Verify
The authoritative reference for my identity and published writing.
Verified Channels
The following are my verified presences. Outreach or content from any channel not listed here is not verified as me.
- chrischerry.me — this site
- chris@chrischerry.me
Identity Key (GPG)
GPG key for identity, email signing, and cross-attestation of other keys I control.
Fingerprint:
0443 E27B 9D24 ECC7 DFFE D2EB 1835 5095 981E CD6C Download the full public key (ASCII-armored). Also published as a DNS TXT record at _pgp.chrischerry.me.
Import and check the fingerprint:
curl -sS https://chrischerry.me/pubkey.asc | gpg --import
gpg --fingerprint chris@chrischerry.meContent Signing Key (SSH / Ed25519)
Every post published under /writing/ is also served as canonical JSON with a detached Ed25519 signature.
Fingerprint:
SHA256:uKR8I5F+oF1Wqm8uvuRqcHbMhLXrt4vAQCPFlvjnpNE- Public key (OpenSSH format)
- allowed_signers file for
ssh-keygen -Y verify - GPG-signed attestation binding this Ed25519 key to my GPG identity above
Signing namespace: chrischerry.me-post. Signing identity: chris@chrischerry.me.
How to Verify a Post
Pick any post slug — for example 2026-02-27-preemption-without-doctrine — then run:
SLUG=2026-02-27-preemption-without-doctrine
curl -sS -o post.json https://chrischerry.me/writing/$SLUG.json
curl -sS -o post.json.sig https://chrischerry.me/writing/$SLUG.json.sig
curl -sS -o allowed_signers https://chrischerry.me/verify/allowed_signers
ssh-keygen -Y verify \
-f allowed_signers \
-I chris@chrischerry.me \
-n chrischerry.me-post \
-s post.json.sig < post.json
A valid signature prints Good "chrischerry.me-post" signature for chris@chrischerry.me. Any other output means the post has been modified or is not authentic.
Full field-level documentation of the canonical JSON, including the canonicalization rules (RFC 8785), is in SIGNING.md. A reference canonicalization helper is available at /verify/canonicalize.mjs.