andreijiroh.dev / site
~ajhalili2006's personal website, built with Zensical (successor of Material for Mkdocs) [old repo name got bugged while attempting to do manual knot migration via repo deletion] andreijiroh.dev
zensical mkdocs-material website
fork atom

chore: update security.txt and its signatures btw

Signed-off-by: Andrei Jiroh Halili <ajhalili2006@andreijiroh.dev>

andreijiroh.dev aa3a4383 295bcf7e

verified
options
unified split
Changed files
+94 -44
bin
sign-sectxt.sh
markdown
.well-known
security.txt
security.txt.asc
security.txt.sig
security.txt.unsigned
+23
bin/sign-sectxt.sh 
···

       

       
1

       
+

       
#!/usr/bin/env bash


     

       

       
2

       
+

       
# SPDX-License-Identifier: MPL-2.0


     

       

       
3

       
+

       
# Helper script to cryptographically sign security.txt with GPG and SSH keys.


     

       

       
4

       
+

       



     

       

       
5

       
+

       
GPG_KEY_ID="0x67BFC91B3DA12BE8"


     

       

       
6

       
+

       
SSH_KEY_PATH="$HOME/.ssh/personal-2022"


     

       

       
7

       
+

       
GIT_ROOT=$(git rev-parse --show-toplevel)


     

       

       
8

       
+

       



     

       

       
9

       
+

       
if [ ! -f "$SSH_KEY_PATH" ]; then


     

       

       
10

       
+

       
    echo "SSH key not found at $SSH_KEY_PATH"


     

       

       
11

       
+

       
    exit 1


     

       

       
12

       
+

       
fi


     

       

       
13

       
+

       



     

       

       
14

       
+

       
# Use --clearsign for cleartext signature and --local-user for key specification


     

       

       
15

       
+

       
# Output to security.txt so it can be served and signed by SSH


     

       

       
16

       
+

       
gpg --local-user "$GPG_KEY_ID" --clearsign --yes \


     

       

       
17

       
+

       
    --output "$GIT_ROOT/markdown/.well-known/security.txt.asc" \


     

       

       
18

       
+

       
    "$GIT_ROOT/markdown/.well-known/security.txt"


     

       

       
19

       
+

       



     

       

       
20

       
+

       
# ssh-keygen prompts before overwriting, so remove the old signature first


     

       

       
21

       
+

       
rm -f "$GIT_ROOT/markdown/.well-known/security.txt.sig"


     

       

       
22

       
+

       
ssh-keygen -Y sign -n file -f "$SSH_KEY_PATH" \


     

       

       
23

       
+

       
    "$GIT_ROOT/markdown/.well-known/security.txt"
+16 -25
markdown/.well-known/security.txt 
···

       
1

       

       
-

       
-----BEGIN PGP SIGNED MESSAGE-----


     

       
2

       

       
-

       
Hash: SHA512


     

       

       
1

       
+

       
# You are viewing the original unsigned security.txt file. For the


     

       

       
2

       
+

       
# cryptographically signed versions, append either one of the following


     

       

       
3

       
+

       
# to access the signatures and verify yourself via ssh-keygen or gpg.


     

       

       
4

       
+

       
#


     

       

       
5

       
+

       
#   - .asc - cleartext PGP signed message


     

       

       
6

       
+

       
#   - .sig - ssh-keygen signature (use "file" as namespace when


     

       

       
7

       
+

       
#            verifying with my SSH pubkeys at /keys/ssh/main-2022.pub)


     

       

       
8

       
+

       
#


     

       

       
9

       
+

       
# Learn more: https://andreijiroh.dev/keys or https://wiki.andreijiroh.dev/go/encrypted-comms


     

       
3

       
10

       
 

       



     

       
4

       
11

       
 

       
# Canonical URI


     

       
5

       

       
-

       
Canonical: https://andreijiroh.eu.org/.well-known/security.txt


     

