Signing all pages with GnuPG
So, two posts and already changed them twice. These ~tildzitens
are teaching me more stuff that I expected. In a previous version of this post, I was self-publishing my public key (and using pgp.mit.edu for distribution), but now I’ll use a different public key (global, if you will), managed under Keybase.io (thanks dlowe for the invite!)
The general idea is to sign all posted pages in this blog using GnuPG. Not that I doubt my root (if fact I wouldn’t be here if I did), but there’s always a good practice in a shared host to add an extra layer of security. Thus, I’m signing all pages with my GnuPG key, also available on my Keybase account.
All pages get signed at render time, and a .asc
file accompanies every HTML and XML feed in this blog. So, let’s say you wish to verify http://hackers.cool/~imt/index.html. First, you’ll have to fetch my GnuPG public key from a known key server:
$ gpg --keyserver pgp.mit.edu --recv-key C5241360
gpg: requesting key C5241360 from hkp server pgp.mit.edu
gpg: key C5241360: public key "keybase.io/imt <imt@keybase.io>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Next, download the page and the corresponding .asc
signature file.
$ wget -q http://hackers.cool/~imt/index.html http://hackers.cool/~imt/index.html.asc
Last, but not least, run gpg --verify
. Remember, the first argument is the .asc
file (GnuPG ASCII signature armor)
$ gpg --verify index.html.asc index.html
gpg: Signature made Mon 08 Dec 2014 18:57:28 UTC using RSA key ID C5241360
gpg: Good signature from "keybase.io/imt <imt@keybase.io>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 185B EA37 4F1D E4BC F3F7 8A36 8A0E 8807 C524 1360
The phrase Good signature from “keybase.io/imt imt@keybase.io“ indicates the HTML page was not altered since it was signed with my GnuPG key.
In a next episode, how to get rid of the warning message This key is not certified with a trusted signature!.
PS. Here’s my GPG public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQINBFSF8iYBEADMhCpfvGvlY9yCcVtW9eA3rAb8kePtL5DSSmdjQ3/ooD1g3LQH
kz0ccJuAs0BIAHSnGtv/Glj/5NoKZGEAAOxO+DP529mN93ogoVoV54s0qExBcdOE
g5PA5xIUspylQvpuyT6e/IgWKGiwBwwwbKAlUO23YEsG7C0eMXZXfvBFkV9Alviq
hlTm++Y6RdlOJd4YfXBASJpSTB3LU6R6Rm3YbQWS08W+UTzayDZJv2LxLlRB0vuK
+S3Et6TzIz5oLSbmAIWCCS7YEd0JEuKGl91YZmeUUvK54lzPKS09MEx2J2nNafms
6e73fG97OQHnvm5SJUpURbSynPeoF2UgTzEmiT/Iq7EV50h5HsJR/FsHejK+qlt4
YAEWAKWOhSBDsxotwKZOEbk08Os3NlLcQNIcWMVDbKOIEDBSfLJKAV9ssYZ97tWG
wZbN3SZ7n4Ab3/05mWVj4GYigod1TvY8htmkBPpwbP/J3jhNb35bkX7amoNURtjq
