Signed Posts

Knowing I publish this 💩

New Footer Links

To get ahead of myself a bit: My PGP key(s) are now availble via a link on the footer of this site as well as signed markdown for each page/post I publish. Scroll down to the footer if you prefer to download a PGP signed version of the page you’re interested in reading.

[Editors note: keybase.io lets you verify signed content via their website, head over to my profile linked on the PGP Keys page if you don’t want to hassle with setting up PGP]

Signing Posts

Now that I’ve had a chance to get my PGP keys in order and published (see footer for link or here (link), it’s time I signed my blog posts. The main point of me setting up PGP was to sign posts/content to ensure you know I’m the author.

After reading this fine post (link) I opted to setup a pretty simple process for signing my blog posts:

  1. Write post
  2. Editing, finalization
  3. git add _posts/YYYY-mm-DD_post_title.md
  4. Run signing script
  5. Verify signature is 100% and acessible via footer link
  6. git add assets/sigs
  7. Commit everything
  8. Push to upstream git repo
  9. Publish

The script and Jekyll template code are below. They can also be found on my developer page under the kemonine.info project (see link in footer). Enjoy!

Signing Script

Below you’ll find the Powershell script (I write this blog on Windows, deal).

# Prime GPG smart cards if necessary
gpg --list-keys # Ensure all of the keys you expect are present
gpg --card-status # See that the private material is linked to card for sub keys
gpg --list-keys # No output change

#Get-ChildItem -Path $PSScriptRoot -Filter *.md -Recurse -File | 
git diff --name-only --diff-filter=A HEAD | select-string -pattern .*md$ |
    foreach-object {
        $file = Get-Item $_
        #$file = $_

        $fileSrc = $file.FullName
        $fileDir = $file.Directory.FullName
        $fileName = $file.Name
        $projectPath = $fileDir.Replace($PSScriptRoot,"")
        $sigPath = Join-Path -Path $PSScriptRoot -ChildPath "assets\sigs\$($projectPath)\$filename.asc"

        $sigPath = $sigPath.replace("_posts", "posts")
        $sigPath = $sigPath.replace("_drafts", "drafts")

        write-host $fileSrc

        # Fingerprint: 8D595A502AB324CCFA96D717331B7E1107F99137
        # ID: 331B7E1107F99137

        gpg  -ai -u 8D595A502AB324CCFA96D717331B7E1107F99137 --clear-sign $fileSrc

        Move-Item -Force "$($fileSrc).asc" $sigPath

        write-host $sigPath
    }

Jekyll template fu

Below you’ll find the footer snippet I’m using with Jekyll to expose my PGP keys as well as the signed content of each page.

<p class="text-center text-muted">
<a href="/misc/pgp" title="PGP Keys">
    <span class="fa-stack fa-lg" aria-hidden="true">
    <i class="fa fa-circle fa-stack-2x"></i>
    <i class="fa fa-key fa-stack-1x fa-inverse"></i>
    </span>
    <span>PGP Keys</span>
</a>
{% if page.nosigs %}
{% else %}
<a href="{{ site.baseurl }}/assets/sigs/{{ page.path | replace: '_posts', 'posts' | append: '.asc' }}">
    <span class="fa-stack fa-lg" aria-hidden="true">
    <i class="fa fa-circle fa-stack-2x"></i>
    <i class="fa fa-pencil-square-o fa-stack-1x fa-inverse"></i>
    </span>
    <span>Signed Content</span>
</a>
{% endif %}
</p>