PGP Signature Verification

Every autographed item I sign comes with a QR code that links to a unique verification page on this site. Each verification page contains:

• A photograph of the signed item
• A PGP cleartext signature proving I signed it
• A SHA-256 hash of the image for integrity verification
• A downloadable proof bundle (.zip)

The verification page lets you cryptographically verify the signature directly in your browser using openpgp.js, or you can download the proof and verify it manually with GPG.

How it works

1. Scan the QR code on the physical item
2. View the signed photograph and PGP signature
3. Click "Verify Signature" for automatic browser-based verification
4. The system verifies the PGP signature and checks the image's SHA-256 hash

Public Key

My PGP key ID is 0xFAA617E32679E455. You can find the public key on the MIT PGP keyserver or download it from this site.

Manual Verification

gpg --import jimmy-song-pubkey.asc
gpg --verify proof.asc
sha256sum image.jpg