don't worry, it's probably fine

Signing my blog posts

08 Nov 2019

nablopomo gpg

Now that I’ve got my new PGP key set up, I thought I’d have a bit of fun with it and use it to sign my blog posts.

I host my public key under but also on

By verifying the content of the HTML against the detached signature, anyone can confirm that I am indeed the author of a post.

$ curl | gpg --import
$ wget
$ wget
$ gpg --verify about.asc.txt about.html

gpg: Good signature from "Alex Wilson <>" [unknown]

Generating the signatures

My blog is a static site powered by Jekyll, hosted on AWS. I wrote a small script to generate the signatures which is executed as part of the deploy to S3.

for POST in $(find _site -name '*.html') ; do

    echo Generating signature for ${POST}

    SIGNATURE=$(echo ${POST} | sed -e 's/\.html$/.asc.txt/')

    gpg --armor \
        --detach-sig \
        --output ${SIGNATURE} \
        --sign ${POST}


Each post now provides the link to its signature in the footer. Take a look for yourself!

November is National Blog Posting Month, or NaBloPoMo. I’ll be endeavouring to write one blog post per day in the month of November 2019 - some short and sweet, others long and boring.