New post about signing posts.
This commit is contained in:
parent
376feaf995
commit
2e07832f6f
33
_posts/technology/2016-12-26-signing-blog-posts.md
Normal file
33
_posts/technology/2016-12-26-signing-blog-posts.md
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
---
|
||||
title: GPG and signing blog posts with Jekyll
|
||||
category: technology
|
||||
tags:
|
||||
- cryptography
|
||||
- blogging
|
||||
- gpg
|
||||
---
|
||||
|
||||
I've started signing all of my posts here with my GPG key. As a tl;dr, you can get the markdown source and the signature file at the bottom of each post, and you can verify that the post was signed by me by using my public [GPG key].
|
||||
|
||||
## Why sign blog posts?
|
||||
|
||||
Let's say you run an underground news website, disseminating important information. Perhaps you live in a failed democracy and you need to broadcast information to the world about the things that are happening there. You want your readers to be able to trust that the information they receive is coming from the same group, in case your website gets hacked. If you set up a GPG key when you start your blog, and always sign your posts.
|
||||
|
||||
|
||||
## Ok, but why are *you* signing *your* blog posts?
|
||||
|
||||
To be honest, it's a bit silly. No one is likely to even read my blog, let alone 'attack' me. The above scenario is pretty unlikely to happen on Anna's Dusty Old Blog. And for general proof-of-ownership, my [keybase profile] already connects this domain name to the rest of my online identity.
|
||||
|
||||
But over the next few years, I think it's depressingly likely that we will need something like a Voice of the Resistance. Maybe I'm being paranoid. I sincerely **hope** I'm being paranoid. But this is a proof of concept.
|
||||
|
||||
I can't do very many things to help fight against injustice. I'm no good in a physical fight. I'm terrible at public speaking. But I know software, and infrastructure, and I have a pretty decent handle on crypto. And I want to be ready.
|
||||
|
||||
So, if you want to see how I've set this up, this site's [source code] is available on github. It runs on [jekyll].
|
||||
|
||||
And if you aren't especially technical but you find yourself needing to set up something similar for a more 'serious' purpose, get in touch.
|
||||
|
||||
|
||||
[GPG key]: https://keybase.io/annabunches/pgp_keys.asc?fingerprint=82b1fcf343081be8e78826cf2b856f73efef6022
|
||||
[keybase profile]: https://keybase.io/annabunches
|
||||
[source code]: https://github.com/annabunches/annabunch.es
|
||||
[jekyll]: https://jekyllrb.com/
|
||||
17
_posts/technology/2016-12-26-signing-blog-posts.md.asc
Normal file
17
_posts/technology/2016-12-26-signing-blog-posts.md.asc
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2
|
||||
|
||||
iQIcBAABCAAGBQJYYLakAAoJEGgok90ESO14fw8P/2yZKIQAtthZap17ahPx9bB6
|
||||
2Ggx2AaFTtf8cM7ojSSetQ8rlAZe5fymxqkSOLnoH1ReAWLuZjsIKeDE835+F2fH
|
||||
HjX1UoA1NWpXQrsVUB1dWN4VRkq6seSWFOY8SWGXmfwjEC5c8qloBDVSlZALVxqO
|
||||
9wQoWqImyVmwl3hQ19c46aMPZSxOCP+c+AfnidlqUZx51Wxf8SeC1Cf4QJgaasVk
|
||||
YFBI3KWrMCSnKSrrmOu3KU7l23INExlddspYtwrlSXTrcUQzCxh/Ka4OY78hb+x8
|
||||
SmFe01KF2rEdkWdTKDcuem+ammq99/dcGrCmKgPXSpBFsYUGvQ5VIIAXbhikW0K7
|
||||
g8rJbprEnqLCE/VXbM4njkh2dB5PUsyJm39SFNULj5VaVsfi2yLggGJqCcKME2O2
|
||||
tQeNV2Har4b4Gy/dfxw8KO0YWrxXvhDkQXoXoMpmkLnoo+MmAfWxxl7/XrHWu6Q5
|
||||
sW0PKECCzEuqJkwIYw1KC76AlnsZSohSqTtgjqIq4bDL3Hpb2CY9ZbM0Ce6Lvz5g
|
||||
EuPv4Muvu/kk9oUjiQmVgHYQC42r27A1hPvMpWogj0cbZ9jeg9UkS6mZhyLDtQWV
|
||||
Rc6DtG42zBw3cjssXO6558HIxDWtnAws5amGqQJv8oB8z0TPGCd7nI1Du6B7ztqj
|
||||
GHZKFbWlgYdoDjTnpqhe
|
||||
=I5kE
|
||||
-----END PGP SIGNATURE-----
|
||||
Loading…
Reference in New Issue
Block a user