NetSigil signs directories and verifies directory signatures. This allows you and others to detect tampering by whoever might have access to wherever you upload them (hosting provider, attackers, etc). Use it to:
Best used within a script that synchronizes local files with the server. This is [how I use it](https://gitlab.com/nervuri/nervuri.net/-/blob/master/sync.sh#L10).
1. Walks you through installing `signify` and generating a keypair.
2. Generates a SHA256SUMS file containing hashes of all files in a directory, including subdirectories.
3. Puts the public key and the SHA256SUMS file into an archive which it then signs using signify's `-z` option, which embeds the signature in the gzip header.
### Verifying
Verification is not yet implemented, but can be done manually. Here is an example for the Gemini protocol (using [agunua](https://framagit.org/bortzmeyer/agunua) to download files):
The idea for this program spawned [on the Gemini mailing list](https://lists.orbitalfox.eu/archives/gemini/2021/005585.html). Special thanks to [Christophe Henry](https://gmi.sbgodin.fr/) and [Francesco Camuffo](https://fmac.xyz/).