How to check the signature on this page

This page is digitally signed with PGP. You can check to see if it has been altered, by using PGP.

To do so, download or save this file to your hard drive. In Netscape, click on the word "File" on the menu-bar, then click on "Save as". In the "Save File as Type ..." box, make sure that "Source (*.htm)" is selected. Save the file with a ".htm" or ".html" extension, such as "pgp-www.htm". Similar methods will apply to other browsers. Just make sure you save the file as html source code.

If you haven't already got my PGP public key, you will need to get it now, and add it to your public keyring. Now, in the same directory that you have saved the file to, run "PGP pgp-www.htm" and PGP should tell you that the signature from me is valid. This proves that the page has not been tampered with.

If you cannot obtain a valid signature on this page, please let me know.

You may wish to print the source code of this page, to see how it was done.

My other PGP pages are similarly signed.

How to create your own PGP signed web-pages

Firstly create your web-page in HTML as normal, using either a text editor or html editor. Then, after the <BODY> tag, and before the first heading, add a line as follows:
<KBD>-----BEGIN PGP SIGNED WEB-PAGE-----</KBD>
This is done to produce the top line which you can see on this page, and has no effect whatsoever on PGP. It is there purely to tell the reader that the page has been signed.

Now, check your page off-line in your browser or html viewer, and make sure it is correct. Once you have signed it with PGP, you cannot alter it!

At this stage we have to be a little bit crafty, as there can be conflicts between PGP and HTML.

Load your web-page into a text editor, and examine the source code. The file should end with the tags </BODY> and </HTML>. Remove the tags </BODY> and </HTML> from the end of the file. and add the tag:
<PRE>

If you look through your html source code you may see "comments"

These should look similar to this:

<!-- This is a comment and does not appear when viewed in a browser -->

At the beginning of the file, before the tag <HTML> add just the end of a comment as follows: 

 -->
Note that the first character in the line must be a "space". It's worth a look through the rest of the source code at this stage to make sure that you have no lines beginning with a hyphen (-). If you have, either move it, or put a space in front of the hyphen. (PGP alters lines beginning with a hyphen). Similarly make sure that the maximum line length does not exceed 127 characters. Put carriage returns in to shorten the lines to suit. This is because some versions of PGP will assume the file to be binary if it is unable to find a carriage return at least every 127 characters.

Now for the easy bit. Save the file. Sign the file by running PGP with the "-sat" argument. You will now have a file with a ".asc" extension.

Re-open this new file in your text editor, and at the beginning, add the first half of the comment as follows: 

<!--
before the line which says:

-----BEGIN PGP SIGNED MESSAGE-----

Then at the end, after the PGP signature, add a tag:

</PRE>
and the two tags which you removed earlier:
</BODY></HTML>

Save the file, and run PGP on it to make sure you still have a valid signature. Rename the file with an ".htm" or ".html" extension, view it in your browser, and check that it's OK.

Other methods of protecting your web pages

Let a robot watch them for you! Just visit the URL-Minder and enter the URLs of your web pages. Then if they ever change (or, worse still, are changed for you), you will be notified by e-mail.

More Information

Jeffrey Goldberg <J.Goldberg@Cranfield.ac.uk> shows other methods of signing web-pages on his site at Cranfield University in the UK.

Chuck McKinnon <mckinnon@tezcat.com> has also written an article on PGP signing of web-pages and an "Apple-Script" for the Macintosh, which automates the process. This is available at: http://www.tezcat.com/~mckinnon/signedpages.html

Please let me have your comments on this page.

Thank you.

If you wish to link to this page please use the url: http://www.pobox.com/~ejnbell/pgp-www.html

Main

 
PGP signed web-pages -----BEGIN PGP SIGNED WEB-PAGE-----

PGP signed web-pages

http://www.pobox.com/~ejnbell/pgp-www.html
Go to
Noel's PGP Page
Go to
Noel's PGP Links
Go to
Noel's Home Page
Download
My PGP Public Key

© 1996,1997 Edward James Noel Bell 


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
Comment: You can check the authenticity of this page as follows:
Comment: Download (save) this page as source code and run PGP.
Comment: This should show a valid signature from EJNBell@pobox.com

iQCVAgUBMtbI6rZiCXUgAVudAQEmHAP/X5cBcnR2ErdCeZm6fhieIDCUgyX+/Siu
NLMMxd5x+mkW6HVEz3eEsjdmcXVOBrMDv5oIIPWAy8PPj1Mi1ziM12QFW5oB4Pl/
pUwJQOtiYk7D+eCtMUw/TVEtd0HMgHrSM0cyEJjw1lHxcv1JaBd0qcpRmMQpxoRT
TwJavqhdENs=
=dMKu
-----END PGP SIGNATURE-----