Public keys

I use the following SSH public key to sign some software releases.

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7sv2HzSwjPEctz+bITQD2Njx+/guzaE0KYp5hgN1TQ dbohdan@git

This example shows how to verify the integrity of foo.txt with the signature foo.txt.sig using my public key:

# Download the test file and its signature.
                        curl -OJ https://dbohdan.com/foo.txt
                        curl -OJ https://dbohdan.com/foo.txt.sig
                        
                        # Download the public key and create an allowed-signers file from it.
                        curl -OJ https://dbohdan.com/git.pub
                        awk '{ print $3, $1, $2 }' git.pub > allowed_signers
                        
                        # Verify the file signature with ssh-keygen.
                        ssh-keygen -Y verify -f allowed_signers -I dbohdan@git -n file -s foo.txt.sig < foo.txt

False

SSH signing key