Monthly Archives

March 2015

How to PGP-sign a message

So today I’m doing my monthly warrant canary update, which simply states that I’ve not received any government requests for information about people who have attended my workshops or visited my website (that last part would be especially difficult for the feds to demand — I don’t collect IP addresses or other personally identifying information about my site visitors). You’ll notice that my warrant canary message is wrapped in a PGP signature, which means that only someone in possession of my PGP secret key could have written it. PGP signatures are a useful way to show that the message was written by the intended author, and not tampered with or forged by an attacker. If someone were to gain access to my website and alter the message, the PGP output would read as invalid. I’m getting ahead of myself a bit though — I’ll show you what I mean by that in a moment. You can use a PGP signature to add a measure of security and verifiability to any message — it’s not just for warrant canaries — and I’m going to show you a simple way to do this in your console.

Continue Reading…