pandanoir

Verify PGP

Below are the steps to verify the PGP public key of pandanoir.

  1. Download pandanoir's public key
  2. Import the downloaded public key gpg --import pandanoir.asc
  3. Verify the signed message below gpg --verify signed-message.txt
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    This is Naoto Ikuno. fingerprint of PGP key is 307BE088C56B9F0D
    -----BEGIN PGP SIGNATURE-----
    
    iHUEARYKAB0WIQQEYzqFjz831UnPMO4we+CIxWufDQUCaBNFGgAKCRAwe+CIxWuf
    DbyGAP9jDEdf1dzDuccuLZFh9SGu6mIXcY68VNMOweNBBKpi6gD+JM72l+1iL9dh
    ndzLEGvu1m3WzHMa4a4jGz2QW3o65Qo=
    =zqP+
    -----END PGP SIGNATURE-----
    

The Bash script to perform the above steps is also included below.

#!/bin/bash
# Download the public key and import it into a temporary keyring
mkdir -p /tmp/verify-key
gpg --no-default-keyring \
    --keyring /tmp/verify-key/keyring.gpg \
    --import <(curl -s https://keys.openpgp.org/vks/v1/by-fingerprint/04633A858F3F37D549CF30EE307BE088C56B9F0D)

# Verify the message
gpg --no-default-keyring \
    --keyring /tmp/verify-key/keyring.gpg \
    --verify <(curl -s https://www.pandanoir.net/signed-message.txt)

# Delete the temporary keyring
rm -rf /tmp/verify-key

You can also verify it by pasting the signed message above into Keybase's verify tool.