47 lines
2.0 KiB
HTML
47 lines
2.0 KiB
HTML
<!-- title: Page Verification -->
|
|
<!-- description: -->
|
|
<!-- render: yes -->
|
|
<div class="vertical text">
|
|
<div class="horizontal-center">
|
|
<div class="text-content">
|
|
<h2>Page Verification</h3>
|
|
|
|
<p>
|
|
In order to allow people to verify that a post has really been
|
|
created by me, I sign all blog posts and my "About" page using
|
|
my <a href="{{ email_gpg_url }}">public key</a>.
|
|
</p>
|
|
|
|
<h3>Using My Script</h3>
|
|
<p>
|
|
To verify a page, you can use
|
|
<a href="/assets/files/verify.sh">this script</a>
|
|
(<a href="/assets/files/verify.sh.sig">signature</a>), which you
|
|
can also find <a href="https://git.polynom.me/PapaTutuWawa/blog.polynom.me/src/branch/master/assets/files/verify.sh">here</a> in my blog repository.
|
|
|
|
<code>verify.sh "$URL"</code>, where <code>$URL</code> is the URL on my blog you want to
|
|
verify.
|
|
|
|
<div class="warning">
|
|
WARNING: Never execute a script that you downloaded from the
|
|
Internet without checking it first. This also holds true for this one.
|
|
</div>
|
|
</p>
|
|
|
|
<h3>What The Script Does</h3>
|
|
<p>
|
|
The following are the steps that my script takes to verify a page's signature. It
|
|
is written down so that you could verify a page signature even without downloading
|
|
my script.
|
|
|
|
<ul>
|
|
<li>Download the page source to "page.html"</li>
|
|
<li>Extract the PGP signature from the top and save it to "page.html.sig"</li>
|
|
<li>Replace the signature in "page.html" with "%%%SIGNED_PAGES_PGP_SIGNATURE%%%" (Without the ")</li>
|
|
<li>Verify using <code>gpg --verify page.html.sig page.html</code></li>
|
|
</ul>
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div>
|