feat(key): add SSH-key verification instructions

2025-06-24 16:12:29 +00:00 · 2025-06-24 16:12:29 +00:00 · b2672d1df0
commit b2672d1df0
parent 86e126aacd
1 changed files with 5 additions and 2 deletions
--- a/key.xhtml
+++ b/key.xhtml
@ -1,7 +1,7 @@
 <!DOCTYPE html>

 <!-- Inferencium - Website - Key -->
-<!-- Version: 9.2.0-alpha.3 -->
+<!-- Version: 9.2.0-alpha.4 -->

 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -107,7 +107,10 @@
 							<p>SSH keys used to sign data outside of their validity periods should be classified as
 							compromised; only trust SSH keys used within their validity periods.</p>
 							<p>Each SSH key is signed with the previous key, allowing verification of the
-							chain-of-trust.</p>
+							chain-of-trust. It is <strong>strongly</strong> recommended that you verify the entire
+							chain, which can be performed by adding each of my public keys to SSH's
+							<code>allowed_signers</code> file, then running the following command for each key:</p>
+							<pre>ssh-keygen -Y verify -f <var>&lt;allowed_signers file&gt;</var> -I <var>&lt;signer name/email address&gt;</var> -n file -s <var>&lt;signature file of file-to-verify&gt;</var> &lt; <var>&lt;file-to-verify&gt;</var></pre>
 							<table>
 								<tr>
 									<th>ID</th>