Signed Posts
by Marc Armengou on WordPress.org
Signed Posts allows authors to sign posts, assuring content integrity. Signature verification proves post-signing alteration hasn't occurred.
(0)
Signed Posts allows authors to sign posts, assuring content integrity. Signature verification proves post-signing alteration hasn’t occurred.
Features:
- In-browser verification: The signature verification is done on the client side (in the visitor’s browser).
- Methods: OpenPGP (ASCII-armored detached signature) and DID (did:key, did:web) using Ed25519 detached JWS (b64=false).
- Source of trust: For OpenPGP, the author specifies the URL of their public key in their profile. For DID, the author sets their DID (did:key or did:web). For did:web, the plugin fetches
https://./.well-known/did.json - Status block: An informative block is automatically added to the end of each signed article, showing the verification status (valid, invalid, or error).
- Author badge: The author name in posts is enhanced with an icon and KeyID/fingerprint text.
Source Code and Libraries
OpenPGP.js
* Version: 6.2.2
* License: LGPL-3.0-or-later
* Public Source Code: https://github.com/openpgpjs/openpgpjs
Web Crypto API
* Used to verify Ed25519 signatures for DID.
Active installations0+
Weekly downloads
50–
Version0.4
Last updated10/9/2025
WordPress version6.0
Tested up to6.8.3
PHP version7.0
Tags
didopenpgpsecuritysignatureverification
