pandanoir

Verify PGP

Below are the steps to verify the PGP public key of pandanoir.

1. Download pandanoir's public key
2. Import the downloaded public key gpg --import pandanoir.asc
3. Verify the signed message below gpg --verify signed-message.txt

   -----BEGIN PGP SIGNED MESSAGE-----
   Hash: SHA512
   
   This is Naoto Ikuno. fingerprint of PGP key is 307BE088C56B9F0D
   -----BEGIN PGP SIGNATURE-----
   
   iHUEARYKAB0WIQQEYzqFjz831UnPMO4we+CIxWufDQUCaBNFGgAKCRAwe+CIxWuf
   DbyGAP9jDEdf1dzDuccuLZFh9SGu6mIXcY68VNMOweNBBKpi6gD+JM72l+1iL9dh
   ndzLEGvu1m3WzHMa4a4jGz2QW3o65Qo=
   =zqP+
   -----END PGP SIGNATURE-----
   

The Bash script to perform the above steps is also included below.

#!/bin/bash
# Download the public key and import it into a temporary keyring
mkdir -p /tmp/verify-key
gpg --no-default-keyring \
    --keyring /tmp/verify-key/keyring.gpg \
    --import <(curl -s https://keys.openpgp.org/vks/v1/by-fingerprint/04633A858F3F37D549CF30EE307BE088C56B9F0D)

# Verify the message
gpg --no-default-keyring \
    --keyring /tmp/verify-key/keyring.gpg \
    --verify <(curl -s https://www.pandanoir.net/signed-message.txt)

# Delete the temporary keyring
rm -rf /tmp/verify-key

You can also verify it by pasting the signed message above into Keybase's verify tool.