While migrating my site over to Jekyll, I decided to take advantage of one of the benefits of a static site design. I wrote a Jekyll plugin called jekyll-gpg_clearsign to generate the signature when generating the Jekyll site.
Verifying my content is simple. First, import in my GPG key:
gpg --keyserver pgp.mit.edu --recv-keys 0x7404C83A5C529E0C
curl https://www.kormoc.com | gpg --verify
gpg: Signature made Sun 08 Dec 2013 03:24:58 PM PST using RSA key ID 48FBDA25 gpg: Good signature from "Cloyd Robert Smith II <email@example.com>" gpg: aka "[jpeg image of size 23096]" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 378A D95C 3BD6 8CEB 9B6D 8AB7 7404 C83A 5C52 9E0C Subkey fingerprint: 96DF DA64 ED72 0B5F 5F17 A273 BC63 A0A4 48FB DA25
gpg: Signature made Sun 08 Dec 2013 03:24:58 PM PST using RSA key ID 48FBDA25 gpg: BAD signature from "Cloyd Robert Smith II <firstname.lastname@example.org>"
If you ever find a page with a bad signature, please feel free to contact me.