sign-markdown.sh

#!/bin/bash

if [[ $# -ne 1 ]]; then
  echo "usage: $0 doc.md"
  echo
  echo 'Output will be printed to stdout, so you probably want to pipe to'
  echo 'pbcopy or to a file or something.'

  exit 1
fi

set -e

gpg --output "/tmp/$1.asc" -a --detach-sig "$1"

cat "$1"

echo '
---

This document has been cryptographically signed using GPG.  To verify this signature,
first copy the signature (starting with the line containing `BEGIN PGP SIGNATURE`) into
a file named `doc.md.asc`.  Copy the contents of the document *above* the line (in raw
form, not as rendered markdown) into a file named `doc.md`.  Then, run the following
commands (you can skip the first one if you have previously imported my public key):

```bash
$ gpg --recv-key 35877FB32BAE5960
$ gpg --verify doc.md.asc doc.md
```

As always: trust, but verify.  You can find instructions on how to manually check
my identity proofs at [https://keybase.io/djspiewak](https://keybase.io/djspiewak).
These proofs demonstrate that the owner of the key with signature `3587 7FB3 2BAE 5960` –
which is the individual who signed this document – is also in control of the linked
online identities (notably, [Twitter](https://twitter.com/djspiewak) and [Github](https://github.com/djspiewak)).
Your trust in the provenance of this document should be at least as high as your trust
in the provenance of the content at those locations.

```'

cat "/tmp/$1.asc"
rm "/tmp/$1.asc"

echo '```'