Merge pull request 'Migrate backend to node.js' (#23) from nodejs_migration into dev
Reviewed-on: https://codeberg.org/keyoxide/web/pulls/23
1
.gitignore
vendored
|
@ -29,3 +29,4 @@ vendor
|
|||
node_modules
|
||||
server/secrets.php
|
||||
.editorconfig
|
||||
.env
|
||||
|
|
|
@ -31,9 +31,12 @@
|
|||
**/*.md
|
||||
**/*.png
|
||||
**/*.svg
|
||||
**/*.env
|
||||
**/*.pug
|
||||
|
||||
\.drone\.yml
|
||||
composer.json
|
||||
composer.lock
|
||||
package.json
|
||||
package-lock.json
|
||||
\.editorconfig
|
||||
|
|
2
assets/openpgp.min.js
vendored
20
guides/contributing.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Contributing to Keyoxide
|
||||
|
||||
Keyoxide is more than this website. It's a project that aims to make cryptography more accessible to everyone. Keyoxide is part of a larger community of people working hard to develop tools that add privacy and security to our digital online lives. Remember: privacy is not a luxury.
|
||||
|
||||
## As a developer
|
||||
|
||||
As Keyoxide is an open-source project licensed under the permissive [MIT License](https://codeberg.org/keyoxide/web/src/branch/main/LICENSE), everyone is welcome and encouraged to contribute. This can be done in various forms:
|
||||
|
||||
* [Open an issue](https://codeberg.org/keyoxide/web/issues) to request changes, new features or simply get help.
|
||||
* [Open a PR](https://codeberg.org/keyoxide/web/pulls) to directly integrate your own changes and new features.
|
||||
|
||||
## Not a developer?
|
||||
|
||||
Not a developer? Not a problem? You could:
|
||||
|
||||
* Learn more about the importance of online privacy and security and advocate for it (much needed!)
|
||||
* Write guides for others and help each other out.
|
||||
* Start using decentralized OpenPGP identity keys.
|
||||
* Spread the word about Keyoxide and OpenPGP keys in general.
|
||||
* Talk to persons you know using siloed or closed-source alternatives to Keyoxide.
|
41
guides/devto.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Adding a dev.to proof
|
||||
|
||||
Let's add a decentralized dev.to proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Post a dev.to proof message
|
||||
|
||||
Log in to [dev.to](https://dev.to) and create a new post with the following text (make sure to replace FINGERPRINT and USERNAME):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this dev.to account](https://dev.to/USERNAME). For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
After posting, copy the link to the post.
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to update with the link to the post copied above):
|
||||
|
||||
`proof@metacode.biz=https://dev.to/USERNAME/POST_TITLE`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified dev.to account.
|
41
guides/discourse.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Adding a Discourse proof
|
||||
|
||||
Let's add a decentralized Discourse proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Update the Discourse account
|
||||
|
||||
Log in to the discourse instance website and add the following text to your **About me** (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this Discourse account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
After posting, copy the link to your profile page (it should end with your **/u/USERNAME**).
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to replace PROFILE_URL with the link to the profile copied above):
|
||||
|
||||
`proof@metacode.biz=PROFILE_URL`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Discourse account.
|
35
guides/dns.md
Normal file
|
@ -0,0 +1,35 @@
|
|||
# Adding a DNS proof
|
||||
|
||||
Let's add a decentralized DNS proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Update DNS records for your website
|
||||
|
||||
Add the following TXT record to the DNS records of the (sub)domain you want to prove control over (make sure to replace FINGERPRINT):
|
||||
|
||||
`openpgp4fpr:FINGERPRINT`
|
||||
|
||||
No specific TTL value is required.
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to replace DOMAIN, don't include https://):
|
||||
|
||||
`proof@metacode.biz=dns:DOMAIN?type=TXT`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
27
guides/encrypt.md
Normal file
|
@ -0,0 +1,27 @@
|
|||
# Encrypting a message
|
||||
|
||||
Let's see how to encrypt a message.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Obtain a public key for encryption
|
||||
|
||||
The idea is that you use someone's public key to encrypt a message. From then on, the message cannot be decrypted and read by anyone but the person possessing the private keys associated with the public key (they'll have the same fingerprint).
|
||||
|
||||
If you already have a public key (or its fingerprint) you would like to use to encrypt a message, great! If not, you could use the following fingerprint:
|
||||
|
||||
`9f0048ac0b23301e1f77e994909f6bd6f80f485d`
|
||||
|
||||
## Encrypt a message
|
||||
|
||||
Open the [keyoxide.org/encrypt](/encrypt) page and paste the fingerprint in the **Email / key id / fingerprint** field.
|
||||
|
||||
Write a message in the **Message** field. Scroll down and press the **ENCRYPT MESSAGE** button.
|
||||
|
||||
You have successfully encrypted the message! The encrypted message in the **Message** field can safely be sent via unsecured communication channels knowing that only the person possessing the private key associated with that fingerprint can read it.
|
||||
|
||||
## Going further
|
||||
|
||||
You could try using different mechanisms of fetching keys, such as **web key directory** or copy-pasting a plaintext public key.
|
||||
|
||||
If you'd like to receive PGP encrypted messages, you must first learn the fundamentals of PGP and how to generate and handle your own keypair.
|
41
guides/feature-comparison-keybase.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Feature comparison with Keybase
|
||||
|
||||
Let's see how Keyoxide's features compare to those of Keybase.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Encrypt and verify
|
||||
|
||||
Both Keyoxide and Keybase allow easy encryption of data and verification of signatures. While Keybase can only perform these actions for their users who uploaded at least a public key to their servers, Keyoxide can do this for any key on the internet, whether it's available through web key directory, dedicated key servers or simply copy-pasting a plaintext key.
|
||||
|
||||
## Decrypt and sign
|
||||
|
||||
Keyoxide cannot decrypt data or sign messages.
|
||||
|
||||
Keybase can do both of those things but this should NOT be considered a feature. It requires one to upload their private key to closed-source servers which is an act in stark contradiction with all safety precautions any owner of a private key should aim to heed.
|
||||
|
||||
## Online identity proofs
|
||||
|
||||
Both Keyoxide and Keybase allow the user to generate proofs of online identity on various platforms. The difference lies in the method of generation and the implications this has on security.
|
||||
|
||||
Keybase generates a signed message to be posted by the to-be-verified account. Since this involves a signature, any signing key can be used. If a signing key gets misappropriated, it becomes easy for a bad actor to create fake identity proofs.
|
||||
|
||||
Keyoxide uses decentralized OpenPGP proofs in which the identity proofs are stored as notations within the keys themselves. This is only possible when you have access to keys with "certification" capability. As these are the most valuable of keys, they should also be handled more securely than signing keys and are therefore less prone to forgery of identity proofs.
|
||||
|
||||
## Social network and additional services
|
||||
|
||||
Keybase provides an additional social network, chat functionality, encrypted drive, encrypted git, XLM crypto wallet and much more.
|
||||
|
||||
Keyoxide has none of that. Just keys and proofs.
|
||||
|
||||
## Openness
|
||||
|
||||
Keyoxide is fully open-source. It consists mainly of a client component which is the browser. The supporting server functions are open-source as well.
|
||||
|
||||
Keybase has open-source clients but closed-source servers.
|
||||
|
||||
## Data safety
|
||||
|
||||
Keyoxide lets the user's devices do almost all of the heavy lifting, meaning no data is ever sent to a server to perform any of the actions. Only exceptions to this rule are a couple of "proxy scripts" for proofs that cannot be verified by a browser. These proxy scripts are open-source as well and inspectable by all.
|
||||
|
||||
Keybase servers are closed-source. One does not know what happens inside that black box.
|
43
guides/github.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Adding a Github proof
|
||||
|
||||
Let's add a decentralized Github proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Post a Github proof message
|
||||
|
||||
Log in to [github.com](https://github.com) and click on **New gist**.
|
||||
|
||||
Name the file **openpgp.md** and copy the following content into it (make sure to replace FINGERPRINT and USERNAME):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this Github account](https://github.com/USERNAME). For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
After creating a public gist, copy the link to the gist.
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to update with the link to the post copied above):
|
||||
|
||||
`proof@metacode.biz=https://gist.github.com/USERNAME/12345678912345678912345678912345`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Github account.
|
41
guides/hackernews.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Adding a Hackernews proof
|
||||
|
||||
Let's add a decentralized Hackernews proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Update the Hackernews account
|
||||
|
||||
Log in to [Hackernews](https://news.ycombinator.com) and click on your **username**.
|
||||
|
||||
Add the following lines to your **about** (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this Hackernews account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to replace USERNAME):
|
||||
|
||||
`proof@metacode.biz=https://news.ycombinator.com/user?id=USERNAME`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Hackernews account.
|
39
guides/lobsters.md
Normal file
|
@ -0,0 +1,39 @@
|
|||
# Adding a Lobste.rs proof
|
||||
|
||||
Let's add a decentralized Lobste.rs proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Update the Lobste.rs account
|
||||
|
||||
Log in to [Lobste.rs](https://lobste.rs) and append the following text to the **About** section (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this Lobste.rs account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to replace USERNAME):
|
||||
|
||||
`proof@metacode.biz=https://lobste.rs/u/USERNAME`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Lobste.rs account.
|
45
guides/managing-proofs-deleting.md
Normal file
|
@ -0,0 +1,45 @@
|
|||
# Deleting Proofs using GnuPG
|
||||
|
||||
Over time, you may need to delete proofs. Changing proofs can be achieved by deleting proofs and adding new ones.
|
||||
|
||||
## Delete all proofs
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Launch the notation prompt:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the 'none' notation to delete all notations:
|
||||
|
||||
`none`
|
||||
|
||||
Save the changes:
|
||||
|
||||
`save`
|
||||
|
||||
## Delete one of your proofs
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Launch the notation prompt:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the **-** (minus) symbol followed by the proof you want to delete. Make sure you type the proof exactly like it is in your key.
|
||||
|
||||
`-proof@metacode.biz=dns:yourdomain.org?type=TXT`
|
||||
|
||||
_To make it easier to enter the right proof, you could first [list all proofs](managing-proofs-listing) and simply copy the proof (including "proof@metacode.biz=") you want to delete._
|
||||
|
||||
Save the changes:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
29
guides/managing-proofs-listing.md
Normal file
|
@ -0,0 +1,29 @@
|
|||
# Listing Proofs using GnuPG
|
||||
|
||||
Let's list the identity proofs stored in our OpenPGP keys.
|
||||
|
||||
## Listing notations in GnuPG
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
List detailed preferences:
|
||||
|
||||
`showpref`
|
||||
|
||||
You should now see your key details, uid, and proofs assigned to your keys:
|
||||
|
||||
```
|
||||
[ultimate] (1). Your Name <your@email>
|
||||
Cipher: AES256, AES192, AES, 3DES
|
||||
Digest: SHA512, SHA384, SHA256, SHA1
|
||||
Compression: ZLIB, BZIP2, ZIP, Uncompressed
|
||||
Features: MDC, Keyserver no-modify
|
||||
Notations: proof@metacode.biz=https://gist.github.com/youruser/somehash
|
||||
proof@metacode.biz=dns:yourdomain.org?type=TXT</your@email>
|
||||
```
|
||||
|
||||
Exit gpg:
|
||||
|
||||
`quit`
|
35
guides/mastodon.md
Normal file
|
@ -0,0 +1,35 @@
|
|||
# Adding a Mastodon proof
|
||||
|
||||
Let's add a decentralized Mastodon proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Update the Mastodon account
|
||||
|
||||
Log in to your Mastodon instance and click on **Edit profile**.
|
||||
|
||||
Add a new item under **Profile metadata** with the label **OpenPGP** and your PGP fingerprint as the content.
