This repository has been archived on 2024-02-04. You can view files and clone it, but cannot push or open issues or pull requests.
blog.polynom.me/content/verify.html

47 lines
2.0 KiB
HTML
Raw Normal View History

2020-09-23 14:59:23 +00:00
<!-- title: Page Verification -->
<!-- description: -->
<!-- render: yes -->
<div class="vertical text">
<div class="horizontal-center">
<div class="text-content">
<h2>Page Verification</h3>
<p>
In order to allow people to verify that a post has really been
created by me, I sign all blog posts and my "About" page using
2020-11-24 13:49:39 +00:00
my <a href="https://{{ email_gpg_url }}">public key</a>.
2020-09-23 14:59:23 +00:00
</p>
<h3>Using My Script</h3>
<p>
To verify a page, you can use
<a href="/assets/files/verify.sh">this script</a>
(<a href="/assets/files/verify.sh.sig">signature</a>), which you
can also find <a href="https://git.polynom.me/PapaTutuWawa/blog.polynom.me/src/branch/master/assets/files/verify.sh">here</a> in my blog repository.
<code>verify.sh "$URL"</code>, where <code>$URL</code> is the URL on my blog you want to
verify.
<div class="warning">
WARNING: Never execute a script that you downloaded from the
Internet without checking it first. This also holds true for this one.
</div>
</p>
<h3>What The Script Does</h3>
<p>
The following are the steps that my script takes to verify a page's signature. It
is written down so that you could verify a page signature even without downloading
my script.
<ul>
<li>Download the page source to "page.html"</li>
<li>Extract the PGP signature from the top and save it to "page.html.sig"</li>
<li>Replace the signature in "page.html" with "&#37;&#37;&#37;SIGNED_PAGES_PGP_SIGNATURE&#37;&#37;&#37;" (Without the ")</li>
2020-09-23 14:59:23 +00:00
<li>Verify using <code>gpg --verify page.html.sig page.html</code></li>
</ul>
</p>
</div>
</div>
</div>