I've studied a lot of examples and do a lot of research but I could not figure how to verify a signed text (PGP) without having a public-key.
I just want to ensure that the text has not been changed after creation.
Any hints are welcome!
Example:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Beispiel text
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.59
iQEcBAEBAgAGBQJbbYOlAAoJEOvsgYjY/KHJUrkH/RDoFkONolpEEjafqjk3NOlg
uELyCF0vE/msFD2SO5O98HD4egnpxlO+fyJiZ2x+c0B52KQuOztAOYTHly2NKrL7
65gEIzOmpu+yQhYlZr4Qp2xGStJqxfgMeAIv3UUjUoRE7DWMZwgpO1KqGUhB05TL
XXyzWLJND27SzpNjpRmUmf+uuLKZHQ55q1dapwZym2Xg5il+UzYuJjfle9jvBWtc
uPJ40ghE/ms8WjAUAEOsdPB3rFd65pjwcauClM05L7w7KIv3/hgoAI/zZyGWW40B
yQuTbt2nYeZO4NbXkosiq9db4Lo5tEPdUH1NI3e34e2gymhCFOOguT3dAoafYYw=
=JrA1
-----END PGP SIGNATURE-----
Thanks to all!
I was wrong! A public-key is needed for decryption and verification!
Have a look at the output of gpg, it is the de facto standard:
cat |gpg --verify
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Beispiel text
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.59
iQEcBAEBAgAGBQJbbYOlAAoJEOvsgYjY/KHJUrkH/RDoFkONolpEEjafqjk3NOlg
uELyCF0vE/msFD2SO5O98HD4egnpxlO+fyJiZ2x+c0B52KQuOztAOYTHly2NKrL7
65gEIzOmpu+yQhYlZr4Qp2xGStJqxfgMeAIv3UUjUoRE7DWMZwgpO1KqGUhB05TL
XXyzWLJND27SzpNjpRmUmf+uuLKZHQ55q1dapwZym2Xg5il+UzYuJjfle9jvBWtc
uPJ40ghE/ms8WjAUAEOsdPB3rFd65pjwcauClM05L7w7KIv3/hgoAI/zZyGWW40B
yQuTbt2nYeZO4NbXkosiq9db4Lo5tEPdUH1NI3e34e2gymhCFOOguT3dAoafYYw=
=JrA1
-----END PGP SIGNATURE-----
gpg: Signature made Fri Aug 10 14:23:01 2018 CEST
gpg: using RSA key EBEC8188D8FCA1C9
gpg: Can't check signature: No public key