Yes my website's onion service has changed
Posted on 19 Dec 2019 by Matt Traudtpermalink
My hosting provider went out of business.
I didn't get my onion service's keys off the box in time. Stupid. Kept putting it off like an idiot.
I took this opportunity to stop offering a v2 onion service. Now you have to use that that hot v3 goodness. Oh nooooo.
Like you've always been able to (but probably no one has ever done), you can
verify this post was written by me by downloading this page, downloading the
signature of this page by appending
.asc to the URL, and using (e.g.) GnuPG.
Oh and hopefully you already have my key or have a good reason to trust that
the key in the footer of my website is mine. I am
B7E105FC4E6D9377F89CBA4C83BCA95294FBBB0A. But the preceeding sentence is
meaningless if you didn't already know that. But now I'm repeating myself. Ugh
$ wget -q https://matt.traudt.xyz/posts/yes-my-websites-w6t3nxCA.html $ wget -q https://matt.traudt.xyz/posts/yes-my-websites-w6t3nxCA.html.asc $ gpg --verify yes-my-websites-w6t3nxCA.html.asc gpg: assuming signed data in 'yes-my-websites-w6t3nxCA.html' gpg: Signature made Thu 19 Dec 2019 07:51:10 PM EST gpg: using RSA key B7E105FC4E6D9377F89CBA4C83BCA95294FBBB0A gpg: Good signature from "Matt Traudt <firstname.lastname@example.org>" [unknown] gpg: aka "Matt Traudt <email@example.com>" [unknown] gpg: aka "Matt Traudt <firstname.lastname@example.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B7E1 05FC 4E6D 9377 F89C BA4C 83BC A952 94FB BB0A
If you're familiar with PGP you know what can be different from the above without concern. If you're not familiar with PGP, you shouldn't be trusting things because they are "PGP verified."