EPEJm32UM3Kczmd0V5gQ2/Fd1jB6cnmFKpDyYHBTNOXdcslv8OWD6yyBQmQ8CVDM
mw2xwb17TKXrVka1VuepOWTs2pzgNZgWtI0JmsTOdkt6nLzDEaBI2dLJYakrRjpD
L/vIfV9+c/tmUpH6AM5XvcUEWgRmqgYyU+ZKMLTIDqE+MteBJfMWipyUfwARAQAB
tB9rZXliYXNlLmlvL2ltdCA8aW10QGtleWJhc2UuaW8+iQI+BBMBAgAoBQJUhfIm
AhsjBQkSzAMABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCKDogHxSQTYEY8
D/9tUrYHH71HDfVGbu4L4BZlW7h83iiniUvUb7980gniSlWJvkv0m48GBvE8EN/q
ze9tLC4xhUBY/ihYhlhoEeNmgePJu/x/0mBwSsMMpRunka9DcfkCHFWDDXHrjMcH
oOBbZCRM20nFb1EpF6J4rEHErW0h8ccBJBu/XBgZIVp8QmGpRaEG1LbjZCcGtKiz
HxSYK1Mh2yDi4e2UI0JjC3gzAEkTvPWQbYG9+/jYIPVPBKsszDB4PxgRc8vmBay+
zw1JE4vpGzklnFk/nwWu1FvTAkjgjPX5rXctmeOx+z+6uDtCEhvp8vOyHj2/auiR
0qIfBBc6A1vhYG/dhXFOvv9Hu25mOtltD2sNuBXlY4JiNJQkF2zvn/fPaMHxfAxb
ZhTkaWHnpI/Dm8I3GVQrTOlhVcs92NT++DgIhx+7QR5AkPiILa3QtjEMwQ7VZxwI
WDN5KWdsEo5ts01prEan5kHi8vZfeB5UJ2q8PNDILApTvRSxaUbDTmPrOZ2ydMzm
8cw9kjth/C0C4PCWbY+HO4VW3pbyQUXr3t0NjVLAhk9i2ODedAEdOL9ZEU9cdRDi
SNKl9OS/RY2gQ0QZOdG+a6Z/Xf7+Xgzane1wakN//vna/A2uFpGgqY8nI1AGsz8E
iBG8wLJ45hRg5G+ysTWEidpNn/VDLXzguwbaAGCnvy+RKrkCDQRUhfImARAA7MBK
Tm1FvQrDJKiWoqCgS6gZa0+WIIWEV4B58ZRTEpKHH2Si6UGwBdgH2cII4Itw4v/z
Gjk+sQtFlym0dGjusNOYBjkPSMVGXeR9wzZXECLZoplJqUXVgMJKzAobh10fQ9IZ
0UieZg93YLdk2bQ19DfX39N/s7cob8/rvXMDAohAnlclZwPWpCpTA2j+rRg1hl0P
i/3rcXZ/z1gK5btiYHPWGOpDJZyN0kZ5pwxea5TYoAZsUxIZSpXmXYBRfAs8bzL4
yUVJ4mdYwnp6pQ0qPkRne8Pyek5g86rg6v+2Sh6wHWf6LdiOqjZ1osqTQM3omGQz
rUAC+saERtjcgWjMnU7C0wjgocxOP7/bKyEijC/gVp96RHykoD3fznX35/vMTTo5
C1zXTSvA4trbRZrxHWWjWtj3fSITH9uWGFWmMv2MPTX+y890AjN+kZmFMek0JreY
s4x/l4hHo+YQz829YmeekQUneRqaO+isx+ti3++DjhiAtC+89CmnsekN3FnalX9/
DiJxUFk3SPm3OlQNyMB9rlezw1GRHIaLumsGobj+I/Hb34Ft4E9UKv+MJRoZiAPV
ATlcIq1W2/hniQZuFsPAEDLTRcTR3JbiN2eupdmfFKSaxmuJ9vWJvswRxAv5PIGK
qLJ4nC+IIcKTJBleWNaReHbFYd1ur7FeGUrZMskAEQEAAYkCJQQYAQIADwUCVIXy
JgIbDAUJEswDAAAKCRCKDogHxSQTYOP4EACK8keb+QxY2kxoFm76r22bW2Fty6zV
mcTNjEZPzxZBgux5QVq8AogsAoRCY2BMxsenIz4/gdw/MfZ33RrG4GlY4yxK9aNt
KJRmBwytalp2/DJioJcz36v00btH9dmNbhKcYOhoG80V/O4Wb4EvljQbuRsisYFA
eDlVIWN3lGHXOnQRdRAVAMtowZb9b/sAEu2OR8/UbO0Z5MDCVVUsQkhTbteyk33+
8EZ/vtrvE9CxqlA0V6PIBYua4+xDjo1xZCARbrh0k3Gy1o5TMGtb80GeA5mYp7w4
2pTV9HH/EPbKQSzjor2Wh9RdMZI6tQfk4gZY1veeCr4mt6e3fWlCkkWN7MQ31CxK
ewOLaKvJe4/GctYV2XcC6t4jzUqq9Vv3Qz4Zj7329nRk+pTRjQjuClQGmP4GC4Us
lDfCiWRSPjxKM1QNWe60UUY+j/A1LfIqCjV+ytN4ZCm5S1msv5pvZGbcsAeShpEg
XT6nTUdTHRviaTlOJFnIy2Fw9Sjti24loDRmTciV9bFbEp6ZW3PGDw34tQSB3lWE
N/Ne6dPqhfqbopq0s4CYO6q28oXHAyVIIYQKya2NCvAr4/uHgE1vo6Tgpre741dm
5E9WstaqW/nUP1ynFrTvNkHs1i1KwMCKd0s6YjuOQ41YeR6zgKB1Ta81QuC8xvA1
DKXYWg1k4jhhMQ==
=M5fh
-----END PGP PUBLIC KEY BLOCK-----