       

       
12

       
+

       
Canonical: https://andreijiroh.dev/.well-known/security.txt


     

       
6

       
13

       
 

       



     

       
7

       
14

       
 

       
# Contact details


     

       
8

       

       
-

       
Contact: mailto:ajhalili2006@andreijiroh.eu.org


     

       
9

       

       
-

       
Contact: https://andreijiroh.eu.org/contact/security


     

       

       
15

       
+

       
Contact: mailto:ajhalili2006@andreijiroh.dev


     

       

       
16

       
+

       
Contact: https://andreijiroh.dev/contact/security


     

       
10

       
17

       
 

       
Contact: https://keybase.io/ajhalili2006


     

       
11

       
18

       
 

       



     

       
12

       
19

       
 

       
Preferred-Languages: en


     

       
13

       
20

       
 

       



     

       
14

       
21

       
 

       
# Use my PGP keys on the website or at Keybase


     

       
15

       
22

       
 

       
Encryption: https://keybase.io/ajhalili2006/pgp_keys.asc


     

       
16

       

       
-

       
Encryption: https://andreijiroh.eu.org/keys/pgp.asc


     

       

       
23

       
+

       
Encryption: https://andreijiroh.dev/keys/pgp.asc


     

       
17

       
24

       
 

       



     

       
18

       
25

       
 

       
# Security Policy and acknowledgments


     

       
19

       

       
-

       
Policy: https://andreijiroh.eu.org/security


     

       
20

       

       
-

       
Acknowledgments: https://andreijiroh.eu.org/security/#thanks


     

       

       
26

       
+

       
Policy: https://andreijiroh.dev/security


     

       

       
27

       
+

       
Acknowledgments: https://andreijiroh.dev/security/#thanks


     

       
21

       
28

       
 

       



     

       
22

       

       
-

       
Expires: 2024-09-26T15:59:00.000Z


     

       
23

       

       
-

       
-----BEGIN PGP SIGNATURE-----


     

       
24

       

       
-

       



     

       
25

       

       
-

       
iQIzBAEBCgAdFiEETV5jF1jLnMRZQbHOZ7/JGz2hK+gFAmUYYfQACgkQZ7/JGz2h


     

       
26

       

       
-

       
K+iMzxAA61jw4SFVKroBHkO/uGThq1wWLPNRDchc1Fx6vQh6Z9TKCYNMgZ3T/Btn


     

       
27

       

       
-

       
ILZLg/R1lsgylOJdJihesYKFrVTMO3nxdptTSwh9I5avxCEHf8zn3LEHOSMdhO8O


     

       
28

       

       
-

       
u3cPHIvFw/EVTgdkYAj6UvzI9K9I+L7DaqEb5fOUuBXeQS/DQuvEs9nceCFEkQcq


     

       
29

       

       
-

       
pjAWjlLHO/ZrKgNRMgVZ+t8a/nxWXRBa7Y17hii9WxkgrMcnmFpius/U0yjn2ax0


     

       
30

       

       
-

       
gbYic/VesjVq67i4DaxmQNgGmZvvuIXyjyVJvVyUlSmBNj68gRd5vOx0XiEwtaIt


     

       
31

       

       
-

       
R/6YWSmVRGo3HuXwqX6LIjdyOEc9gv0TxozKIO3KzRYg44drhtt8PDK24+/KBXMn


     

       
32

       

       
-

       
xmE0InhF9Y5DCZDEfZ3g1IIlHxcfXnNKpbD7QAVv+J89rgn79jcsVPyVvGigkijH


     

       
33

       

       
-

       
LogCG6a9yvvOp6aK+EwioCh0F/f5ABTqZOzA6ZmVjO4xdrKmiQPbw/gSSzoT6SVL


     

       
34

       

       
-

       
fbGj7+n9KI+Fv+9nfeRTnL+lbwAh4cwSuIt8rdHMvQhFCvGCSUwqRRIEiKUD+X21


     

