Small fix + Add verify page

This commit is contained in:
PapaTutuWawa 2020-09-23 16:59:23 +02:00
parent 2500b3d9eb
commit f93014e8db
2 changed files with 79 additions and 31 deletions

View File

@ -1,8 +1,9 @@
<!-- title: About "PapaTutuWawa" -->
<!-- description: -->
<!-- render: yes -->
<div class="horizontal-center">
<div class="vertical text">
<div class="vertical text">
<div class="horizontal-center">
<div class="text-content">
<h3>About "PapaTutuWawa"</h3>
<div class="container">
@ -31,8 +32,9 @@
<h3>About This Page</h3>
<ul>
<li><a href="https://{{ git_url }}/PapaTutuWawa/blog.polynom.me">Source</a></li>
<li>All pages are signed using my public key. Use this <a href="/assets/files/verify.sh">script</a> (<a href="/assets/files/verify.sh.sig"><u>signature</u></a>) to verify</li>
<li>All pages are signed using my public key. Use this <a href="/assets/files/verify.sh">script</a> (<a href="/assets/files/verify.sh.sig"><u>signature</u></a>) to verify or <a href="/verify.html">see here</a> to learn more</li>
<li>Last updated <i>{{ build_time }}</i></li>
</ul>
</div>
</div>
</div>

46
content/verify.html Normal file
View File

@ -0,0 +1,46 @@
<!-- title: Page Verification -->
<!-- description: -->
<!-- render: yes -->
<div class="vertical text">
<div class="horizontal-center">
<div class="text-content">
<h2>Page Verification</h3>
<p>
In order to allow people to verify that a post has really been
created by me, I sign all blog posts and my "About" page using
my <a href="{{ email_gpg_url }}">public key</a>.
</p>
<h3>Using My Script</h3>
<p>
To verify a page, you can use
<a href="/assets/files/verify.sh">this script</a>
(<a href="/assets/files/verify.sh.sig">signature</a>), which you
can also find <a href="https://git.polynom.me/PapaTutuWawa/blog.polynom.me/src/branch/master/assets/files/verify.sh">here</a> in my blog repository.
<code>verify.sh "$URL"</code>, where <code>$URL</code> is the URL on my blog you want to
verify.
<div class="warning">
WARNING: Never execute a script that you downloaded from the
Internet without checking it first. This also holds true for this one.
</div>
</p>
<h3>What The Script Does</h3>
<p>
The following are the steps that my script takes to verify a page's signature. It
is written down so that you could verify a page signature even without downloading
my script.
<ul>
<li>Download the page source to "page.html"</li>
<li>Extract the PGP signature from the top and save it to "page.html.sig"</li>
<li>Replace the signature in "page.html" with "%%%SIGNED_PAGES_PGP_SIGNATURE%%%" (Without the ")</li>
<li>Verify using <code>gpg --verify page.html.sig page.html</code></li>
</ul>
</p>
</div>
</div>
</div>