Warning: This process is quite technical. It requires some knowledge of OpenPGP and the command line. It also assumes you have the program gpg installed.
For this you have two options. Download the keys directly from socialistra.org, or from a keyserver. Currently, our keys are signed by the Executive Director and the Technology Director.
gpg --keyserver keys.openpgp.org --receive-keys 8ED05D2A82E2779F73758BE720018229C42DCC74
gpg --keyserver keys.openpgp.org --receive-keys 46FEDD324C803CC0EC426ED41BD4BC6C454F6E37S curl https://socialistra.org/res/keys/matt.pgp | gpg --import
curl https://socialistra.org/res/keys/erin.pgp | gpg --importDownload the most recent signed canary statement (matt.asc or erin.asc). This is an armored text file that includes both the content and the signature. You can read the plain text version of the canary statement, wrapped in a gpg signature:
-----BEGIN PGP SIGNED MESSAGE-----
plain text canary statement
-----BEGIN PGP SIGNATURE-----
signature block
-----END PGP SIGNATURE-----You can validate that the plain text statement matches the signed statement with gpg --verify.
gpg --verify matt.asc
gpg --verify erin.ascYou should see an output similar to the following, though the dates may be different depending on when the canary was signed.
gpg: Signature made Wed 04 Jun 2025 06:51:53 PM PDT
gpg: using RSA key 8ED05D2A82E2779F73758BE720018229C42DCC74
gpg: Good signature from "Matt R <matt@socialistra.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8ED0 5D2A 82E2 779F 7375 8BE7 2001 8229 C42D CC74You should make sure it says "Good signature" in the output. It will only be a good signature if the plain text has not been altered.
Unless you have taken explicit steps to trust the above keys, you will see a warning message similar to:
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.However, you should still see "Good signature".