gpg-me

GPGMe aims to help people verify online entities as belonging to certain people, and easily allow secure, verifiable communication with them

What is GPGMe?

GPGMe aims to help people verify online entities as belonging to certain people, and easily allow secure, verifiable communication with them.

It answers the question of "who is xxx?"

It allows you to be sure that the identities you communicate with over the internet are the same over time, that the person you talked to yesterday is the same person you talked to today, and in todays world THAT is very important.

GPGMe lets YOU specify the opinions you think matter, and achieve a level of trust in the online community that resembles the true state of things.

How do I get it?

git clone https://github.com/gpgme/gpgme.git
cd gpgme
npm install -g
npm install -g gpg-me

How do I use it?

gpgme --create

You then need to fill in the appropriate info and sign it with a GPG Key. Once you have done that, 2 files will be created

  • gpg.owner.txt
  • gpg.block.txt The first (gpg.owner.txt) is a signed file that specifies your websites hostname, it's GPG Key, the date you signed it, and optionally an expiration date, and the person who owns/runs it. The second (gpg.block.txt) is an ARMORED export of your public key, to allow people to easily import it. These 2 files then need to be uploaded into the root directory of your webhost.

gpg --verify --site <hostname>

This command will download, and verify the sites gpg.owner.txt file. It will then tell you if the file is invalid (has been tampered with, is out of date, etc.) or valid. If you don't have the public key in your keyring (likely) it will be downloaded and imported from gpg.block.txt

License

MIT - See LICENSE for more details.