signing web pages (simple way?)

RJ Marquette
Tue Jun 19 02:26:01 2001

Hash: SHA1

On 18 Jun 2001, Evan Prodromou wrote:

> You know, there are a number of mechanisms for signing HTML with
> OpenPGP signatures, but each one has niggling little problems.
I wrote a program a few years back for Windows that used PGP 2.6.x versions. It took your webpage as input, added --> and <!-- to the beginning and end of the file (respectively), signed the file, then added <!-- and --> to the beginning and end of the file. Voila. Signed page, invisible to viewer. I think I even wrote a bash script to do it with gpg under Linux, but the solution is trivial, and could be reproduced by anyone familiar with copy and cat commands. (Solution below.) And, it worked fine. For Netscape users (under Windows), you'd view the source, hit Control-A then Control-C (Select all, copy), then use PGP Tray to verify the clipboard. I should start signing pages again. It was a nice touch (though I doubt anyone ever actually verified the signatures). The DOS program that worked under Windows is still available on my website, but I don't have a link to it anywhere on the pages, so you'll have to use this direct link: I don't think the source is included, because the program was more of a quick and dirty solution. One gripe people had that I didn't overcome is that you had to enter your passphrase for each page you signed. I didn't want to get into the security implications required when you start remembering passphrases, so I felt it was better to just let PGP handle it. Since it's short, here's the script. (FYI, it was a LOT harder to write in Pascal under DOS than it was in bash, but the Pascal version would automatically clear an old signature before re-signing it, so I guess it's not quite the same.) - ------ #!/bin/sh # gpgsign script. Use gpgsign inputfilename outputfilename # input CAN'T be the same as output # echo "-->" > temp.txt cat $1 >> temp.txt echo "<!-- PGP Comment" >> temp.txt gpg --clearsign temp.txt echo "<!-- PGP Comment" > temp2.txt cat temp.txt.asc >> temp2.txt echo "-->" >> temp2.txt mv temp2.txt $2 rm temp.txt temp.txt.asc - ------ No warranties or liabilities...if you zap the only copy of your home page with this little doodad, too bad. Insert other standard software disclaimers. RJ <G> :) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= RJ Marquette rj(at) RSA:448B035F DSS:CB45C555 My PGP and Skating pages: -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: pgpenvelope - iD8DBQE7Lpth0DB5TMtFxVURAmOvAJ95VsE9oCoYqDxoORAqwmGttxaGcwCePSUV GsgV9eSJY+53B//KSn0Wa3Q= =3e7d -----END PGP SIGNATURE-----