website/posts/my-ssh-key.html

141 lines
3.5 KiB
HTML

<!doctype html>
<html lang="en-us">
<head>
<meta charset="utf-8">
<title>
Open Thoughts
</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="author" content="Judah Sotomayor" />
<meta property="og:title" content="My SSH Key">
<meta property="og:url" content="https://judah.freedomland.xyz//posts/my-ssh-key.html">
<meta name="twitter:card" content="summary_large_image">
<link rel="stylesheet" href="https://judah.freedomland.xyz//static/style.css" type="text/css" />
<link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Lora&family=Space+Mono&display=swap" />
</head>
<body>
<header>
<h1>
<a href="https://judah.freedomland.xyz//">
Open Thoughts
</a>
</h1>
<a href="#main" class="visually-hidden">jump to main content</a>
<nav>
<ul class="menu">
<li><a href="https://judah.freedomland.xyz//about">about</a></li>
<li><a href="https://judah.freedomland.xyz//">blog</a></li>
</ul>
</nav>
</header>
<main id="main">
<article class="post">
<h1 class="post__title">
My SSH Key
</h1>
<section class="post__meta">
Nov 08, 2023
</section>
<section>
<p>
In the interest of integrity, here is my public ssh key.
This is the key I use to sign all of my commits.
If any project purports to be from me, and is <i>not</i> signed by this key, there is a strong chance it is disingenuous.
</p>
<div id="outline-container-key" class="outline-2">
<h2 id="key">Key:</h2>
<div class="outline-text-2">
<pre class="example" id="org9b0bd06">
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0YkBVeeBhoCm/+6mCteO7Ikv528ZDmg/tYtWc6O1qP
</pre>
</div>
</div>
<div id="outline-container-fingerprint" class="outline-2">
<h2 id="fingerprint">Fingerprint:</h2>
<div class="outline-text-2">
<pre class="example" id="orgc152264">
SHA256:9Dq4ppxhfAjbX+7HLXEt+ROMiIojI6kqQgUyFUJb9lI
</pre>
</div>
</div>
<div id="outline-container-directions" class="outline-2">
<h2 id="directions">Directions</h2>
<div class="outline-text-2">
<p>
If you're cloning a project off a major git platform, you can check that the latest commit states "Verified" or "Signed".
Then you can check that my key fingerprint matches with the one above.
</p>
<p>
If you've gotten ahold of source code some other way, run <code class="src src-sh">git verify-commit HEAD</code> to ensure that the latest commit has been signed.
</p>
</div>
<div id="outline-container-example" class="outline-3">
<h3 id="example">Example</h3>
<div class="outline-text-3">
<div class="org-src-container">
<pre class="src src-bash">git verify-commit HEAD
</pre>
</div>
<pre class="example">
Good "git" signature for development@freedomland.xyz with ED25519 key SHA256:9Dq4ppxhfAjbX+7HLXEt+ROMiIojI6kqQgUyFUJb9lI
</pre>
</div>
</div>
</div>
<div id="outline-container-website-repo" class="outline-2">
<h2 id="website-repo">Website repo</h2>
<div class="outline-text-2">
<p>
<a href="https://git.freedomland.xyz/judahsotomayor/website">This link</a> directs to my website's source code.
You can check that the latest commits are signed with my key.
</p>
</div>
</div>
</section>
</article>
</main>
<footer>
Made with &#x2665; and&nbsp;
<a href="https://emacs.love/weblorg" target="_blank">
weblorg
</a>
</footer>
</body>
</html>