GPG Sign blog posts #27

New issue

Open

opened 2025-11-21 02:42:12 +00:00 by pfych · 2 comments

pfych commented 2025-11-21 02:42:12 +00:00

Owner

Copy link

Possible to hit a specific endpoint to get if the most recent related commit was signed:

https://git.pfy.ch/api/v1/repos/pfych/static/commits?path=packages/site/posts/thoughts/dream-spaces.md&limit=0

@ commit.verification.verified = true

This can render a badge for if the post was made with a signed commit.

I'd also like to inline a GPG signature in the blog post to allow curl https://pfy.ch/path.html | gpg but requires more research

Possible to hit a specific endpoint to get if the most recent related commit was signed: ``` https://git.pfy.ch/api/v1/repos/pfych/static/commits?path=packages/site/posts/thoughts/dream-spaces.md&limit=0 ``` @ `commit.verification.verified = true` This can render a badge for if the post was made with a signed commit. I'd also like to inline a GPG signature in the blog post to allow `curl https://pfy.ch/path.html | gpg` but requires more research

pfych added the

enhancement

label 2025-11-21 02:42:12 +00:00

pfych added this to the Personal Projects project 2025-11-21 02:42:12 +00:00

pfych commented 2025-11-21 02:55:30 +00:00

Author

Owner

Copy link

I should be able to create a script I can run on my machine to generate a GPG key before pushing to add to the markdown frontmatter and it can render like this:

<html>
  <body>
    <div>Header etc</div>
<!-- BEGIN SIGNED MESSAGE -->
example
<!-- -- BEGIN SIGNATURE --
example
-- END -- -->
    <div>Footer etc</div>
  </body>
</html>

Will need to include the comments in the signature.

Not sure if it'll be easier to sign the whole HTML vs signing just the content. 🤔

I should be able to create a script I can run on my machine to generate a GPG key before pushing to add to the markdown frontmatter and it can render like this: ```html <html> <body> <div>Header etc</div> <!-- BEGIN SIGNED MESSAGE --> example <!-- -- BEGIN SIGNATURE -- example -- END -- --> <div>Footer etc</div> </body> </html> ``` Will need to include the comments in the signature. Not sure if it'll be easier to sign the whole HTML vs signing just the content. 🤔

pfych commented 2026-05-12 05:07:54 +00:00

Author

Owner

Copy link

Feasible - at least getting pgp to recognize that there is signed content:

  const htmlContent = `<div style="display: none">
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

</div>
${await mdToHtml(content)}
<div style="display: none">
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEENHVJ05ARnSgjWqXWTMFuT/sj0ZAFAmoCroYACgkQTMFuT/sj
0ZDkBA/7BzrkGPtSrvxl8NYsEmhli6bbeOYJNBwEhOVk6q22IyidAMmQIyTJiOno
0dGqeOKrFVyNxAsxOkDiA45YUvMDpveEjbDQ1Ii4KFgpCHDKnLrGQkvD9ZC4z0GS
UNmr4UFQu5B85A16HkjLKPmrJq0z0G0IMFYOhAtxnKM33dHND8v1yT0YO3aaBQTP
rciblcAx7TSd5w1CWW9hvqRAAVexJV0BFWPeH2GwhIYfe3XYs8sjXFExnRtslNmd
5U8oB0d+SP32CUW7J/Ji7zWKb5mwuXzidMcaxDUgobdZyCU7C7Fe4guTnPxH9AkY
lnA+jS4aDAbVDSvN1kLWICjnGbNOLlc6bBQ++jn26MeTlfb53dgrxKsnbI3xyj0l
MMZ9szF+eGKaw7jQBDzvkArvWyDahAmMD0LcTfuGepn7Udzto87ShorXLNoau5M+
r7xuXiPDAfi9K/U9ChcSyswvYCpxHzYmM2Bwhln879lHKjcB6qs0wVvNFoE6kbuR
qnT1Q+7X9U/KDXeRqNDlEQlRlGanNfZaZ4+b554uv6zN9xx6K3zA69XjvJTIfFVD
LztRzg/X+0HN/nmv6AWb0EutUE6hq44RZ41p4579l2PNPi+9mOxTniG8OdY1OoXk
UftaGHJsxcijKNqFdIqYRx7ONt3/BMdUv72t7/EFr2uwI9eiYJY=
=/gxK
-----END PGP SIGNATURE-----
</div>`;

Feasible - at least getting pgp to recognize that there is signed content: ```ts const htmlContent = `<div style="display: none"> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 </div> ${await mdToHtml(content)} <div style="display: none"> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENHVJ05ARnSgjWqXWTMFuT/sj0ZAFAmoCroYACgkQTMFuT/sj 0ZDkBA/7BzrkGPtSrvxl8NYsEmhli6bbeOYJNBwEhOVk6q22IyidAMmQIyTJiOno 0dGqeOKrFVyNxAsxOkDiA45YUvMDpveEjbDQ1Ii4KFgpCHDKnLrGQkvD9ZC4z0GS UNmr4UFQu5B85A16HkjLKPmrJq0z0G0IMFYOhAtxnKM33dHND8v1yT0YO3aaBQTP rciblcAx7TSd5w1CWW9hvqRAAVexJV0BFWPeH2GwhIYfe3XYs8sjXFExnRtslNmd 5U8oB0d+SP32CUW7J/Ji7zWKb5mwuXzidMcaxDUgobdZyCU7C7Fe4guTnPxH9AkY lnA+jS4aDAbVDSvN1kLWICjnGbNOLlc6bBQ++jn26MeTlfb53dgrxKsnbI3xyj0l MMZ9szF+eGKaw7jQBDzvkArvWyDahAmMD0LcTfuGepn7Udzto87ShorXLNoau5M+ r7xuXiPDAfi9K/U9ChcSyswvYCpxHzYmM2Bwhln879lHKjcB6qs0wVvNFoE6kbuR qnT1Q+7X9U/KDXeRqNDlEQlRlGanNfZaZ4+b554uv6zN9xx6K3zA69XjvJTIfFVD LztRzg/X+0HN/nmv6AWb0EutUE6hq44RZ41p4579l2PNPi+9mOxTniG8OdY1OoXk UftaGHJsxcijKNqFdIqYRx7ONt3/BMdUv72t7/EFr2uwI9eiYJY= =/gxK -----END PGP SIGNATURE----- </div>`; ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

rewrite

No results found.

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

tests

Something requires tests

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Personal Projects

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

pfych/static#27

No description provided.