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to update the link):
|
||||
|
||||
`proof@metacode.biz=https://INSTANCE.ORG/@USERNAME`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Mastodon account.
|
25
guides/migrating-from-keybase.md
Normal file
|
@ -0,0 +1,25 @@
|
|||
# Migrating from Keybase
|
||||
|
||||
Let's see how easy it is to get a Keyoxide profile when you already have a Keybase account.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Claim your Keyoxide profile
|
||||
|
||||
Go to the [profile URL generator](/util/profile-url), set Keybase as Source and follow the Keybase specific instructions. Has a profile URL been generated? Congratulations, you now have your very own Keyoxide profile!
|
||||
|
||||
## Actually migrating to Keyoxide
|
||||
|
||||
Unfortunately, you get very little control when using your Keybase key directly. You will need to generate your own PGP keypair (use guides like [this one](https://spin.atomicobject.com/2013/11/24/secure-gpg-keys-guide/) for help) to unlock the full potential of [distributed identity proofs](/guides/proofs).
|
||||
|
||||
Have you generated a keypair and made the public key accessible through [web key directory (WKD)](/guides/web-key-directory) or uploaded it to [keys.openpgp.org](https://keys.openpgp.org/)? Use the [profile URL generator](/util/profile-url) to get your own profile URL and [start adding identity proofs](/guides).
|
||||
|
||||
## Keyoxide as a partial replacement for Keybase
|
||||
|
||||
It's important to moderate expectations and state that [Keyoxide](/) only replaces the subset of Keybase features that are considered the "core" features: message encryption, signature verification and identity proofs.
|
||||
|
||||
Message decryption and signing are **not** supported features: they would require you to upload your secret key to a website which is a big **no-no**.
|
||||
|
||||
Encrypted chat and cloud storage are **not** supported features: there are plenty of dedicated alternative services.
|
||||
|
||||
If you need any of these Keybase-specific supports, [Keyoxide](/) may not be a full Keybase replacement for you but you could still generate a profile and take advantage of **distributed identity proofs**.
|
35
guides/openpgp-proofs.md
Normal file
|
@ -0,0 +1,35 @@
|
|||
# How OpenPGP identity proofs work
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Decentralized OpenPGP identity proofs
|
||||
|
||||
Decentralized OpenPGP identity proofs are the brainchild of Wiktor who wrote the original guide on [his website](https://metacode.biz/openpgp/proofs) (a suggested read to get first-hand information).
|
||||
|
||||
Unlike proofs provided by for example [Keybase](https://keybase.io), OpenPGP proofs are stored inside the PGP keys themselves instead of being mere signatures. Since this operation requires keys with "certify" capabilities and not simply "sign" capabilities, these OpenPGP proofs could be considered more secure.
|
||||
|
||||
## Example
|
||||
|
||||
* Alice and Bob have been talking for years on service A. Alice already has an account on service B. Bob wants to move to service B as well. A simple decentralized proof confirms that the person who is known as Alice on service A is also known as Alice on service B. Bob can safely move to service B and talk to Alice without having to meet in person to confirm their accounts.
|
||||
* Alice has received a friend request from Bob29 on service C. Is this the same Bob from service A or not? A simple decentralized proof confirms that the person who is known as Bob on platform A is also known as Bob29 on service C. Turns out 28 Bobs were already using service C.
|
||||
* Bob has been invited by an account named Alyce to create an account on an unknown server. Is this a legit request? A simple decentralized proof tells Bob that Alice does not have such an account. Bob knows something is up and does not click the link possibly sent by an imposter.
|
||||
|
||||
## What an OpenPGP proof looks like
|
||||
|
||||
Every OpenPGP identity proof is stored in the PGP key as a notation that looks like this:
|
||||
|
||||
`proof@metacode.biz=https://twitter.com/USERNAME/status/1234567891234567891`
|
||||
|
||||
This particular proof is for a Twitter account (read more in the [Twitter guide](/guides/twitter)). Let's analyse the notation:
|
||||
|
||||
* **proof** means the current notation is for an identity proof.
|
||||
* **@metacode.biz** is the domain of the person who came up with OpenPGP proofs and serves as a namespace for the notation. The domain is included and used for all proofs to comply with the [OpenPGP Message Format standard (RFC 4880)](https://tools.ietf.org/html/rfc4880#section-5.2.3.16).
|
||||
* **https://twitter.com/USERNAME/status/1234567891234567891** is the value of the notation. It is a link to the piece of online content that contains a pre-defined message which must always include the fingerprint of the PGP key that will hold the proof.
|
||||
|
||||
The proof should always link to a document that can be parsed as JSON to make the verification easy and feasible by the browser. Sometimes however, due to CORS restrictions or API requirements (as is the case for Twitter), no such link is provided by the platform. In these rare exceptional cases, the verification process is delegated to the Keyoxide server which will communicate directly with the platform's servers to get the content of the post.
|
||||
|
||||
## Your turn
|
||||
|
||||
If you'd like to add decentralized OpenPGP identity proofs to your key, go to the [guides](/guides) and find the right one for your platform of choice. You may find the process to be remarkably easy.
|
||||
|
||||
If your platform is not in the list of [guides](/guides), it's not supported yet. See the [contributing guide](/guides/contributing) for more information on how to get that platform supported.
|
41
guides/pixelfed.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Adding a Pixelfed proof
|
||||
|
||||
Let's add a decentralized Pixelfed proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Update the Pixelfed account
|
||||
|
||||
Log in to your Pixelfed instance and add the following lines to your **Bio** (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this Pixelfed account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to update the link):
|
||||
|
||||
`proof@metacode.biz=https://INSTANCE.ORG/users/USERNAME`
|
||||
|
||||
Please note that the **/users/** part of the URL is mandatory for the proof to work.
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Fediverse account (Pixelfed is part of the [Fediverse](#https://en.wikipedia.org/wiki/Fediverse)).
|
41
guides/pleroma.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Adding a Pleroma proof
|
||||
|
||||
Let's add a decentralized Pleroma proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Update the Pleroma account
|
||||
|
||||
Log in to your Pleroma instance and add the following lines to your **Bio** (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this Pleroma account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to update the link):
|
||||
|
||||
`proof@metacode.biz=https://INSTANCE.ORG/users/USERNAME`
|
||||
|
||||
Please note that the **/users/** part of the URL is mandatory for the proof to work.
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Fediverse account (Pleroma is part of the [Fediverse](#https://en.wikipedia.org/wiki/Fediverse)).
|
29
guides/proofs.md
Normal file
|
@ -0,0 +1,29 @@
|
|||
# Verifying identity proofs
|
||||
|
||||
Let's see how to verify identity proofs.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Obtain a public key for verification
|
||||
|
||||
The idea is that anyone can add identity proofs of various platforms in their keys. Since this information is kept in the public key, you could take anyone's public key and check whether they indeed have control over the accounts they claim to.
|
||||
|
||||
If you already have a public key (or its fingerprint) with OpenPGP identity proofs you would like to use to verify, great! If not, you could use the following fingerprint:
|
||||
|
||||
`9f0048ac0b23301e1f77e994909f6bd6f80f485d`
|
||||
|
||||
## Verify proofs
|
||||
|
||||
Open the [keyoxide.org/proofs](/proofs) page and paste the fingerprint in the **Email / key id / fingerprint** field. Scroll down and press the **VERIFY PROOFS** button.
|
||||
|
||||
You now see a list of domains and/or accounts on platforms for which the owner of the public key claims to have an control over.
|
||||
|
||||
If the last link on a line says **proof**, the proof could not be verified for any number of reasons but Keyoxide still allows to check the supposed proof and decide for yourself whether you trust the claim. If the
|
||||
|
||||
If the last link on a line says **verified**, the owner of the public key indeed has shown beyond doubt that it has control over the domain or account.
|
||||
|
||||
## Your turn
|
||||
|
||||
If you'd like to add decentralized OpenPGP identity proofs to your key, go to the [guides](/guides) and find the right one for your platform of choice. You may find the process to be remarkably easy.
|
||||
|
||||
If your platform is not in the list of [guides](/guides), it's not supported yet. See the [contributing guide](/guides/contributing) for more information on how to get that platform supported.
|
41
guides/reddit.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Adding a Reddit proof
|
||||
|
||||
Let's add a decentralized Reddit proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Post a Reddit proof message
|
||||
|
||||
Log in to [www.reddit.com](https://www.reddit.com) and create a new post with the following text (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this Reddit account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
After posting, copy the link to the post.
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to update with the link to the post copied above):
|
||||
|
||||
`proof@metacode.biz=https://www.reddit.com/user/USERNAME/comments/123123/TITLE/`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Reddit account.
|
7
guides/self-hosting-keyoxide.md
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Self-hosting Keyoxide
|
||||
|
||||
Though it's not a fully supported use case yet, anyone can take the [source code](https://codeberg.org/keyoxide/web) and put it on their own server. The idea is that [Keyoxide.org](https://keyoxide.org) is not special in itself. After all, all the heavy lifting is done by the browser. So the role of any individual Keyoxide server is to get the tool in the hands of the end user.
|
||||
|
||||
The few supporting roles the server has can easily be performed by any other (PHP) server.
|
||||
|
||||
So if you like the project but perhaps are mistrusting of servers of others, especially when it comes to keypairs, here's the [source code](https://codeberg.org/keyoxide/web) and put it on your own server. Thanks for using the project!
|
13
guides/service-provider.md
Normal file
|
@ -0,0 +1,13 @@
|
|||
# Are you a service provider?
|
||||
|
||||
If you have:
|
||||
|
||||
* a website that allows users to create accounts
|
||||
* a messaging platform
|
||||
* any other type of service that may require users to prove their online identity
|
||||
|
||||
Then you may be interested in supporting decentralized identity proofs as they allow your users to securely prove their identity across services. Take a look at this [example](guides/service-provider) to find out how two persons can gain more confidence in knowing they are talking to and interacting with the right person in an online world where impersonating is all too easy.
|
||||
|
||||
The internet could be a slightly safer place if your service allowed your users to prove their identity. All the service needs to do is make a JSON file available with basic details about the user and set the correct CORS headers.
|
||||
|
||||
The [documentation](https://github.com/wiktor-k/openpgp-proofs#for-service-providers) on what is precisely required is provided by the original creator of decentralized OpenPGP identity proofs.
|
41
guides/twitter.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
# Adding a Twitter proof
|
||||
|
||||
Let's add a decentralized Twitter proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Post a Twitter proof message
|
||||
|
||||
Log in to [twitter.com](https://twitter.com) and compose a new tweet with the following text (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this Twitter account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
After posting, copy the link to the tweet.
|
||||
|
||||
## Update the PGP key
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to update with the link to the tweet copied above):
|
||||
|
||||
`proof@metacode.biz=https://twitter.com/USERNAME/status/1234567891234567891`
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a verified Twitter account.
|
63
guides/verify.md
Normal file
|
@ -0,0 +1,63 @@
|
|||
# Verifying a signature
|
||||
|
||||
Let's see how to verify an OpenPGP signature.
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Obtain a signature
|
||||
|
||||
If you already have a signature you would like to verify, great! If not, let's use the following signature for the guide:
|
||||
|
||||
```
|
||||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA256
|
||||
|
||||
I like pineapple.
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQJDBAEBCAAtFiEEog/Pt4tEmnyVrrtlNzZ/SvQIetEFAl70mVUPHHlhcm1vQHlh
|
||||
cm1vLmV1AAoJEDc2f0r0CHrRQXIP/08uza9zOtmZXv5K+uPGVzDKwkgPgZJEezX7
|
||||
6iQ358f1pjSRvYfQ5aB13k2epUHoqCKArMYu1zPqxhvLvvAvp8uOHABnr9NGL3El
|
||||
u7UUgaeUNHkr0gxCKEq3p81abrrbbWveP8OBP4RyxmaFx13Xcj7mfDluiBHmjVvv
|
||||
WU09EdH9VPlJ7WfZ+2G2ZZDHuE5XiaeP7ocugTxXXLkp33zwpDX0+ZuCIXM6fQGe
|
||||
OccSffglFPdNBnfasuuxDWxTQPsEbWGOPJV+CAPmBDeApX+TBF9bovO3hw4Uozk2
|
||||
VT7EAy8Hb0SOrUb3UNGxzoKv++5676IxyB4JXX0Tr9O4ZxhO8o9pEEHwirtn/J1+
|
||||
MWven4gVlWM/6bMeUqx6ydyNc2nqF5059yfRmwGMlp09x82G4x1bcf6aDZ+5njDG
|
||||
fS5T2OpXRIkZHJx8BhmZjsxiDR0KV44zwHpt06+96ef3EDWB0BcP6M+a5Rtc33zf
|
||||
irRmQd2M6RLyXCYtdGIiiAFRuomw802U4F0P4LwVrZdbGA6ObqBv1k8BUFCMbMz8
|
||||
Ab4hF7kO4z0Vh3JaKzcHey0pOzdNCPpAHZ51sAoAnFDM4PdMBgQxxVweCMu4KYMZ
|
||||
FN8sNn42oY/b7gDmwCelVhgD+rvUn/a8+B7CDmCp+wIquyrjrTt00voATcb+ZPMJ
|
||||
pTXJ/NcM
|
||||
=rqTX
|
||||
-----END PGP SIGNATURE-----
|
||||
```
|
||||
|
||||
Copy the above signature.
|
||||
|
||||
## Verify the signature
|
||||
|
||||
Open the [keyoxide.org/verify](/verify) page and paste the signature in the corresponding field. Scroll down and press the **VERIFY SIGNATURE** button.
|
||||
|
||||
Keyoxide lets you know the signature was verified and signed by a certain person.
|
||||
|
||||
## Verify the signature against a specific public key
|
||||
|
||||
Sometimes, you want to know if a specific person or public key was used to create a signature. In this case, let's figure out if the message was signed by Yarmo's public key or his friend Wiktor's public key.
|
||||
|
||||
Copy the following fingerprint:
|
||||
|
||||
`653909A2F0E37C106F5FAF546C8857E0D8E8F074`
|
||||
|
||||
Paste it in the **Email / key id / fingerprint** field under **Public Key (3: HKP server)** and press the big button again. It could not be verified. Guess it wasn't Wiktor who signed that message.
|
||||
|
||||
Now, copy the following fingerprint:
|
||||
|
||||
`9f0048ac0b23301e1f77e994909f6bd6f80f485d`
|
||||
|
||||
Paste it in the same field and press the big button again. It did verify! It was Yarmo all along.
|
||||
|
||||
## Going further
|
||||
|
||||
You could try using different mechanisms of fetching keys, such as **web key directory** or copy-pasting a plaintext public key.
|
||||
|
||||
If you'd like to sign messages using PGP, you must first learn the fundamentals of PGP and how to generate and handle your own keypair.
|
43
guides/web-key-directory.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Uploading keys using web key directory
|
||||
|
||||
[[toc]]
|
||||
|
||||
## Web key directory
|
||||
|
||||
[Web key directory](https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/) or WKD refers to the method of uploading one's public key to their website in a specific location to make it easily accessible by other services supporting WKD. The key will be discoverable using an identifier similar to an email address: **username@domain.org**.
|
||||
|
||||
The benefit of WKD is having full control over the key while still having it widely available. It does however require a domain and some form of file hosting. Luckily, [openpgp.org](https://keys.openpgp.org/about/usage#wkd-as-a-service) have made a WKD-as-a-service. Read more at the end of the guide.
|
||||
|
||||
It exists in two variants: the Direct setup and the Advanced setup. Despite their names, both require roughly the same steps.
|
||||
|
||||
## The Direct setup
|
||||
|
||||
To make your keys available via WKD using the Direct setup, you'll need two paths on your server:
|
||||
|
||||
**https://domain.org/.well-known/openpgpkey/policy**: this is an empty file
|
||||
|
||||
**https://domain.org/.well-known/openpgpkey/hu/LOCALPART**: this is the binary public key (so NOT ASCII armored)
|
||||
|
||||
The LOCALPART above is actually the username hashed using the SHA-1 algorithm and encoded using the Z-Base-32 method. As it's not humanly possible to compute this by ourselves, Keyoxide provides a [small utility to do this for you](/util/wkd).
|
||||
|
||||
So if you wish to make your key available as **jimothy@dm.com**, according to the [small utility](/util/wkd), the URL would become:
|
||||
|
||||
`https://dm.com/.well-known/openpgpkey/hu/n9utc41qty791upt63rm5xtiudabmw6m`
|
||||
|
||||
## The Advanced setup
|
||||
|
||||
While not necessary if the Direct setup works, there is a second setup to make WKD work: the Advanced setup. The paths needed are:
|
||||
|
||||
**https://openpgpkey.domain.org/.well-known/openpgpkey/domain.org/policy**: this is an empty file
|
||||
|
||||
**https://openpgpkey.domain.org/.well-known/openpgpkey/domain.org/hu/LOCALPART**: this is the binary public key (so NOT ASCII armored)
|
||||
|
||||
Indeed, quite similar to the Direct setup, except for the **openpgpkey** subdomain and the additional **domain.org** in the path of the public key.
|
||||
|
||||
The public key for **jimothy@dm.com** would be available at:
|
||||
|
||||
`https://openpgpkey.dm.com/.well-known/openpgpkey/hu/dm.com/n9utc41qty791upt63rm5xtiudabmw6m`
|
||||
|
||||
## WKD-as-a-service
|
||||
|
||||
In case hosting is problem, Openpgp.org has a handy [WKD-as-a-service](https://keys.openpgp.org/about/usage#wkd-as-a-service).
|
55
guides/xmpp.md
Normal file
|
@ -0,0 +1,55 @@
|
|||
# Adding a XMPP proof
|
||||
|
||||
Let's add a decentralized XMPP proof to your OpenPGP keys.
|
||||
|
||||
[[toc]]
|
||||
|
||||
### Add a message to your XMPP vCard
|
||||
|
||||
Using a XMPP client that supports editing the vCard (such as [Dino](https://dino.im/) and [Gajim](https://gajim.org/)), append the following message to the **About** section (make sure to replace FINGERPRINT):
|
||||
|
||||
```
|
||||
This is an OpenPGP proof that connects my OpenPGP key to this XMPP account. For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
|
||||
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
|
||||
```
|
||||
|
||||
### Update the PGP key (basic edition)
|
||||
|
||||
First, edit the key (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --edit-key FINGERPRINT`
|
||||
|
||||
Add a new notation:
|
||||
|
||||
`notation`
|
||||
|
||||
Enter the notation (make sure to replace XMPP-ID):
|
||||
|
||||
`proof@metacode.biz=xmpp:XMPP-ID`
|
||||
|
||||
The XMPP-ID looks something like an email address: **user@domain.org**.
|
||||
|
||||
Save the key:
|
||||
|
||||
`save`
|
||||
|
||||
Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
|
||||
|
||||
`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
|
||||
|
||||
And you're done! Reload your profile page, it should now show a XMPP account.
|
||||
|
||||
### Update the PGP key (OMEMO edition)
|
||||
|
||||
XMPP communication can be end-to-end encrypted with [OMEMO](https://conversations.im/omemo/). Verifying OMEMO fingerprints is essential to trust your communication and keep it safe from Man-in-the-Middle attacks.
|
||||
|
||||
**Keyoxide** makes the fingerprint verification process easy for all. Add a special identity proof that not only contains your XMPP-ID but also the fingerprints of all your OMEMO keys.
|
||||
|
||||
If your XMPP identity proof is verified, a QR code is shown. Anyone can scan this QR code using XMPP apps like [Conversations](https://conversations.im/) (free on [F-Droid](https://f-droid.org/en/packages/eu.siacs.conversations/)) to not only add you as a contact, but also verify your OMEMO keys with the highest level of trust.
|
||||
|
||||
Making this identity proof yourself can be a tad difficult when using clients like Gajim, but luckily for us, [Conversations](https://conversations.im/) can directly generate the proof by going to **Account details > Share > Share as XMPP URI**. The resulting URI should look something like:
|
||||
|
||||
`xmpp:user@domain.org?omemo-sid-123456789=A1B2C3D4E5F6G7H8I9...`
|
||||
|
||||
To take advantage of the easy and secure XMPP identity proof including OMEMO fingerprints, follow the **basic edition** guide above but replace XMPP-ID with the URI obtained through the **Conversations** app.
|
56
index.js
Normal file
|
@ -0,0 +1,56 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const express = require('express');
|
||||
const md = require('markdown-it')({typographer: true});
|
||||
const fs = require('fs');
|
||||
const app = express();
|
||||
const port = 3000;
|
||||
const env = {};
|
||||
|
||||
md.use(require("markdown-it-anchor"));
|
||||
md.use(require("markdown-it-table-of-contents"), { "includeLevel": [2, 3], "listType": "ol" });
|
||||
md.use(require('markdown-it-title'));
|
||||
|
||||
app.set('view engine', 'pug');
|
||||
app.use('/static', express.static('static'));
|
||||
app.use('/favicon.svg', express.static('favicon.svg'));
|
||||
|
||||
app.use('/', require('./routes/main'));
|
||||
app.use('/dep', require('./routes/dep'));
|
||||
app.use('/server', require('./routes/server'));
|
||||
app.use('/encrypt', require('./routes/encrypt'));
|
||||
app.use('/verify', require('./routes/verify'));
|
||||
app.use('/proofs', require('./routes/proofs'));
|
||||
app.use('/util', require('./routes/util'));
|
||||
app.use('/', require('./routes/profile'));
|
||||
|
||||
app.listen(port, () => {
|
||||
console.log(`Example app listening at http://localhost:${port}`);
|
||||
});
|
186
index.php
|
@ -1,186 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
include_once __DIR__ . '/vendor/autoload.php';
|
||||
use Pagerange\Markdown\MetaParsedown;
|
||||
include_once 'server/functions.php';
|
||||
|
||||
// Init router
|
||||
$router = new AltoRouter();
|
||||
|
||||
// Init templating
|
||||
$templates = new League\Plates\Engine('views');
|
||||
|
||||
// Router mapping
|
||||
$router->map('GET', '/', function() {}, 'index');
|
||||
$router->map('GET', '/guides', function() {}, 'guides');
|
||||
$router->map('GET', '/guides/[:id]', function() {}, 'guideId');
|
||||
$router->map('GET', '/util/qrfp/[:fp]', function() {}, 'util_qrfp');
|
||||
$router->map('GET', '/util/qr/[**:uri]', function() {}, 'util_qr');
|
||||
$router->map('GET', '/util/[:id]', function() {}, 'util');
|
||||
$router->map('GET', '/faq', function() {}, 'faq');
|
||||
$router->map('GET', '/verify', function() {}, 'verify');
|
||||
$router->map('GET', '/encrypt', function() {}, 'encrypt');
|
||||
$router->map('GET', '/proofs', function() {}, 'proofs');
|
||||
$router->map('GET', '/verify/hkp/[**:uid]', function() {}, 'verifyHKP');
|
||||
$router->map('GET', '/verify/wkd/[**:uid]', function() {}, 'verifyWKD');
|
||||
$router->map('GET', '/verify/keybase/[:uid]/[:fp]', function() {}, 'verifyKeybase');
|
||||
$router->map('GET', '/verify/[**:uid]', function() {}, 'verifyAUTO');
|
||||
$router->map('GET', '/encrypt/hkp/[**:uid]', function() {}, 'encryptHKP');
|
||||
$router->map('GET', '/encrypt/wkd/[**:uid]', function() {}, 'encryptWKD');
|
||||
$router->map('GET', '/encrypt/keybase/[:uid]/[:fp]', function() {}, 'encryptKeybase');
|
||||
$router->map('GET', '/encrypt/[**:uid]', function() {}, 'encryptAUTO');
|
||||
$router->map('GET', '/proofs/hkp/[**:uid]', function() {}, 'proofsHKP');
|
||||
$router->map('GET', '/proofs/wkd/[**:uid]', function() {}, 'proofsWKD');
|
||||
$router->map('GET', '/proofs/[**:uid]', function() {}, 'proofsAUTO');
|
||||
$router->map('GET', '/hkp/[**:uid]', function() {}, 'profileHKP');
|
||||
$router->map('GET', '/wkd/[**:uid]', function() {}, 'profileWKD');
|
||||
$router->map('GET', '/keybase/[:uid]/[:fp]', function() {}, 'profileKeybase');
|
||||
$router->map('GET', '/[**:uid]', function() {}, 'profile');
|
||||
|
||||
// Router matching
|
||||
$match = $router->match();
|
||||
|
||||
// Render the appropriate route
|
||||
if(is_array($match) && is_callable($match['target'])) {
|
||||
switch ($match['name']) {
|
||||
case 'index':
|
||||
echo $templates->render('index');
|
||||
break;
|
||||
|
||||
case 'verify':
|
||||
echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'auto']);
|
||||
break;
|
||||
|
||||
case 'verifyAUTO':
|
||||
echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'auto', 'auto_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'verifyHKP':
|
||||
echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'hkp', 'hkp_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'verifyWKD':
|
||||
echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'wkd', 'wkd_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'verifyKeybase':
|
||||
echo $templates->render('verify', ['title' => 'Verify — ', 'mode' => 'keybase', 'keybase_username' => htmlspecialchars($match['params']['uid']), 'keybase_fingerprint' => htmlspecialchars($match['params']['fp'])]);
|
||||
break;
|
||||
|
||||
case 'encrypt':
|
||||
echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'auto']);
|
||||
break;
|
||||
|
||||
case 'encryptAUTO':
|
||||
echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'auto', 'auto_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'encryptHKP':
|
||||
echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'hkp', 'hkp_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'encryptWKD':
|
||||
echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'wkd', 'wkd_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'encryptKeybase':
|
||||
echo $templates->render('encrypt', ['title' => 'Encrypt — ', 'mode' => 'keybase', 'keybase_username' => htmlspecialchars($match['params']['uid']), 'keybase_fingerprint' => htmlspecialchars($match['params']['fp'])]);
|
||||
break;
|
||||
|
||||
case 'proofs':
|
||||
echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'auto']);
|
||||
break;
|
||||
|
||||
case 'proofsAUTO':
|
||||
echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'auto', 'auto_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'proofsHKP':
|
||||
echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'hkp', 'hkp_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'proofsWKD':
|
||||
echo $templates->render('proofs', ['title' => 'Proofs — ', 'mode' => 'wkd', 'wkd_input' => $match['params']['uid']]);
|
||||
break;
|
||||
|
||||
case 'profile':
|
||||
echo $templates->render('profile', ['mode' => 'auto', 'uid' => htmlspecialchars($match['params']['uid'])]);
|
||||
break;
|
||||
|
||||
case 'profileHKP':
|
||||
echo $templates->render('profile', ['mode' => 'hkp', 'uid' => htmlspecialchars($match['params']['uid'])]);
|
||||
break;
|
||||
|
||||
case 'profileWKD':
|
||||
echo $templates->render('profile', ['mode' => 'wkd', 'uid' => htmlspecialchars($match['params']['uid'])]);
|
||||
break;
|
||||
|
||||
case 'profileKeybase':
|
||||
echo $templates->render('profile', ['mode' => 'keybase', 'uid' => htmlspecialchars($match['params']['uid']).'/'.htmlspecialchars($match['params']['fp'])]);
|
||||
break;
|
||||
|
||||
case 'guides':
|
||||
echo $templates->render('guides');
|
||||
break;
|
||||
|
||||
case 'guideId':
|
||||
$id = htmlspecialchars($match['params']['id']);
|
||||
if (file_exists("views/guides/$id.title.php") && file_exists("views/guides/$id.content.php")) {
|
||||
echo $templates->render('guide', ['id' => $id]);
|
||||
} else {
|
||||
echo $templates->render("404");
|
||||
}
|
||||
break;
|
||||
|
||||
case 'util':
|
||||
$id = htmlspecialchars($match['params']['id']);
|
||||
echo $templates->render("util/$id");
|
||||
break;
|
||||
|
||||
case 'util_qrfp':
|
||||
$fp = htmlspecialchars($match['params']['fp']);
|
||||
echo $templates->render("util/qrfp", ['input' => $fp]);
|
||||
break;
|
||||
|
||||
case 'util_qr':
|
||||
$uri = htmlspecialchars($match['params']['uri']);
|
||||
echo $templates->render("util/qr", ['input' => $uri]);
|
||||
break;
|
||||
|
||||
case 'faq':
|
||||
echo $templates->render("faq");
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
// No route was matched
|
||||
echo $templates->render("404");
|
||||
}
|
825
package-lock.json
generated
|
@ -4,6 +4,26 @@
|
|||
"lockfileVersion": 1,
|
||||
"requires": true,
|
||||
"dependencies": {
|
||||
"@babel/helper-validator-identifier": {
|
||||
"version": "7.10.4",
|
||||
"resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.10.4.tgz",
|
||||
"integrity": "sha512-3U9y+43hz7ZM+rzG24Qe2mufW5KhvFg/NhnNph+i9mgCtdTCtMJuI1TMkrIUiK7Ix4PYlRF9I5dhqaLYA/ADXw=="
|
||||
},
|
||||
"@babel/parser": {
|
||||
"version": "7.11.2",
|
||||
"resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.11.2.tgz",
|
||||
"integrity": "sha512-Vuj/+7vLo6l1Vi7uuO+1ngCDNeVmNbTngcJFKCR/oEtz8tKz0CJxZEGmPt9KcIloZhOZ3Zit6xbpXT2MDlS9Vw=="
|
||||
},
|
||||
"@babel/types": {
|
||||
"version": "7.11.0",
|
||||
"resolved": "https://registry.npmjs.org/@babel/types/-/types-7.11.0.tgz",
|
||||
"integrity": "sha512-O53yME4ZZI0jO1EVGtF1ePGl0LHirG4P1ibcD80XyzZcKhcMFeCXmh4Xb1ifGBIV233Qg12x4rBfQgA+tmOukA==",
|
||||
"requires": {
|
||||
"@babel/helper-validator-identifier": "^7.10.4",
|
||||
"lodash": "^4.17.19",
|
||||
"to-fast-properties": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"@types/minimatch": {
|
||||
"version": "3.0.3",
|
||||
"resolved": "https://registry.npmjs.org/@types/minimatch/-/minimatch-3.0.3.tgz",
|
||||
|
@ -16,6 +36,366 @@
|
|||
"integrity": "sha512-kVrqXhbclHNHGu9ztnAwSncIgJv/FaxmzXJvGXNdcCpV1b8u1/Mi6z6m0vwy0LzKeXFTPLH0NzwmoJ3fNCIq0g==",
|
||||
"dev": true
|
||||
},
|
||||
"accepts": {
|
||||
"version": "1.3.7",
|
||||
"resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
|
||||
"integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==",
|
||||
"requires": {
|
||||
"mime-types": "~2.1.24",
|
||||
"negotiator": "0.6.2"
|
||||
}
|
||||
},
|
||||
"acorn": {
|
||||
"version": "7.4.0",
|
||||
"resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.0.tgz",
|
||||
"integrity": "sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w=="
|
||||
},
|
||||
"argparse": {
|
||||
"version": "1.0.10",
|
||||
"resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
|
||||
"integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
|
||||
"requires": {
|
||||
"sprintf-js": "~1.0.2"
|
||||
}
|
||||
},
|
||||
"array-flatten": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
|
||||
"integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
|
||||
},
|
||||
"asap": {
|
||||
"version": "2.0.6",
|
||||
"resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
|
||||
"integrity": "sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY="
|
||||
},
|
||||
"asn1.js": {
|
||||
"version": "5.4.1",
|
||||
"resolved": "https://registry.npmjs.org/asn1.js/-/asn1.js-5.4.1.tgz",
|
||||
"integrity": "sha512-+I//4cYPccV8LdmBLiX8CYvf9Sp3vQsrqu2QNXRcrbiWvcx/UdlFiqUJJzxRQxgsZmvhXhn4cSKeSmoFjVdupA==",
|
||||
"requires": {
|
||||
"bn.js": "^4.0.0",
|
||||
"inherits": "^2.0.1",
|
||||
"minimalistic-assert": "^1.0.0",
|
||||
"safer-buffer": "^2.1.0"
|
||||
}
|
||||
},
|
||||
"assert-never": {
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/assert-never/-/assert-never-1.2.1.tgz",
|
||||
"integrity": "sha512-TaTivMB6pYI1kXwrFlEhLeGfOqoDNdTxjCdwRfFFkEA30Eu+k48W34nlok2EYWJfFFzqaEmichdNM7th6M5HNw=="
|
||||
},
|
||||
"babel-walk": {
|
||||
"version": "3.0.0-canary-5",
|
||||
"resolved": "https://registry.npmjs.org/babel-walk/-/babel-walk-3.0.0-canary-5.tgz",
|
||||
"integrity": "sha512-GAwkz0AihzY5bkwIY5QDR+LvsRQgB/B+1foMPvi0FZPMl5fjD7ICiznUiBdLYMH1QYe6vqu4gWYytZOccLouFw==",
|
||||
"requires": {
|
||||
"@babel/types": "^7.9.6"
|
||||
}
|
||||
},
|
||||
"bent": {
|
||||
"version": "7.3.9",
|
||||
"resolved": "https://registry.npmjs.org/bent/-/bent-7.3.9.tgz",
|
||||
"integrity": "sha512-CyuIXgoO6UWJaoMtPHkq6JlzNRjCGQqZQeYuO4W5MxY+P0sO1jM3CMYLf16eoga2ozyhVPzXVUxkPw9rz5VNgA==",
|
||||
"requires": {
|
||||
"bytesish": "^0.4.1",
|
||||
"caseless": "~0.12.0",
|
||||
"is-stream": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"bn.js": {
|
||||
"version": "4.11.9",
|
||||
"resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.11.9.tgz",
|
||||
"integrity": "sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw=="
|
||||
},
|
||||
"body-parser": {
|
||||
"version": "1.19.0",
|
||||
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz",
|
||||
"integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==",
|
||||
"requires": {
|
||||
"bytes": "3.1.0",
|
||||
"content-type": "~1.0.4",
|
||||
"debug": "2.6.9",
|
||||
"depd": "~1.1.2",
|
||||
"http-errors": "1.7.2",
|
||||
"iconv-lite": "0.4.24",
|
||||
"on-finished": "~2.3.0",
|
||||
"qs": "6.7.0",
|
||||
"raw-body": "2.4.0",
|
||||
"type-is": "~1.6.17"
|
||||
}
|
||||
},
|
||||
"bytes": {
|
||||
"version": "3.1.0",
|
||||
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
|
||||
"integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg=="
|
||||
},
|
||||
"bytesish": {
|
||||
"version": "0.4.2",
|
||||
"resolved": "https://registry.npmjs.org/bytesish/-/bytesish-0.4.2.tgz",
|
||||
"integrity": "sha512-ym4cXhq28K7uhYZUEOl17LuqsqKSphDsZcfAKmEa/HcCsCqHMQXOiFuWx1OnbktJux/qKK1W9Xt9uU5kLIKypQ=="
|
||||
},
|
||||
"caseless": {
|
||||
"version": "0.12.0",
|
||||
"resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
|
||||
"integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw="
|
||||
},
|
||||
"character-parser": {
|
||||
"version": "2.2.0",
|
||||
"resolved": "https://registry.npmjs.org/character-parser/-/character-parser-2.2.0.tgz",
|
||||
"integrity": "sha1-x84o821LzZdE5f/CxfzeHHMmH8A=",
|
||||
"requires": {
|
||||
"is-regex": "^1.0.3"
|
||||
}
|
||||
},
|
||||
"constantinople": {
|
||||
"version": "4.0.1",
|
||||
"resolved": "https://registry.npmjs.org/constantinople/-/constantinople-4.0.1.tgz",
|
||||
"integrity": "sha512-vCrqcSIq4//Gx74TXXCGnHpulY1dskqLTFGDmhrGxzeXL8lF8kvXv6mpNWlJj1uD4DW23D4ljAqbY4RRaaUZIw==",
|
||||
"requires": {
|
||||
"@babel/parser": "^7.6.0",
|
||||
"@babel/types": "^7.6.1"
|
||||
}
|
||||
},
|
||||
"content-disposition": {
|
||||
"version": "0.5.3",
|
||||
"resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz",
|
||||
"integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==",
|
||||
"requires": {
|
||||
"safe-buffer": "5.1.2"
|
||||
}
|
||||
},
|
||||
"content-type": {
|
||||
"version": "1.0.4",
|
||||
"resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
|
||||
"integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
|
||||
},
|
||||
"cookie": {
|
||||
"version": "0.4.0",
|
||||
"resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
|
||||
"integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
|
||||
},
|
||||
"cookie-signature": {
|
||||
"version": "1.0.6",
|
||||
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
|
||||
"integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
|
||||
},
|
||||
"debug": {
|
||||
"version": "2.6.9",
|
||||
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
|
||||
"integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
|
||||
"requires": {
|
||||
"ms": "2.0.0"
|
||||
}
|
||||
},
|
||||
"depd": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
|
||||
"integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
|
||||
},
|
||||
"destroy": {
|
||||
"version": "1.0.4",
|
||||
"resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
|
||||
"integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
|
||||
},
|
||||
"doctypes": {
|
||||
"version": "1.1.0",
|
||||
"resolved": "https://registry.npmjs.org/doctypes/-/doctypes-1.1.0.tgz",
|
||||
"integrity": "sha1-6oCxBqh1OHdOijpKWv4pPeSJ4Kk="
|
||||
},
|
||||
"dotenv": {
|
||||
"version": "8.2.0",
|
||||
"resolved": "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz",
|
||||
"integrity": "sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw=="
|
||||
},
|
||||
"ee-first": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
|
||||
"integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
|
||||
},
|
||||
"encodeurl": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
|
||||
"integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
|
||||
},
|
||||
"entities": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/entities/-/entities-1.1.2.tgz",
|
||||
"integrity": "sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w=="
|
||||
},
|
||||
"escape-html": {
|
||||
"version": "1.0.3",
|
||||
"resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
|
||||
"integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
|
||||
},
|
||||
"etag": {
|
||||
"version": "1.8.1",
|
||||
"resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
|
||||
"integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
|
||||
},
|
||||
"express": {
|
||||
"version": "4.17.1",
|
||||
"resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
|
||||
"integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==",
|
||||
"requires": {
|
||||
"accepts": "~1.3.7",
|
||||
"array-flatten": "1.1.1",
|
||||
"body-parser": "1.19.0",
|
||||
"content-disposition": "0.5.3",
|
||||
"content-type": "~1.0.4",
|
||||
"cookie": "0.4.0",
|
||||
"cookie-signature": "1.0.6",
|
||||
"debug": "2.6.9",
|
||||
"depd": "~1.1.2",
|
||||
"encodeurl": "~1.0.2",
|
||||
"escape-html": "~1.0.3",
|
||||
"etag": "~1.8.1",
|
||||
"finalhandler": "~1.1.2",
|
||||
"fresh": "0.5.2",
|
||||
"merge-descriptors": "1.0.1",
|
||||
"methods": "~1.1.2",
|
||||
"on-finished": "~2.3.0",
|
||||
"parseurl": "~1.3.3",
|
||||
"path-to-regexp": "0.1.7",
|
||||
"proxy-addr": "~2.0.5",
|
||||
"qs": "6.7.0",
|
||||
"range-parser": "~1.2.1",
|
||||
"safe-buffer": "5.1.2",
|
||||
"send": "0.17.1",
|
||||
"serve-static": "1.14.1",
|
||||
"setprototypeof": "1.1.1",
|
||||
"statuses": "~1.5.0",
|
||||
"type-is": "~1.6.18",
|
||||
"utils-merge": "1.0.1",
|
||||
"vary": "~1.1.2"
|
||||
}
|
||||
},
|
||||
"express-validator": {
|
||||
"version": "6.6.1",
|
||||
"resolved": "https://registry.npmjs.org/express-validator/-/express-validator-6.6.1.tgz",
|
||||
"integrity": "sha512-+MrZKJ3eGYXkNF9p9Zf7MS7NkPJFg9MDYATU5c80Cf4F62JdLBIjWxy6481tRC0y1NnC9cgOw8FuN364bWaGhA==",
|
||||
"requires": {
|
||||
"lodash": "^4.17.19",
|
||||
"validator": "^13.1.1"
|
||||
}
|
||||
},
|
||||
"finalhandler": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
|
||||
"integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
|
||||
"requires": {
|
||||
"debug": "2.6.9",
|
||||
"encodeurl": "~1.0.2",
|
||||
"escape-html": "~1.0.3",
|
||||
"on-finished": "~2.3.0",
|
||||
"parseurl": "~1.3.3",
|
||||
"statuses": "~1.5.0",
|
||||
"unpipe": "~1.0.0"
|
||||
}
|
||||
},
|
||||
"forwarded": {
|
||||
"version": "0.1.2",
|
||||
"resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
|
||||
"integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
|
||||
},
|
||||
"fresh": {
|
||||
"version": "0.5.2",
|
||||
"resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
|
||||
"integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
|
||||
},
|
||||
"graceful-fs": {
|
||||
"version": "4.2.4",
|
||||
"resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz",
|
||||
"integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw=="
|
||||
},
|
||||
"has-symbols": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.1.tgz",
|
||||
"integrity": "sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg=="
|
||||
},
|
||||
"http-errors": {
|
||||
"version": "1.7.2",
|
||||
"resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz",
|
||||
"integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==",
|
||||
"requires": {
|
||||
"depd": "~1.1.2",
|
||||
"inherits": "2.0.3",
|
||||
"setprototypeof": "1.1.1",
|
||||
"statuses": ">= 1.5.0 < 2",
|
||||
"toidentifier": "1.0.0"
|
||||
}
|
||||
},
|
||||
"iconv-lite": {
|
||||
"version": "0.4.24",
|
||||
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
|
||||
"integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
|
||||
"requires": {
|
||||
"safer-buffer": ">= 2.1.2 < 3"
|
||||
}
|
||||
},
|
||||
"imurmurhash": {
|
||||
"version": "0.1.4",
|
||||
"resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
|
||||
"integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o="
|
||||
},
|
||||
"inherits": {
|
||||
"version": "2.0.3",
|
||||
"resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
|
||||
"integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
|
||||
},
|
||||
"ipaddr.js": {
|
||||
"version": "1.9.1",
|
||||
"resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
|
||||
"integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="
|
||||
},
|
||||
"is-expression": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/is-expression/-/is-expression-4.0.0.tgz",
|
||||
"integrity": "sha512-zMIXX63sxzG3XrkHkrAPvm/OVZVSCPNkwMHU8oTX7/U3AL78I0QXCEICXUM13BIa8TYGZ68PiTKfQz3yaTNr4A==",
|
||||
"requires": {
|
||||
"acorn": "^7.1.1",
|
||||
"object-assign": "^4.1.1"
|
||||
}
|
||||
},
|
||||
"is-promise": {
|
||||
"version": "2.2.2",
|
||||
"resolved": "https://registry.npmjs.org/is-promise/-/is-promise-2.2.2.tgz",
|
||||
"integrity": "sha512-+lP4/6lKUBfQjZ2pdxThZvLUAafmZb8OAxFb8XXtiQmS35INgr85hdOGoEs124ez1FCnZJt6jau/T+alh58QFQ=="
|
||||
},
|
||||
"is-regex": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.1.tgz",
|
||||
"integrity": "sha512-1+QkEcxiLlB7VEyFtyBg94e08OAsvq7FUBgApTq/w2ymCLyKJgDPsybBENVtA7XCQEgEXxKPonG+mvYRxh/LIg==",
|
||||
"requires": {
|
||||
"has-symbols": "^1.0.1"
|
||||
}
|
||||
},
|
||||
"is-stream": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.0.tgz",
|
||||
"integrity": "sha512-XCoy+WlUr7d1+Z8GgSuXmpuUFC9fOhRXglJMx+dwLKTkL44Cjd4W1Z5P+BQZpr+cR93aGP4S/s7Ftw6Nd/kiEw=="
|
||||
},
|
||||
"js-stringify": {
|
||||
"version": "1.0.2",
|
||||
"resolved": "https://registry.npmjs.org/js-stringify/-/js-stringify-1.0.2.tgz",
|
||||
"integrity": "sha1-Fzb939lyTyijaCrcYjCufk6Weds="
|
||||
},
|
||||
"jstransformer": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/jstransformer/-/jstransformer-1.0.0.tgz",
|
||||
"integrity": "sha1-7Yvwkh4vPx7U1cGkT2hwntJHIsM=",
|
||||
"requires": {
|
||||
"is-promise": "^2.0.0",
|
||||
"promise": "^7.0.1"
|
||||
}
|
||||
},
|
||||
"jstransformer-markdown-it": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/jstransformer-markdown-it/-/jstransformer-markdown-it-2.1.0.tgz",
|
||||
"integrity": "sha1-aewwzkUYvtWZezjwJ2SOjChekvc=",
|
||||
"requires": {
|
||||
"markdown-it": "^8.0.0"
|
||||
}
|
||||
},
|
||||
"license-check-and-add": {
|
||||
"version": "3.0.4",
|
||||
"resolved": "https://registry.npmjs.org/license-check-and-add/-/license-check-and-add-3.0.4.tgz",
|
||||
|
@ -564,6 +944,451 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"linkify-it": {
|
||||
"version": "2.2.0",
|
||||
"resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-2.2.0.tgz",
|
||||
"integrity": "sha512-GnAl/knGn+i1U/wjBz3akz2stz+HrHLsxMwHQGofCDfPvlf+gDKN58UtfmUquTY4/MXeE2x7k19KQmeoZi94Iw==",
|
||||
"requires": {
|
||||
"uc.micro": "^1.0.1"
|
||||
}
|
||||
},
|
||||
"lodash": {
|
||||
"version": "4.17.19",
|
||||
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
|
||||
"integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ=="
|
||||
},
|
||||
"markdown-it": {
|
||||
"version": "8.4.2",
|
||||
"resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-8.4.2.tgz",
|
||||
"integrity": "sha512-GcRz3AWTqSUphY3vsUqQSFMbgR38a4Lh3GWlHRh/7MRwz8mcu9n2IO7HOh+bXHrR9kOPDl5RNCaEsrneb+xhHQ==",
|
||||
"requires": {
|
||||
"argparse": "^1.0.7",
|
||||
"entities": "~1.1.1",
|
||||
"linkify-it": "^2.0.0",
|
||||
"mdurl": "^1.0.1",
|
||||
"uc.micro": "^1.0.5"
|
||||
}
|
||||
},
|
||||
"markdown-it-anchor": {
|
||||
"version": "5.3.0",
|
||||
"resolved": "https://registry.npmjs.org/markdown-it-anchor/-/markdown-it-anchor-5.3.0.tgz",
|
||||
"integrity": "sha512-/V1MnLL/rgJ3jkMWo84UR+K+jF1cxNG1a+KwqeXqTIJ+jtA8aWSHuigx8lTzauiIjBDbwF3NcWQMotd0Dm39jA=="
|
||||
},
|
||||
"markdown-it-table-of-contents": {
|
||||
"version": "0.4.4",
|
||||
"resolved": "https://registry.npmjs.org/markdown-it-table-of-contents/-/markdown-it-table-of-contents-0.4.4.tgz",
|
||||
"integrity": "sha512-TAIHTHPwa9+ltKvKPWulm/beozQU41Ab+FIefRaQV1NRnpzwcV9QOe6wXQS5WLivm5Q/nlo0rl6laGkMDZE7Gw=="
|
||||
},
|
||||
"markdown-it-title": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/markdown-it-title/-/markdown-it-title-3.0.0.tgz",
|
||||
"integrity": "sha512-iHZptfptAXGJlcboqWxUSWNkJLUyxZ452CobBzkQ7MtwfVhTI77W1LTAy+miQTqo3U+wkDUOFhhXj2XUD0dVWQ=="
|
||||
},
|
||||
"mdurl": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/mdurl/-/mdurl-1.0.1.tgz",
|
||||
"integrity": "sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4="
|
||||
},
|
||||
"media-typer": {
|
||||
"version": "0.3.0",
|
||||
"resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
|
||||
"integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
|
||||
},
|
||||
"merge-descriptors": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
|
||||
"integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
|
||||
},
|
||||
"methods": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
|
||||
"integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
|
||||
},
|
||||
"mime": {
|
||||
"version": "1.6.0",
|
||||
"resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
|
||||
"integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
|
||||
},
|
||||
"mime-db": {
|
||||
"version": "1.44.0",
|
||||
"resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz",
|
||||
"integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg=="
|
||||
},
|
||||
"mime-types": {
|
||||
"version": "2.1.27",
|
||||
"resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz",
|
||||
"integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==",
|
||||
"requires": {
|
||||
"mime-db": "1.44.0"
|
||||
}
|
||||
},
|
||||
"minimalistic-assert": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
|
||||
"integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
|
||||
},
|
||||
"ms": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
|
||||
"integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
|
||||
},
|
||||
"negotiator": {
|
||||
"version": "0.6.2",
|
||||
"resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz",
|
||||
"integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
|
||||
},
|
||||
"node-fetch": {
|
||||
"version": "2.6.0",
|
||||
"resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.0.tgz",
|
||||
"integrity": "sha512-8dG4H5ujfvFiqDmVu9fQ5bOHUC15JMjMY/Zumv26oOvvVJjM67KF8koCWIabKQ1GJIa9r2mMZscBq/TbdOcmNA=="
|
||||
},
|
||||
"node-localstorage": {
|
||||
"version": "1.3.1",
|
||||
"resolved": "https://registry.npmjs.org/node-localstorage/-/node-localstorage-1.3.1.tgz",
|
||||
"integrity": "sha512-NMWCSWWc6JbHT5PyWlNT2i8r7PgGYXVntmKawY83k/M0UJScZ5jirb61TLnqKwd815DfBQu+lR3sRw08SPzIaQ==",
|
||||
"requires": {
|
||||
"write-file-atomic": "^1.1.4"
|
||||
}
|
||||
},
|
||||
"object-assign": {
|
||||
"version": "4.1.1",
|
||||
"resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
|
||||
"integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
|
||||
},
|
||||
"on-finished": {
|
||||
"version": "2.3.0",
|
||||
"resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
|
||||
"integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
|
||||
"requires": {
|
||||
"ee-first": "1.1.1"
|
||||
}
|
||||
},
|
||||
"openpgp": {
|
||||
"version": "4.10.7",
|
||||
"resolved": "https://registry.npmjs.org/openpgp/-/openpgp-4.10.7.tgz",
|
||||
"integrity": "sha512-+7EkD/btnvIyGkslB0p3W123u/dajMBcfzMfOIevlZBPvCWLJXGzgNFMM5CYXUNITeBUpxCxwgHeniqr+UfESQ==",
|
||||
"requires": {
|
||||
"asn1.js": "^5.0.0",
|
||||
"node-fetch": "^2.1.2",
|
||||
"node-localstorage": "~1.3.0"
|
||||
}
|
||||
},
|
||||
"parseurl": {
|
||||
"version": "1.3.3",
|
||||
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
|
||||
"integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
|
||||
},
|
||||
"path-parse": {
|
||||
"version": "1.0.6",
|
||||
"resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz",
|
||||
"integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw=="
|
||||
},
|
||||
"path-to-regexp": {
|
||||
"version": "0.1.7",
|
||||
"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
|
||||
"integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
|
||||
},
|
||||
"promise": {
|
||||
"version": "7.3.1",
|
||||
"resolved": "https://registry.npmjs.org/promise/-/promise-7.3.1.tgz",
|
||||
"integrity": "sha512-nolQXZ/4L+bP/UGlkfaIujX9BKxGwmQ9OT4mOt5yvy8iK1h3wqTEJCijzGANTCCl9nWjY41juyAn2K3Q1hLLTg==",
|
||||
"requires": {
|
||||
"asap": "~2.0.3"
|
||||
}
|
||||
},
|
||||
"proxy-addr": {
|
||||
"version": "2.0.6",
|
||||
"resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.6.tgz",
|
||||
"integrity": "sha512-dh/frvCBVmSsDYzw6n926jv974gddhkFPfiN8hPOi30Wax25QZyZEGveluCgliBnqmuM+UJmBErbAUFIoDbjOw==",
|
||||
"requires": {
|
||||
"forwarded": "~0.1.2",
|
||||
"ipaddr.js": "1.9.1"
|
||||
}
|
||||
},
|
||||
"pug": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug/-/pug-3.0.0.tgz",
|
||||
"integrity": "sha512-inmsJyFBSHZaiGLaguoFgJGViX0If6AcfcElimvwj9perqjDpUpw79UIEDZbWFmoGVidh08aoE+e8tVkjVJPCw==",
|
||||
"requires": {
|
||||
"pug-code-gen": "^3.0.0",
|
||||
"pug-filters": "^4.0.0",
|
||||
"pug-lexer": "^5.0.0",
|
||||
"pug-linker": "^4.0.0",
|
||||
"pug-load": "^3.0.0",
|
||||
"pug-parser": "^6.0.0",
|
||||
"pug-runtime": "^3.0.0",
|
||||
"pug-strip-comments": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"pug-attrs": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-attrs/-/pug-attrs-3.0.0.tgz",
|
||||
"integrity": "sha512-azINV9dUtzPMFQktvTXciNAfAuVh/L/JCl0vtPCwvOA21uZrC08K/UnmrL+SXGEVc1FwzjW62+xw5S/uaLj6cA==",
|
||||
"requires": {
|
||||
"constantinople": "^4.0.1",
|
||||
"js-stringify": "^1.0.2",
|
||||
"pug-runtime": "^3.0.0"
|
||||
}
|
||||
},
|
||||
"pug-code-gen": {
|
||||
"version": "3.0.1",
|
||||
"resolved": "https://registry.npmjs.org/pug-code-gen/-/pug-code-gen-3.0.1.tgz",
|
||||
"integrity": "sha512-xJIGvmXTQlkJllq6hqxxjRWcay2F9CU69TuAuiVZgHK0afOhG5txrQOcZyaPHBvSWCU/QQOqEp5XCH94rRZpBQ==",
|
||||
"requires": {
|
||||
"constantinople": "^4.0.1",
|
||||
"doctypes": "^1.1.0",
|
||||
"js-stringify": "^1.0.2",
|
||||
"pug-attrs": "^3.0.0",
|
||||
"pug-error": "^2.0.0",
|
||||
"pug-runtime": "^3.0.0",
|
||||
"void-elements": "^3.1.0",
|
||||
"with": "^7.0.0"
|
||||
}
|
||||
},
|
||||
"pug-error": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-error/-/pug-error-2.0.0.tgz",
|
||||
"integrity": "sha512-sjiUsi9M4RAGHktC1drQfCr5C5eriu24Lfbt4s+7SykztEOwVZtbFk1RRq0tzLxcMxMYTBR+zMQaG07J/btayQ=="
|
||||
},
|
||||
"pug-filters": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-filters/-/pug-filters-4.0.0.tgz",
|
||||
"integrity": "sha512-yeNFtq5Yxmfz0f9z2rMXGw/8/4i1cCFecw/Q7+D0V2DdtII5UvqE12VaZ2AY7ri6o5RNXiweGH79OCq+2RQU4A==",
|
||||
"requires": {
|
||||
"constantinople": "^4.0.1",
|
||||
"jstransformer": "1.0.0",
|
||||
"pug-error": "^2.0.0",
|
||||
"pug-walk": "^2.0.0",
|
||||
"resolve": "^1.15.1"
|
||||
}
|
||||
},
|
||||
"pug-lexer": {
|
||||
"version": "5.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-lexer/-/pug-lexer-5.0.0.tgz",
|
||||
"integrity": "sha512-52xMk8nNpuyQ/M2wjZBN5gXQLIylaGkAoTk5Y1pBhVqaopaoj8Z0iVzpbFZAqitL4RHNVDZRnJDsqEYe99Ti0A==",
|
||||
"requires": {
|
||||
"character-parser": "^2.2.0",
|
||||
"is-expression": "^4.0.0",
|
||||
"pug-error": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"pug-linker": {
|
||||
"version": "4.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-linker/-/pug-linker-4.0.0.tgz",
|
||||
"integrity": "sha512-gjD1yzp0yxbQqnzBAdlhbgoJL5qIFJw78juN1NpTLt/mfPJ5VgC4BvkoD3G23qKzJtIIXBbcCt6FioLSFLOHdw==",
|
||||
"requires": {
|
||||
"pug-error": "^2.0.0",
|
||||
"pug-walk": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"pug-load": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-load/-/pug-load-3.0.0.tgz",
|
||||
"integrity": "sha512-OCjTEnhLWZBvS4zni/WUMjH2YSUosnsmjGBB1An7CsKQarYSWQ0GCVyd4eQPMFJqZ8w9xgs01QdiZXKVjk92EQ==",
|
||||
"requires": {
|
||||
"object-assign": "^4.1.1",
|
||||
"pug-walk": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"pug-parser": {
|
||||
"version": "6.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-parser/-/pug-parser-6.0.0.tgz",
|
||||
"integrity": "sha512-ukiYM/9cH6Cml+AOl5kETtM9NR3WulyVP2y4HOU45DyMim1IeP/OOiyEWRr6qk5I5klpsBnbuHpwKmTx6WURnw==",
|
||||
"requires": {
|
||||
"pug-error": "^2.0.0",
|
||||
"token-stream": "1.0.0"
|
||||
}
|
||||
},
|
||||
"pug-runtime": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-runtime/-/pug-runtime-3.0.0.tgz",
|
||||
"integrity": "sha512-GoEPcmQNnaTsePEdVA05bDpY+Op5VLHKayg08AQiqJBWU/yIaywEYv7TetC5dEQS3fzBBoyb2InDcZEg3mPTIA=="
|
||||
},
|
||||
"pug-strip-comments": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-strip-comments/-/pug-strip-comments-2.0.0.tgz",
|
||||
"integrity": "sha512-zo8DsDpH7eTkPHCXFeAk1xZXJbyoTfdPlNR0bK7rpOMuhBYb0f5qUVCO1xlsitYd3w5FQTK7zpNVKb3rZoUrrQ==",
|
||||
"requires": {
|
||||
"pug-error": "^2.0.0"
|
||||
}
|
||||
},
|
||||
"pug-walk": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/pug-walk/-/pug-walk-2.0.0.tgz",
|
||||
"integrity": "sha512-yYELe9Q5q9IQhuvqsZNwA5hfPkMJ8u92bQLIMcsMxf/VADjNtEYptU+inlufAFYcWdHlwNfZOEnOOQrZrcyJCQ=="
|
||||
},
|
||||
"qs": {
|
||||
"version": "6.7.0",
|
||||
"resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
|
||||
"integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
|
||||
},
|
||||
"range-parser": {
|
||||
"version": "1.2.1",
|
||||
"resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
|
||||
"integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
|
||||
},
|
||||
"raw-body": {
|
||||
"version": "2.4.0",
|
||||
"resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz",
|
||||
"integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==",
|
||||
"requires": {
|
||||
"bytes": "3.1.0",
|
||||
"http-errors": "1.7.2",
|
||||
"iconv-lite": "0.4.24",
|
||||
"unpipe": "1.0.0"
|
||||
}
|
||||
},
|
||||
"resolve": {
|
||||
"version": "1.17.0",
|
||||
"resolved": "https://registry.npmjs.org/resolve/-/resolve-1.17.0.tgz",
|
||||
"integrity": "sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w==",
|
||||
"requires": {
|
||||
"path-parse": "^1.0.6"
|
||||
}
|
||||
},
|
||||
"safe-buffer": {
|
||||
"version": "5.1.2",
|
||||
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
|
||||
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
|
||||
},
|
||||
"safer-buffer": {
|
||||
"version": "2.1.2",
|
||||
"resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
|
||||
"integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
|
||||
},
|
||||
"send": {
|
||||
"version": "0.17.1",
|
||||
"resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz",
|
||||
"integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==",
|
||||
"requires": {
|
||||
"debug": "2.6.9",
|
||||
"depd": "~1.1.2",
|
||||
"destroy": "~1.0.4",
|
||||
"encodeurl": "~1.0.2",
|
||||
"escape-html": "~1.0.3",
|
||||
"etag": "~1.8.1",
|
||||
"fresh": "0.5.2",
|
||||
"http-errors": "~1.7.2",
|
||||
"mime": "1.6.0",
|
||||
"ms": "2.1.1",
|
||||
"on-finished": "~2.3.0",
|
||||
"range-parser": "~1.2.1",
|
||||
"statuses": "~1.5.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"ms": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
|
||||
"integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
|
||||
}
|
||||
}
|
||||
},
|
||||
"serve-static": {
|
||||
"version": "1.14.1",
|
||||
"resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz",
|
||||
"integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==",
|
||||
"requires": {
|
||||
"encodeurl": "~1.0.2",
|
||||
"escape-html": "~1.0.3",
|
||||
"parseurl": "~1.3.3",
|
||||
"send": "0.17.1"
|
||||
}
|
||||
},
|
||||
"setprototypeof": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz",
|
||||
"integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw=="
|
||||
},
|
||||
"slide": {
|
||||
"version": "1.1.6",
|
||||
"resolved": "https://registry.npmjs.org/slide/-/slide-1.1.6.tgz",
|
||||
"integrity": "sha1-VusCfWW00tzmyy4tMsTUr8nh1wc="
|
||||
},
|
||||
"sprintf-js": {
|
||||
"version": "1.0.3",
|
||||
"resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
|
||||
"integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw="
|
||||
},
|
||||
"statuses": {
|
||||
"version": "1.5.0",
|
||||
"resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
|
||||
"integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
|
||||
},
|
||||
"to-fast-properties": {
|
||||
"version": "2.0.0",
|
||||
"resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
|
||||
"integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4="
|
||||
},
|
||||
"toidentifier": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
|
||||
"integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw=="
|
||||
},
|
||||
"token-stream": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/token-stream/-/token-stream-1.0.0.tgz",
|
||||
"integrity": "sha1-zCAOqyYT9BZtJ/+a/HylbUnfbrQ="
|
||||
},
|
||||
"type-is": {
|
||||
"version": "1.6.18",
|
||||
"resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
|
||||
"integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
|
||||
"requires": {
|
||||
"media-typer": "0.3.0",
|
||||
"mime-types": "~2.1.24"
|
||||
}
|
||||
},
|
||||
"uc.micro": {
|
||||
"version": "1.0.6",
|
||||
"resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz",
|
||||
"integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA=="
|
||||
},
|
||||
"unpipe": {
|
||||
"version": "1.0.0",
|
||||
"resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
|
||||
"integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
|
||||
},
|
||||
"utils-merge": {
|
||||
"version": "1.0.1",
|
||||
"resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
|
||||
"integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
|
||||
},
|
||||
"validator": {
|
||||
"version": "13.1.1",
|
||||
"resolved": "https://registry.npmjs.org/validator/-/validator-13.1.1.tgz",
|
||||
"integrity": "sha512-8GfPiwzzRoWTg7OV1zva1KvrSemuMkv07MA9TTl91hfhe+wKrsrgVN4H2QSFd/U/FhiU3iWPYVgvbsOGwhyFWw=="
|
||||
},
|
||||
"vary": {
|
||||
"version": "1.1.2",
|
||||
"resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
|
||||
"integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
|
||||
},
|
||||
"void-elements": {
|
||||
"version": "3.1.0",
|
||||
"resolved": "https://registry.npmjs.org/void-elements/-/void-elements-3.1.0.tgz",
|
||||
"integrity": "sha1-YU9/v42AHwu18GYfWy9XhXUOTwk="
|
||||
},
|
||||
"with": {
|
||||
"version": "7.0.2",
|
||||
"resolved": "https://registry.npmjs.org/with/-/with-7.0.2.tgz",
|
||||
"integrity": "sha512-RNGKj82nUPg3g5ygxkQl0R937xLyho1J24ItRCBTr/m1YnZkzJy1hUiHUJrc/VlsDQzsCnInEGSg3bci0Lmd4w==",
|
||||
"requires": {
|
||||
"@babel/parser": "^7.9.6",
|
||||
"@babel/types": "^7.9.6",
|
||||
"assert-never": "^1.2.1",
|
||||
"babel-walk": "3.0.0-canary-5"
|
||||
}
|
||||
},
|
||||
"write-file-atomic": {
|
||||
"version": "1.3.4",
|
||||
"resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-1.3.4.tgz",
|
||||
"integrity": "sha1-+Aek8LHZ6ROuekgRLmzDrxmRtF8=",
|
||||
"requires": {
|
||||
"graceful-fs": "^4.1.11",
|
||||
"imurmurhash": "^0.1.4",
|
||||
"slide": "^1.1.5"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
16
package.json
|
@ -3,11 +3,23 @@
|
|||
"version": "1.0.0",
|
||||
"description": "A modern, secure and privacy-friendly platform to establish your decentralized online identity",
|
||||
"main": "index.js",
|
||||
"dependencies": {},
|
||||
"dependencies": {
|
||||
"bent": "^7.3.9",
|
||||
"dotenv": "^8.2.0",
|
||||
"express": "^4.17.1",
|
||||
"express-validator": "^6.6.1",
|
||||
"jstransformer-markdown-it": "^2.1.0",
|
||||
"markdown-it-anchor": "^5.3.0",
|
||||
"markdown-it-table-of-contents": "^0.4.4",
|
||||
"markdown-it-title": "^3.0.0",
|
||||
"openpgp": "^4.10.7",
|
||||
"pug": "^3.0.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"license-check-and-add": "^3.0.4"
|
||||
},
|
||||
"scripts": {
|
||||
"main": "node index.js",
|
||||
"license:check": "./node_modules/license-check-and-add/dist/src/cli.js check",
|
||||
"license:add": "./node_modules/license-check-and-add/dist/src/cli.js add",
|
||||
"license:remove": "./node_modules/license-check-and-add/dist/src/cli.js remove",
|
||||
|
@ -25,6 +37,6 @@
|
|||
"decentralized",
|
||||
"identity"
|
||||
],
|
||||
"author": "Yarmo Mackenbach <yarmo@yarmo.eu>",
|
||||
"author": "Yarmo Mackenbach <yarmo@yarmo.eu> (https://yarmo.eu)",
|
||||
"license": "AGPL-3.0-or-later"
|
||||
}
|
||||
|
|
36
routes/dep.js
Normal file
|
@ -0,0 +1,36 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
|
||||
router.get('/openpgp.min.js', function(req, res) {
|
||||
res.sendFile(`node_modules/openpgp/dist/openpgp.min.js`, { root: `${__dirname}/../` })
|
||||
});
|
||||
|
||||
module.exports = router;
|
68
routes/encrypt.js
Normal file
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
|
||||
router.get('/', function(req, res) {
|
||||
res.render('encrypt', { mode: "auto" })
|
||||
});
|
||||
|
||||
router.get('/wkd', function(req, res) {
|
||||
res.render('encrypt', { mode: "wkd" })
|
||||
});
|
||||
router.get('/wkd/:input', function(req, res) {
|
||||
res.render('encrypt', { mode: "wkd", input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/hkp', function(req, res) {
|
||||
res.render('encrypt', { mode: "hkp" })
|
||||
});
|
||||
router.get('/hkp/:input', function(req, res) {
|
||||
res.render('encrypt', { mode: "hkp", input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/plaintext', function(req, res) {
|
||||
res.render('encrypt', { mode: "plaintext" })
|
||||
});
|
||||
|
||||
router.get('/keybase', function(req, res) {
|
||||
res.render('encrypt', { mode: "keybase" })
|
||||
});
|
||||
router.get('/keybase/:username', function(req, res) {
|
||||
res.render('encrypt', { mode: "keybase", username: req.params.username })
|
||||
});
|
||||
router.get('/keybase/:username/:fingerprint', function(req, res) {
|
||||
res.render('encrypt', { mode: "keybase", username: req.params.username, fingerprint: req.params.fingerprint })
|
||||
});
|
||||
|
||||
router.get('/:input', function(req, res) {
|
||||
res.render('encrypt', { mode: "auto", input: req.params.input })
|
||||
});
|
||||
|
||||
module.exports = router;
|
61
routes/main.js
Normal file
|
@ -0,0 +1,61 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
const md = require('markdown-it')({typographer: true});
|
||||
const fs = require('fs');
|
||||
const env = {};
|
||||
|
||||
md.use(require("markdown-it-anchor"));
|
||||
md.use(require("markdown-it-table-of-contents"), { "includeLevel": [2, 3], "listType": "ol" });
|
||||
md.use(require('markdown-it-title'));
|
||||
|
||||
router.get('/', (req, res) => {
|
||||
res.render('index')
|
||||
});
|
||||
|
||||
router.get('/faq', (req, res) => {
|
||||
res.render('faq');
|
||||
});
|
||||
|
||||
router.get('/guides', (req, res) => {
|
||||
res.render('guides');
|
||||
});
|
||||
|
||||
router.get('/guides/:guideId', (req, res) => {
|
||||
let data = fs.readFileSync(`./guides/${req.params.guideId}.md`, "utf8", (err, data) => {
|
||||
if (err) throw err;
|
||||
return data;
|
||||
});
|
||||
|
||||
let content = md.render(data, env);
|
||||
res.render(`guide`, { title: `${env.title} - Keyoxide`, content: content })
|
||||
});
|
||||
|
||||
module.exports = router;
|
48
routes/profile.js
Normal file
|
@ -0,0 +1,48 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
|
||||
router.get('/wkd/:input', function(req, res) {
|
||||
res.render('profile', { mode: "wkd", uid: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/hkp/:input', function(req, res) {
|
||||
res.render('profile', { mode: "hkp", uid: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/keybase/:username/:fingerprint', function(req, res) {
|
||||
res.render('profile', { mode: "keybase", uid: `${req.params.username}/${req.params.fingerprint}` })
|
||||
});
|
||||
|
||||
router.get('/:input', function(req, res) {
|
||||
res.render('profile', { mode: "auto", uid: req.params.input })
|
||||
});
|
||||
|
||||
module.exports = router;
|
68
routes/proofs.js
Normal file
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
|
||||
router.get('/', function(req, res) {
|
||||
res.render('proofs', { mode: "auto" })
|
||||
});
|
||||
|
||||
router.get('/wkd', function(req, res) {
|
||||
res.render('proofs', { mode: "wkd" })
|
||||
});
|
||||
router.get('/wkd/:input', function(req, res) {
|
||||
res.render('proofs', { mode: "wkd", input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/hkp', function(req, res) {
|
||||
res.render('proofs', { mode: "hkp" })
|
||||
});
|
||||
router.get('/hkp/:input', function(req, res) {
|
||||
res.render('proofs', { mode: "hkp", input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/plaintext', function(req, res) {
|
||||
res.render('proofs', { mode: "plaintext" })
|
||||
});
|
||||
|
||||
router.get('/keybase', function(req, res) {
|
||||
res.render('proofs', { mode: "keybase" })
|
||||
});
|
||||
router.get('/keybase/:username', function(req, res) {
|
||||
res.render('proofs', { mode: "keybase", username: req.params.username })
|
||||
});
|
||||
router.get('/keybase/:username/:fingerprint', function(req, res) {
|
||||
res.render('proofs', { mode: "keybase", username: req.params.username, fingerprint: req.params.fingerprint })
|
||||
});
|
||||
|
||||
router.get('/:input', function(req, res) {
|
||||
res.render('proofs', { mode: "auto", input: req.params.input })
|
||||
});
|
||||
|
||||
module.exports = router;
|
88
routes/server.js
Normal file
|
