Is there some way to verify that what I think I encrypted is actually what was encrypted when I don't have the private key? (PGP)

Question

Let's say that Joe gives his PGP public key to Sue so that Sue can send Joe a secret message.

Sue opens her PGP/GPG program, types I'm in love with Joe! and encrypts the message with Joe's public key.

The result is a blob that only Joe can read, because only he has the private key to his public key.

When Joe receives the blob and decrypts it using his private key, the message reads: I hate you, Joe!!.

How is this possible? Well, Sue's computer has been compromised by a jealous third party, Ken. Ken secretly installed a mechanism which changes the messages just before the PGP/GPG program uses the public key to encrypt the message, so that the wrong message is encrypted instead of the intended one.

Is there any way that Sue could have verified that the blob she sent to Joe actually contained the message she thought she inputted, when she doesn't have the private key? I of course don't mean to decrypt the message, but some kind of "true/false" answer whether the blob corresponds to exactly a given text. Is that possible?

(She does the verification on a separate, non-compromised computer.)

Answer 1

Is there any way that Sue could have verified that the blob she sent to Joe actually contained the message she thought she inputted, when she doesn't have the private key? I of course don't mean to decrypt the message, but some kind of "true/false" answer whether the blob corresponds to exactly a given text. Is that possible?

No, this isn't possible.

The only way for Sue to perform that verification is for her to have also encrypted the message to her public key. This is commonly known as 'encrypt to self'. But that's just a different way for her to have the private key, so it doesn't match your criteria.