Yup, you got it!

And also HMAC keys will never be displayed in the public-key list. Since they are symmetric, displaying them in that list would let anyone viewing them sign JWTs indistinguishable from those signed by FusionAuth.