Effectively, someone can provide you with a document to sign, and instead of signing the document you give you, you add some nonce to it and sign the result instead. The nonce (salt) can be from /dev/urandom or some ascii art or whatever. Then you and/or the originating party can forward the document you *did* sign, including the nonce, to whomever it concerns.
The reason for not salting with your own public key is not that other people *can* know your public key; but that an attacker doesn't know it in advance and therefore cannot prepare two documents with the same hash *and* the same salt before presenting one to you to sign.
Historically, salts were used for preventing dictionary attacks on /etc/passwd on the same principle: an attacker might know all the words in the dictionary in advance, but cannot possibly pre-compute each of them with every possible salt. But if /etc/passwd is world-readable, the attacker knows a much smaller range of possible salts in advance too, hence /etc/shadow and hence your recommendation for randomness.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds