Disclaimer
Yes, I know, there is absolutely zero need of me doing this. I am not influencer, I am not public personality, I am not going to communicate some important message here that needs to be checked for authenticity from me.
This is just an excercise for me. Plus, also will work to push myself later to publish more stuff.
The idea here is to show some commands for:
- Importing my GPG key
- Verifying a signed message (post in this case)
You will need GnuPG for this.
Import public key
Some options for this:
From Ubuntu Keyserver
gpg --keyserver keyserver.ubuntu.com --recv-keys 20e8717a9ac82e7f
From keybase (curl + gpg)
curl https://keybase.io/quinterocc/pgp_keys.asc | gpg --import
Using keybase client
If you already have the keybase client installed:
keybase pgp pull quinterocc
From this server
curl https://albx.cc/public-key.asc | gpg --import
Verifying posts signatures
In every post I sign I will add the commands so you can just copy and paste to pull the content + signature and run gpg to check.
But normally it would be something like:
curl -s https://albx.cc/signed-post.txt | gpg --verify