Signing Web Pages with GPG
Background
Using GPG (or another OpenPGP utility of your choosing) to sign web pages can provide an extra layer of trust in the authenticity of your website for its visitors. GPG signed web pages enable visitors to check the integrity and authenticity of the pages, and also allow the website’s creator to verify that their pages have not been modified.
Step 1: Install GPG
If you don’t already have GPG installed, then Download GPG and install it. If you are not familiar with GPG, there is a how-to guide for gpg located here.
Step 2: Sign Each Page
From the command prompt, type: GPG –clearsign your_page.html
GPG will prompt you for your private key’s passphrase and will create a file named your_page.html.asc. Copy this file to another directory and remove the .asc extension.
Step 3: Upload
Upload the signed document to your web server just as you would a standard page.
Step 4: Verify the signature
When you or a visitor wish to verify the signature of a web page, ensure that you have an unmodified version of the page, as content filtering proxy servers and web browsers will make subtle changes to a page, which will invalidate the signature. Using FTP or “right clicking and selecting ’save as’” will address this problem.