Hypothetically, if I only know a node’s peerid, and they send me a signed email with their public key, what’s the fastest way to verify it’s from their public key?
I’m not sure I understand your question, but in general, if you have 1) a signature, and 2) the data, and 3) a public key, then that’s all you need in order to verify all three. And what that verification actually “proves” is that the person who created the signature knew both the private key and the data.
Clarifying, how do I get the public key from the peerid?
This depends, what language do you use ? JS or Go ?
What kind of peer ID is it ? (if they use RSA, the peer id is only the hash of the pub key (because the pubkey is too big) so you would need to join the pub key in the email, check the hash correspond with peer ID and then check signature, while Ed25519 embed the pub key directly in the peer ID because this saves one round trip while negociating a connection and the keys are small enough to do it).