What is GPGMe?

GPGMe aims to help people verify online entities as belonging to certain people, and easily allow secure, verifiable communication with them.

It answers the question of "who is xxx?"

It allows you to be sure that the identities you communicate with over the internet are the same over time, that the person you talked to yesterday is the same person you talked to today, and in todays world THAT is very important.

GPGMe lets YOU specify the opinions you think matter, and achieve a level of trust in the online community that resembles the true state of things.

How do I get it?

Clone the repo (the hard way)

git clone https://github.com/gpgme/gpgme.git
cd gpgme
npm install -g

Or use NPM (the easy way)

npm install -g gpg-me

How do I use it?

Create your own GPG.OWNER.TXT file.

gpgme --create

You then need to fill in the appropriate info and sign it with a GPG Key. Once you have done that, 2 files will be created

• gpg.owner.txt
• gpg.block.txt The first (gpg.owner.txt) is a signed file that specifies your websites hostname, it's GPG Key, the date you signed it, and optionally an expiration date, and the person who owns/runs it. The second (gpg.block.txt) is an ARMORED export of your public key, to allow people to easily import it. These 2 files then need to be uploaded into the root directory of your webhost.

Verify somebody elses GPG.OWNER.TXT

gpg --verify --site <hostname>

This command will download, and verify the sites gpg.owner.txt file. It will then tell you if the file is invalid (has been tampered with, is out of date, etc.) or valid. If you don't have the public key in your keyring (likely) it will be downloaded and imported from gpg.block.txt

License

MIT - See LICENSE for more details.