This seems to be a gross misunderstanding of public key cryptography. Public keys allow you to verify an existing signature is valid and made by the correct entity, but they absolutely don’t allow you to forge a signature: that’s actually what they are designed to prevent.
A verifiable signature could be created but the use of public keys lets malicious actors to sign using the same key
This seems to be a gross misunderstanding of public key cryptography. Public keys allow you to verify an existing signature is valid and made by the correct entity, but they absolutely don’t allow you to forge a signature: that’s actually what they are designed to prevent.