       
35

       

       
-

       
dKGt1Z52ySC8nuNfstg+MtspTv6X+Rz1XI1a26UMjYzBZIty+ZblM8YJkv7Cm34N


     

       
36

       

       
-

       
C/2qcB4pxMJsaEcrvpkUnhQZe30cLw0yjRQj6C0uggfLQMru1PI=


     

       
37

       

       
-

       
=xIeM


     

       
38

       

       
-

       
-----END PGP SIGNATURE-----


     

       

       
29

       
+

       
Expires: 2026-12-31T23:59:59.999Z
+49
markdown/.well-known/security.txt.asc 
···

       

       
1

       
+

       
-----BEGIN PGP SIGNED MESSAGE-----


     

       

       
2

       
+

       
Hash: SHA512


     

       

       
3

       
+

       



     

       

       
4

       
+

       
# You are viewing the original unsigned security.txt file. For the


     

       

       
5

       
+

       
# cryptographically signed versions, append either one of the following


     

       

       
6

       
+

       
# to access the signatures and verify yourself via ssh-keygen or gpg.


     

       

       
7

       
+

       
#


     

       

       
8

       
+

       
#   - .asc - cleartext PGP signed message


     

       

       
9

       
+

       
#   - .sig - ssh-keygen signature (use "file" as namespace when


     

       

       
10

       
+

       
#            verifying with my SSH pubkeys at /keys/ssh/main-2022.pub)


     

       

       
11

       
+

       
#


     

       

       
12

       
+

       
# Learn more: https://andreijiroh.dev/keys or https://wiki.andreijiroh.dev/go/encrypted-comms


     

       

       
13

       
+

       



     

       

       
14

       
+

       
# Canonical URI


     

       

       
15

       
+

       
Canonical: https://andreijiroh.dev/.well-known/security.txt


     

       

       
16

       
+

       



     

       

       
17

       
+

       
# Contact details


     

       

       
18

       
+

       
Contact: mailto:ajhalili2006@andreijiroh.dev


     

       

       
19

       
+

       
Contact: https://andreijiroh.dev/contact/security


     

       

       
20

       
+

       
Contact: https://keybase.io/ajhalili2006


     

       

       
21

       
+

       



     

       

       
22

       
+

       
Preferred-Languages: en


     

       

       
23

       
+

       



     

       

       
24

       
+

       
# Use my PGP keys on the website or at Keybase


     

       

       
25

       
+

       
Encryption: https://keybase.io/ajhalili2006/pgp_keys.asc


     

       

       
26

       
+

       
Encryption: https://andreijiroh.dev/keys/pgp.asc


     

       

       
27

       
+

       



     

       

       
28

       
+

       
# Security Policy and acknowledgments


     

       

       
29

       
+

       
Policy: https://andreijiroh.dev/security


     

       

       
30

       
+

       
Acknowledgments: https://andreijiroh.dev/security/#thanks


     

       

       
31

       
+

       



     

       

       
32

       
+

       
Expires: 2026-12-31T23:59:59.999Z


     

       

       
33

       
+

       



     

       

       
34

       
+

       
-----BEGIN PGP SIGNATURE-----


     

       

       
35

       
+

       



     

       

       
36

       
+

       
iQIzBAEBCgAdFiEETV5jF1jLnMRZQbHOZ7/JGz2hK+gFAmk2kg4ACgkQZ7/JGz2h


     

       

       
37

       
+

       
K+iiKxAAz1lae2bTPE6bkTcg4LfHINkenopH2ji/2nwickjXaaC4OZe48CcrKmK/


     

       

       
38

       
+

       
TAV74/yNncAUYkifji58YXXZvyDeLoDdCTM5TudkTYtxc3iL3k8QaOgZ+3il5NAE


     

       

