and signature together. Then if anyone wants to check it, they have to decrypt it with my public key and compare the hash.
My question is: how do they know my public key?
If I send it with message - then anyone can forge it by altering the message, replacing the open key and making a new valid signature. Or maybe it can be requested from me? If yes, then what if someone interrupts that request and replace my public key in response with theirs fake one?
One more thing: what if the public key is not available? For example if there is a system were each node can broadcast its public key - what if some of the nodes are offline for weeks - does it mean their signatures can not be verified? Maybe their public keys are saved on some kind of centralized database, where you could request my public key by, say, my email. But this database can be hacked and public key will be replaced by a fake one - and nobody will trust my signatures anymore.
You see, maybe I don't get some particular subtle moment here - an issue of how to trust a genuine public key in any given network system, given that hacker may somehow interrupt any connection and replace messages between nodes (or if it's a centralized DB - public keys may be replaced by hacker).
