tl;dr: I sign my blogposts. curl http://blog.merovius.de/2014/01/23/signed-blog-posts.html | gpg
I might have to update my TLS server certificate soon, because the last change seems to have broken the verification of https://merovius.de/. This is nothing too exciting, but it occured to me that I should actually provide some warning or notice in that case, so that people can be sure, that there is nothing wrong. The easiest way to accomplish this would be a blogpost and the easiest way to verify that the statements in that blogpost are correct would be, to provide a signed version. So because of this (and, well, because I can) I decided to sign all my blogposts with my gpg-key. People who know me should have my gpg key so they can verify that I really have written everything I claim.
So this is, what happens now. In every blogpost there is a HTML-comment embedded, containing the original markdown I wrote for this post in compressed, signed and ASCII-armored form. You can try it via
curl http://blog.merovius.de/2014/01/23/signed-blog-posts.html | gpg
This should output some markdown to stdout and a synopsis of gpg about a valid (possibly untrusted, if you don't have my gpg-key) signature on stderr. Neat!
The changes needed in the blog-code itself where pretty minimal. I had however (since I don't want my gpg secret key to be on the server) to change the deployment a little bit. Where before a git push would trigger a hook on the remote repository on my server that ran jekyll, now I have a local script, that wraps a jekyll build, an rsync to the webserver-directory and a git push. gpg-agent ensures, that I am not asked for a passphrase too often.
So, yeah. Crypto is cool. And the procrastinator prevailed again!