       
39

       
+

       
NtnRwC86RaUuLsDWGcEOqNiJvcMMEWuqJrDgNyFrF+XsDZemJGmMIwjtosYwmGmf


     

       

       
40

       
+

       
nzFfsI5LIpveWBcA6+4kUflD6lsnm431MoJlIv+LRm6G6uarZ6iiyv4FjBlzaJb0


     

       

       
41

       
+

       
h0PiKXopFHW2OuunxacK69UK3Ib21qRKvGm640s0AgrxBqSUqmKM+fgvyvlcZEwq


     

       

       
42

       
+

       
uVUJZe7VKTXnEGRMms5OfPyEjE5LEyyDk3RfUfdxev8Dz7nx0Y1mrfS+rnc63Oc0


     

       

       
43

       
+

       
X6k6bkMg8MREazt2DoM8oCRHxA7O+MUSwLM05qGFI9MSZnvN99YLODbGn5FJWy14


     

       

       
44

       
+

       
U/z+ywVHUF1sA5tkfWvYlQA5PLUdpJlfivgVwiKykcWllEB8Sj7GFlPSV7hLZevW


     

       

       
45

       
+

       
n2LVEw+7y8mcJEy4v0wcT3xfAuJY0+YhlsDR1jO5m+8bVScmDxaaRFUWIDKH8r5S


     

       

       
46

       
+

       
u9QGqmnot4Ycpk8x9UVE38dqeDoNJ/UmJbxk3lkRESstxodsHfuJlEmxR0jHmRgt


     

       

       
47

       
+

       
rNd+d7/PcrCBIZf1kwG1u/O+7188OmyovOGbRWscGAS+p05TZTA=


     

       

       
48

       
+

       
=BEFc


     

       

       
49

       
+

       
-----END PGP SIGNATURE-----
+6
markdown/.well-known/security.txt.sig 
···

       

       
1

       
+

       
-----BEGIN SSH SIGNATURE-----


     

       

       
2

       
+

       
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgRe4PeEnAieVwezfCRdYBY2jx6z


     

       

       
3

       
+

       
ds8B3Z7yKmPKqAanYAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx


     

       

       
4

       
+

       
OQAAAEA6eFolLk853O1572TLAkDfNcLFZJfmW2J8thiSmosHBtcVoyfoqpduEFnIiv9BCj


     

       

       
5

       
+

       
hnXrv8ejkwWxd7dBfwVDMB


     

       

       
6

       
+

       
-----END SSH SIGNATURE-----
-19
markdown/.well-known/security.txt.unsigned 
···

       
1

       

       
-

       
# Canonical URI


     

       
2

       

       
-

       
Canonical: https://andreijiroh.eu.org/.well-known/security.txt


     

       
3

       

       
-

       



     

       
4

       

       
-

       
# Contact details


     

       
5

       

       
-

       
Contact: mailto:ajhalili2006@andreijiroh.eu.org


     

       
6

       

       
-

       
Contact: https://andreijiroh.eu.org/contact/security


     

       
7

       

       
-

       
Contact: https://keybase.io/ajhalili2006


     

       
8

       

       
-

       



     

       
9

       

       
-

       
Preferred-Languages: en


     

       
10

       

       
-

       



     

       
11

       

       
-

       
# Use my PGP keys on the website or at Keybase


     

       
12

       

       
-

       
Encryption: https://keybase.io/ajhalili2006/pgp_keys.asc


     

       
13

       

       
-

       
Encryption: https://andreijiroh.eu.org/keys/pgp.asc


     

       
14

       

       
-

       



     

       
15

       

       
-

       
# Security Policy and acknowledgments


     

       
16

       

       
-

       
Policy: https://andreijiroh.eu.org/security


     

       
17

       

       
-

       
Acknowledgments: https://andreijiroh.eu.org/security/#thanks


     

       
18

       

       
-

       



     

       
19

       

       
-

       
Expires: 2024-09-26T15:59:00.000Z