verifying whithout key
Anthony E . Greene
agreene@pobox.com
Tue Jun 5 03:34:01 2001
On Mon, 04 Jun 2001 18:24:41 Jan Schneider wrote:
>is there any way to verify signed messages without having the owners key?
>pgp complains but does the verifying, gpg doesn't at all.
If PGP/GPG does not have the key, it cannot verify the signature.
Verification requires PGP/GPG to decrypt the signature using the signers
public key. The decrypted data should be a hash of the message data. PGP/GPG
compares this decrypted hash with a hash it generates itself. If they match,
the signature is verified. But it needs the signer's public key to decrypt
the signature data to recover the original hash.
Tony
--=20
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05 MSN: te_greene
Linux. The choice of a GNU Generation. <http://www.linux.org/>