Skip to content

Instantly share code, notes, and snippets.

@kpmeen
Forked from djspiewak/sign-markdown.sh
Created June 1, 2017 17:38
Show Gist options
  • Save kpmeen/963d390dabe25185207c6b82f9e33804 to your computer and use it in GitHub Desktop.
Save kpmeen/963d390dabe25185207c6b82f9e33804 to your computer and use it in GitHub Desktop.
#!/bin/bash
if [[ $# -ne 1 ]]; then
echo "usage: $0 doc.md"
echo
echo 'Output will be printed to stdout, so you probably want to pipe to'
echo 'pbcopy or to a file or something.'
exit 1
fi
set -e
gpg --output "/tmp/$1.asc" -a --detach-sig "$1"
cat "$1"
echo '
---
This document has been cryptographically signed using GPG. To verify this signature,
first copy the signature (starting with the line containing `BEGIN PGP SIGNATURE`) into
a file named `doc.md.asc`. Copy the contents of the document *above* the line (in raw
form, not as rendered markdown) into a file named `doc.md`. Then, run the following
commands (you can skip the first one if you have previously imported my public key):
```bash
$ gpg --recv-key 35877FB32BAE5960
$ gpg --verify doc.md.asc doc.md
```
As always: trust, but verify. You can find instructions on how to manually check
my identity proofs at [https://keybase.io/djspiewak](https://keybase.io/djspiewak).
These proofs demonstrate that the owner of the key with signature `3587 7FB3 2BAE 5960` –
which is the individual who signed this document – is also in control of the linked
online identities (notably, [Twitter](https://twitter.com/djspiewak) and [Github](https://github.com/djspiewak)).
Your trust in the provenance of this document should be at least as high as your trust
in the provenance of the content at those locations.
```'
cat "/tmp/$1.asc"
rm "/tmp/$1.asc"
echo '```'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment