Vanna's Canary

Home

This page was generated on 2024-12-22 from the URL https://vannapharma.cc/canary/

The message block was decrypted using Vanna's known-good public key.

Signature age (days): 192

Warning: Vanna's signature is more than a month old. Best ask around before ordering, just in case.

Vanna's signed message:


I have signed this canary to verify that I, the owner of Vanna Pharma am alive and free as of Thursday, June 13th, 2024 and in full control of the Vanna Pharma website and related services.

Emergency updates are available here, and in the event that our site becomes unavailable, you can contact us through email at vannapharma (at) protonmail (dot) com.

Next canary is due July, 2024.

Our public PGP key is available in a separate pane below

Signature verification:

gpg: Signature made Thu 13 Jun 2024 05:06:49 BST
gpg:                using RSA key 63D53129FC3D92D3
gpg: Good signature from "vanna <vannapharma@protonmail.com>" [full]

What are Canaries?

A canary is a way for a website owner to signal that something's wrong, like authorities snooping around or taking control of a server.

The site owner posts a message along with a key that can be used to prove it was written by them, and then updates the message periodically. If the owner stops updating the message, then that's a signal that something is wrong.

Nobody can take control of the site for long without people knowing, even if the site owner is legally obliged to remain silent.

Example commands (Vanna Pharma)

# Copy Vannas's public key from the canary page. Save as vanna_public_pgp.asc
# Copy Vanna's message from the canary page. Save as vanna_message_pgp.asc

# Check that Vanna's public key matches the archived copy from January 2023
https://web.archive.org/web/20230123225946/https://vannapharma.com/canary/

# Only import the key if it matches the archived copy. If it doesn't, then RED ALERT!
gpg --import vanna_public_pgp.asc

# Verify the message is authentic according to the key we imported
gpg --verify vanna_message_pgp.asc

# Other commands that are useful
gpg --list-keys  # show all keys in local keyring
gpg --lsign-key <name>  # sign with your private key to indicate you trust the key
gpg --edit-key <name> # run the 'trust' command to set the trust level you want to give vanna's key

# Note that <name> can be a key id or even 'vanna' will work for us
# The 'other commands' are not necessary, but can remove scary warnings in output