Sign stuff with PGP - maggie1000/garden GitHub Wiki

Have a PGP key and gpg utilities. If you don't have one, make one: https://github.com/maggie1000/garden/wiki/Generate-PGP-key

Sign a document

Assuming you have some document in my_doc.txt

gpg -a --sign my_doc.txt

This will create my_doc.txt.asc which contains the message signature.

Send a document to friend

Send my_doc.txt and my_doc.txt.asc to your friend.

Verify document

Your friend will now verify to make sure that the document is actually from you. They will run:

gpg --verify my_doc.txt.asc

If the document is actually signed by you and has not been corrupted or modified, you should see output such as:

gpg: Signature made [date] using RSA key ID KEYID
gpg: Good signature from "Real Name <[email protected]>"

What is this good for?

Your friends might not be tech-savvy enough, or care enough to do PGP signing. As a developer, you might want to care, however, when you download codez from all over the Internet. PGP keys are used to verify that some software actually came from who you think is the software author. e.g. it sure is nice to be sure that, say, this virus file really came from Norton, and not, y'know, "DefacerX".