------------------------------------------------------------------------------ My actual public key is: E8610311CDD4C51947A662319ED6EDAA1724ABB3 pub rsa3072 2017-11-21 [SC] [expires: 2019-11-21] E8610311CDD4C51947A662319ED6EDAA1724ABB3 uid [ultimate] _Sed_ sub rsa3072 2017-11-21 [E] [expires: 2019-11-21] Get in touch with me by email or some other way so we can establish trust between each other. The key expires on 2019-11-21. (I hope to maintain this information up-to-date.) Below is a quick tutorial about gpg. ------------------------------------------------------------------------------ create key: gpg --generate-key ------------------------------------------------------------------------------ list keys: gpg --list-keys /home/sed/.gnupg/pubring.gpg ---------------------------- pub dsa1024 2003-02-03 [SC] [expired: 2015-06-30] 2E66557AB97C19C791AF8E20328DA867450F89EC uid [ expired] PAUSE Batch Signing Key 2015 uid [ expired] PAUSE Batch Signing Key 2003 uid [ expired] PAUSE Batch Signing Key 2005 uid [ expired] PAUSE Batch Signing Key 2007 uid [ expired] PAUSE Batch Signing Key 2009 uid [ expired] PAUSE Batch Signing Key 2011 pub rsa3072 2017-11-21 [SC] [expires: 2019-11-21] E8610311CDD4C51947A662319ED6EDAA1724ABB3 uid [ultimate] _Sed_ sub rsa3072 2017-11-21 [E] [expires: 2019-11-21] ------------------------------------------------------------------------------ publish key: gpg --send-keys E8610311CDD4C51947A662319ED6EDAA1724ABB3 You may want to use --keyserver to select the server where to send the key. ------------------------------------------------------------------------------ import a key: gpg --recv-keys E8610311CDD4C51947A662319ED6EDAA1724ABB3 gpg: key 9ED6EDAA1724ABB3: public key "_Sed_ " imported gpg: Total number processed: 1 gpg: imported: 1 ------------------------------------------------------------------------------ Be careful with imported keys, check them to see how you can trust them. For example: gpg --list-keys [...] pub rsa3072 2017-11-21 [SC] [expires: 2019-11-21] E8610311CDD4C51947A662319ED6EDAA1724ABB3 uid [ unknown] _Sed_ sub rsa3072 2017-11-21 [E] [expires: 2019-11-21] We see here: [ unknown], meaning we don't trust the key. No one we trust does trust that key (if I understand the trust-thing correctly). ------------------------------------------------------------------------------ sign a file: gpg -sb main.c It will generate main.c.sig. Put this file near main.c on your website. ------------------------------------------------------------------------------ verify a file: Download both the file and the .sig file. Then: gpg --verify main.c.sig If you trust the key, you will see: gpg: assuming signed data in 'main.c' gpg: Signature made Sun 10 Dec 2017 12:03:46 PM CET gpg: using RSA key E8610311CDD4C51947A662319ED6EDAA1724ABB3 gpg: Good signature from "_Sed_ " [ultimate] If you don't trust the key: gpg: assuming signed data in 'main.c' gpg: Signature made Sun 10 Dec 2017 12:03:46 PM CET gpg: using RSA key E8610311CDD4C51947A662319ED6EDAA1724ABB3 gpg: Good signature from "_Sed_ " [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: E861 0311 CDD4 C519 47A6 6231 9ED6 EDAA 1724 ABB3