verifying whithout key
Anthony E . Greene
Tue Jun 5 03:34:01 2001
On Mon, 04 Jun 2001 18:24:41 Jan Schneider wrote:
>is there any way to verify signed messages without having the owners key?
>pgp complains but does the verifying, gpg doesn't at all.
If PGP/GPG does not have the key, it cannot verify the signature.
Verification requires PGP/GPG to decrypt the signature using the signers
public key. The decrypted data should be a hash of the message data. PGP/GPG
compares this decrypted hash with a hash it generates itself. If they match,
the signature is verified. But it needs the signer's public key to decrypt
the signature data to recover the original hash.
Anthony E. Greene <email@example.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05 MSN: te_greene
Linux. The choice of a GNU Generation. <http://www.linux.org/>