Public keys
This is the SSH public key I use to sign some software releases.
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7sv2HzSwjPEctz+bITQD2Njx+/guzaE0KYp5hgN1TQ dbohdan@git
Here is how you can verify the integrity of foo.txt
signed with foo.txt.sig
using my public key:
# Download the test file and its signature.
curl -OJ https://dbohdan.com/foo.txt
curl -OJ https://dbohdan.com/foo.txt.sig
# Download the public key and create an allowed-signers file from it.
curl -OJ https://dbohdan.com/git.pub
awk '{ print $3, $1, $2 }' git.pub > allowed_signers
# Verify the file signature with ssh-keygen.
ssh-keygen -Y verify -f allowed_signers -I dbohdan@git -n file -s foo.txt.sig < foo.txt