@flyingzumwalt already answered it well, but one addendum, because you asked for the publishing key. That's the key a user would generate in his client software to publish metadata, playlists etc. (maybe even songs for download) on ipns. The go-ipfs equivalent is
ipfs key gen --type=rsa --size=2048 mykey. The key "mykey" will then be saved to your ~/.ipfs directory, and you can then publish using that key, instead of using your PeerID. You can create as many keys as you like, e.g. if you want to share metadata/playlists etc. with different friends, you can create one publishing key & one ipns publication per friend sharing linkup. Then you just need to share that publishing key with the people you've linked up, and for that key-sharing operation, the key needs to be transferred encrypted, and for that a public-private key cryptography would be the best way. (Simple S/MIME with openssl would probably suffice.) You also need to account for the situation when one user leaves or is kicked out of a sharing group: then your app needs to remove that key again, i.e. it has to be stored locally in encrypted form as well, but this time the encryption is only known to your app, not to the user, i.e. the user won't be able to just snatch the key from the Application Support folder before leaving the group.
PS: what you put into the ipns directory should be encrypted too. And that would complicate things, if multiple users share that directory, if users are added, if others leave etc.