While migrating my site over to Jekyll, I decided to take advantage of one of the benefits of a static site design. I wrote a Jekyll plugin called jekyll-gpg_clearsign to generate the signature when generating the Jekyll site.

Verifying my content is simple. First, import in my GPG key:

gpg --keyserver pgp.mit.edu --recv-keys 0x7404C83A5C529E0C 
And then verify the website:
curl https://www.kormoc.com | gpg --verify
You should see something like:
gpg: Signature made Sun 08 Dec 2013 03:24:58 PM PST using RSA key ID 48FBDA25
gpg: Good signature from "Cloyd Robert Smith II <email@example.com>"
gpg:                 aka "[jpeg image of size 23096]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 378A D95C 3BD6 8CEB 9B6D  8AB7 7404 C83A 5C52 9E0C
     Subkey fingerprint: 96DF DA64 ED72 0B5F 5F17  A273 BC63 A0A4 48FB DA25
and if it's been tampered with, or I made a mistake, you'll see:
gpg: Signature made Sun 08 Dec 2013 03:24:58 PM PST using RSA key ID 48FBDA25
gpg: BAD signature from "Cloyd Robert Smith II <email@example.com>"

If you ever find a page with a bad signature, please feel free to contact me.