2020-07-30 04:05:11 -06:00
<!--
Copyright ( C ) 2020 Yarmo Mackenbach
This program is free software : you can redistribute it and / or modify it under
the terms of the GNU Affero General Public License as published by the Free
Software Foundation , either version 3 of the License , or ( at your option )
any later version .
This program is distributed in the hope that it will be useful , but WITHOUT
ANY WARRANTY ; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE . See the GNU Affero General Public License for more
details .
You should have received a copy of the GNU Affero General Public License along
with this program . If not , see < https :// www . gnu . org / licenses />.
Also add information on how to contact you by electronic and paper mail .
If your software can interact with users remotely through a computer network ,
you should also make sure that it provides a way for users to get its source .
For example , if your program is a web application , its interface could display
a " Source " link that leads users to an archive of the code . There are many
ways you could offer source , and different solutions will be better for different
programs ; see section 13 for the specific requirements .
You should also get your employer ( if you work as a programmer ) or school ,
if any , to sign a " copyright disclaimer " for the program , if necessary . For
more information on this , and how to apply and follow the GNU AGPL , see < https :// www . gnu . org / licenses />.
-->
2020-06-29 02:23:03 -06:00
< p > Let ' s see how to verify an OpenPGP signature .</ p >
< h3 > Obtain a signature </ h3 >
< p > If you already have a signature you would like to verify , great ! If not , let ' s use the following signature for the guide :</ p >
< code >----- BEGIN PGP SIGNED MESSAGE -----
< br > Hash : SHA256
< br >
< br > I like pineapple .
< br >----- BEGIN PGP SIGNATURE -----
< br >
< br > iQJDBAEBCAAtFiEEog / Pt4tEmnyVrrtlNzZ / SvQIetEFAl70mVUPHHlhcm1vQHlh
cm1vLmV1AAoJEDc2f0r0CHrRQXIP / 08 uza9zOtmZXv5K + uPGVzDKwkgPgZJEezX7
6 iQ358f1pjSRvYfQ5aB13k2epUHoqCKArMYu1zPqxhvLvvAvp8uOHABnr9NGL3El
u7UUgaeUNHkr0gxCKEq3p81abrrbbWveP8OBP4RyxmaFx13Xcj7mfDluiBHmjVvv
WU09EdH9VPlJ7WfZ + 2 G2ZZDHuE5XiaeP7ocugTxXXLkp33zwpDX0 + ZuCIXM6fQGe
OccSffglFPdNBnfasuuxDWxTQPsEbWGOPJV + CAPmBDeApX + TBF9bovO3hw4Uozk2
VT7EAy8Hb0SOrUb3UNGxzoKv ++ 5676 IxyB4JXX0Tr9O4ZxhO8o9pEEHwirtn / J1 +
MWven4gVlWM / 6 bMeUqx6ydyNc2nqF5059yfRmwGMlp09x82G4x1bcf6aDZ + 5 njDG
fS5T2OpXRIkZHJx8BhmZjsxiDR0KV44zwHpt06 + 96 ef3EDWB0BcP6M + a5Rtc33zf
irRmQd2M6RLyXCYtdGIiiAFRuomw802U4F0P4LwVrZdbGA6ObqBv1k8BUFCMbMz8
Ab4hF7kO4z0Vh3JaKzcHey0pOzdNCPpAHZ51sAoAnFDM4PdMBgQxxVweCMu4KYMZ
FN8sNn42oY / b7gDmwCelVhgD + rvUn / a8 + B7CDmCp + wIquyrjrTt00voATcb + ZPMJ
< br > pTXJ / NcM
< br >= rqTX
< br >----- END PGP SIGNATURE -----
</ code >
< p > Copy the above signature .</ p >
< h3 > Verify the signature </ h3 >
2020-06-29 05:00:31 -06:00
< p > Open the < a href = " /verify " target = " _blank " > keyoxide . org / verify </ a > page and paste the signature in the corresponding field . Scroll down and press the < strong > VERIFY SIGNATURE </ strong > button .</ p >
2020-06-29 02:23:03 -06:00
< p > Keyoxide lets you know the signature was verified and signed by a certain person .</ p >
< h3 > Verify the signature against a specific public key </ h3 >
< p > Sometimes , you want to know if a specific person or public key was used to create a signature . In this case , let 's figure out if the message was signed by Yarmo' s public key or his friend Wiktor ' s public key .</ p >
< p > Copy the following fingerprint :</ p >
< code > 653909 A2F0E37C106F5FAF546C8857E0D8E8F074 </ code >
< p > Paste it in the < strong > Email / key id / fingerprint </ strong > field under < strong > Public Key ( 3 : HKP server ) </ strong > and press the big button again . It could not be verified . Guess it wasn ' t Wiktor who signed that message .</ p >
< p > Now , copy the following fingerprint :</ p >
< code > 9 f0048ac0b23301e1f77e994909f6bd6f80f485d </ code >
< p > Paste it in the same field and press the big button again . It did verify ! It was Yarmo all along .</ p >
< h3 > Going further </ h3 >
< p > You could try using different mechanisms of fetching keys , such as < strong > web key directory </ strong > or copy - pasting a plaintext public key .</ p >
2020-06-29 05:00:31 -06:00
< p > If you ' d like to sign messages using PGP , you must first learn the fundamentals of PGP and how to generate and handle your own keypair .</ p >