FITstagram

https://vitapavlik.cz/hiddenfiles/fitstagram-admin-pgp-key-declaration-2025-08-14.pdf

In this file, I declare that the PGP key I currently use to sign pictures on FITstagram is mine.

This file is signed with my other, more trustworthy identity. It carries a certificate issued to me by the Czech PostSignum authority. According to the European regulation eIDAS, it has the equivalent legal effect as a handwritten signature.

Verify the signature by opening the file in an apropriate pdf viewer (for example Microsoft Edge or Adobe Acrobat). Alternatively, use https://verifysignature.eu/

More information on Qualified Electronic Signatures (QES): https://en.wikipedia.org/wiki/Qualified_electronic_signature

⭐
From now on, you can add PGP public keys in your account settings.

https://iis.vitapavlik.cz/usersettings

⭐
After adding your public key (in account settings), you'll be able to sign your own posts.

⭐
What you're actually signing is a short piece of text that looks something like this:

I, admin, hereby sign xxx.jpg with hash XXX.

⭐
How to create a PGP key pair using gpg:

- gpg --full-generate-key

- go through the interactive prompt

- after that, the key pair is stored in your gpg key ring

- look at the fingerprint of your key using gpg --list-keys

- export ascii-armored public key using gpg --export --armor FINGERPRINT

⭐
Notes:

- as of now, signatures cannot be removed

- you can only sign your own posts

- you can only add one signature to a post (using any of your keys)

- removing a key in your account settings removes all the signatures made with that key (all posts signed with that key will apper unsigned again)

- the website will prepare a command to create a signature using a specific key (the gpg -u option) and it chooses the first key it finds in db, for this reason it is beneficial to only upload one key (this is yet to be improved)

⭐
Picture: Maximilianovich on Pixabay
https://pixabay.com/photos/man-sign-paper-write-document-5710164/