@ -0,0 +1,88 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
const { check, query, validationResult } = require('express-validator');
|
||||
const proofVerification = require('../server/proofVerification');
|
||||
|
||||
router.get('/verify/proxy', [
|
||||
query('url').isURL().exists(),
|
||||
query('fingerprint').isHexadecimal().exists(),
|
||||
query('checkClaim').escape(),
|
||||
query('checkClaimFormat').escape(),
|
||||
query('checkRelation').escape().exists(),
|
||||
query('checkPath').escape().exists()
|
||||
], async function(req, res) {
|
||||
const errors = validationResult(req);
|
||||
if (!errors.isEmpty()) {
|
||||
return res.status(400).json({ success: false, errors: errors.array() });
|
||||
}
|
||||
|
||||
let params = {
|
||||
url: req.query.url,
|
||||
fingerprint: req.query.fingerprint,
|
||||
checkClaim: req.query.checkClaim ? req.query.checkClaim : null,
|
||||
checkClaimFormat: req.query.checkClaimFormat ? req.query.checkClaimFormat : "uri",
|
||||
checkRelation: req.query.checkRelation,
|
||||
checkPath: req.query.checkPath.split(',')
|
||||
}
|
||||
|
||||
try {
|
||||
const proofResult = await proofVerification.Proxy(params);
|
||||
res.status(200).send(proofResult);
|
||||
} catch (e) {
|
||||
console.log(e);
|
||||
res.status(400).send({ success: false, errors: e });
|
||||
}
|
||||
});
|
||||
|
||||
router.get('/verify/twitter', [
|
||||
query('tweetId').isInt().exists(),
|
||||
query('fingerprint').isHexadecimal().exists()
|
||||
], async function(req, res) {
|
||||
const errors = validationResult(req);
|
||||
if (!errors.isEmpty()) {
|
||||
return res.status(400).json({ success: false, errors: errors.array() });
|
||||
}
|
||||
|
||||
let params = {
|
||||
tweetId: req.query.tweetId,
|
||||
fingerprint: req.query.fingerprint
|
||||
}
|
||||
|
||||
try {
|
||||
const proofResult = await proofVerification.Twitter(params);
|
||||
res.status(200).send(proofResult);
|
||||
} catch (e) {
|
||||
console.log(e);
|
||||
res.status(400).send({ success: false, errors: e });
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = router;
|
60
routes/util.js
Normal file
|
@ -0,0 +1,60 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
|
||||
router.get('/profile-url', function(req, res) {
|
||||
res.render('util/profile-url')
|
||||
});
|
||||
router.get('/profile-url/:input', function(req, res) {
|
||||
res.render('util/profile-url', { input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/qr', function(req, res) {
|
||||
res.render('util/qr')
|
||||
});
|
||||
router.get('/qr/:input', function(req, res) {
|
||||
res.render('util/qr', { input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/qrfp', function(req, res) {
|
||||
res.render('util/qrfp')
|
||||
});
|
||||
router.get('/qrfp/:input', function(req, res) {
|
||||
res.render('util/qrfp', { input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/wkd', function(req, res) {
|
||||
res.render('util/wkd')
|
||||
});
|
||||
router.get('/wkd/:input', function(req, res) {
|
||||
res.render('util/wkd', { input: req.params.input })
|
||||
});
|
||||
|
||||
module.exports = router;
|
68
routes/verify.js
Normal file
|
@ -0,0 +1,68 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const router = require('express').Router();
|
||||
|
||||
router.get('/', function(req, res) {
|
||||
res.render('verify', { mode: "auto" })
|
||||
});
|
||||
|
||||
router.get('/wkd', function(req, res) {
|
||||
res.render('verify', { mode: "wkd" })
|
||||
});
|
||||
router.get('/wkd/:input', function(req, res) {
|
||||
res.render('verify', { mode: "wkd", input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/hkp', function(req, res) {
|
||||
res.render('verify', { mode: "hkp" })
|
||||
});
|
||||
router.get('/hkp/:input', function(req, res) {
|
||||
res.render('verify', { mode: "hkp", input: req.params.input })
|
||||
});
|
||||
|
||||
router.get('/plaintext', function(req, res) {
|
||||
res.render('verify', { mode: "plaintext" })
|
||||
});
|
||||
|
||||
router.get('/keybase', function(req, res) {
|
||||
res.render('verify', { mode: "keybase" })
|
||||
});
|
||||
router.get('/keybase/:username', function(req, res) {
|
||||
res.render('verify', { mode: "keybase", username: req.params.username })
|
||||
});
|
||||
router.get('/keybase/:username/:fingerprint', function(req, res) {
|
||||
res.render('verify', { mode: "keybase", username: req.params.username, fingerprint: req.params.fingerprint })
|
||||
});
|
||||
|
||||
router.get('/:input', function(req, res) {
|
||||
res.render('verify', { mode: "auto", input: req.params.input })
|
||||
});
|
||||
|
||||
module.exports = router;
|
|
@ -1,41 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
function str_lreplace($search, $replace, $subject) {
|
||||
$pos = strrpos($subject, $search);
|
||||
|
||||
if($pos !== false) {
|
||||
$subject = substr_replace($subject, $replace, $pos, strlen($search));
|
||||
}
|
||||
return $subject;
|
||||
}
|
||||
|
||||
?>
|
156
server/proofVerification.js
Normal file
|
@ -0,0 +1,156 @@
|
|||
/*
|
||||
Copyright (C) 2020 Yarmo Mackenbach
|
||||
|
||||
This program is free software: you can redistribute it and/or modify it under
|
||||
the terms of the GNU Affero General Public License as published by the Free
|
||||
Software Foundation, either version 3 of the License, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along
|
||||
with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If your software can interact with users remotely through a computer network,
|
||||
you should also make sure that it provides a way for users to get its source.
|
||||
For example, if your program is a web application, its interface could display
|
||||
a "Source" link that leads users to an archive of the code. There are many
|
||||
ways you could offer source, and different solutions will be better for different
|
||||
programs; see section 13 for the specific requirements.
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
const bent = require('bent');
|
||||
const getJSON = bent('json');
|
||||
require('dotenv').config();
|
||||
|
||||
const Proxy = async (params) => {
|
||||
let res = {
|
||||
success: false,
|
||||
errors: [],
|
||||
isVerified: false,
|
||||
params: params
|
||||
}
|
||||
|
||||
if (!res.params.checkClaim) {
|
||||
switch (res.params.checkClaimFormat) {
|
||||
default:
|
||||
case "uri":
|
||||
res.params.checkClaim = `openpgp4fpr:${res.params.fingerprint}`;
|
||||
break;
|
||||
case "message":
|
||||
res.params.checkClaim = `[Verifying my OpenPGP key: openpgp4fpr:${res.params.fingerprint}]`;
|
||||
break;
|
||||
case "fingerprint":
|
||||
res.params.checkClaim = res.params.fingerprint;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
const obj = await getJSON(res.params.url);
|
||||
res.isVerified = VerifyJsonProof(obj, res.params.checkPath, res.params.checkClaim, res.params.checkRelation);
|
||||
|
||||
return res;
|
||||
};
|
||||
|
||||
const Twitter = async (params) => {
|
||||
let res = {
|
||||
success: false,
|
||||
errors: [],
|
||||
isVerified: false,
|
||||
params: params
|
||||
}
|
||||
|
||||
let twitter_api_auth = process.env.TWITTER_API_AUTH;
|
||||
if (!twitter_api_auth) {
|
||||
res.errors.push("No Twitter API auth token provided");
|
||||
return res;
|
||||
}
|
||||
|
||||
let proofUrl = `https://api.twitter.com/labs/2/tweets/${res.params.tweetId}?tweet.fields=author_id,created_at,id,source,text`;
|
||||
let re = new RegExp(`[Verifying my OpenPGP key: openpgp4fpr:${res.params.fingerprint}]`, "gi");
|
||||
|
||||
const get = bent('GET', 'json', {'Content-Type': 'application/json', 'Authorization': `Bearer ${twitter_api_auth}`});
|
||||
const obj = await get(proofUrl);
|
||||
res.isVerified = re.test(obj.data.text);
|
||||
|
||||
return res;
|
||||
};
|
||||
|
||||
const VerifyJsonProof = (data, checkPath, checkClaim, checkRelation) => {
|
||||
let isVerified = false;
|
||||
|
||||
if (!data) {
|
||||
return isVerified;
|
||||
}
|
||||
|
||||
if (checkPath.length == 0) {
|
||||
switch (checkRelation) {
|
||||
default:
|
||||
case 'contains':
|
||||
let re = new RegExp(checkClaim, "gi");
|
||||
return re.test(data);
|
||||
break;
|
||||
case 'eq':
|
||||
return data == checkClaim;
|
||||
break;
|
||||
case 'oneOf':
|
||||
return data.includes(checkClaim);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (Array.isArray(data)) {
|
||||
data.forEach((item, i) => {
|
||||
isVerified = isVerified || VerifyJsonProof(item, checkPath, checkClaim, checkRelation);
|
||||
});
|
||||
} else if (Array.isArray(data[checkPath[0]])) {
|
||||
data[checkPath[0]].forEach((item, i) => {
|
||||
isVerified = isVerified || VerifyJsonProof(item, checkPath.slice(1), checkClaim, checkRelation);
|
||||
});
|
||||
} else {
|
||||
isVerified = isVerified || VerifyJsonProof(data[checkPath[0]], checkPath.slice(1), checkClaim, checkRelation);
|
||||
}
|
||||
|
||||
return isVerified;
|
||||
}
|
||||
|
||||
exports.Proxy = Proxy;
|
||||
exports.Twitter = Twitter;
|
||||
|
||||
// include 'secrets.php';
|
||||
//
|
||||
// $fingerprint = urlencode($_GET["fp"]);
|
||||
// $tweetId = urlencode($_GET["id"]);
|
||||
//
|
||||
// $check = "\[Verifying my OpenPGP key: openpgp4fpr:$fingerprint\]";
|
||||
//
|
||||
// $response = array();
|
||||
// $response["verified"] = false;
|
||||
// $response["fingerprint"] = $fingerprint;
|
||||
// $response["tweetId"] = $tweetId;
|
||||
// $response["text"] = $data["data"]["text"];
|
||||
//
|
||||
// if (!is_null($twitter_api_auth)) {
|
||||
// $ch = curl_init();
|
||||
// curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', $twitter_api_auth));
|
||||
// curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
|
||||
// curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
// curl_setopt($ch, CURLOPT_URL, "https://api.twitter.com/labs/2/tweets/$tweetId?tweet.fields=author_id,created_at,id,source,text");
|
||||
// $result = curl_exec($ch);
|
||||
// curl_close($ch);
|
||||
// $data = json_decode($result, true);
|
||||
//
|
||||
// if (preg_match("/{$check}/i", $data["data"]["text"])) {
|
||||
// $response["verified"] = true;
|
||||
// }
|
||||
// }
|
||||
//
|
||||
// echo json_encode($response);
|
|
@ -1,37 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
// Twitter API bearer code
|
||||
// Documentation: https://developer.twitter.com/en/docs/basics/authentication/oauth-2-0
|
||||
// Expected format: "Authorization: Bearer XXXXXXXXXXXXXXXXXXXXX"
|
||||
$twitter_api_auth = NULL;
|
||||
|
||||
?>
|
|
@ -1,62 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
$fingerprint = urlencode($_GET["fp"]);
|
||||
$url = htmlspecialchars($_GET["url"]);
|
||||
|
||||
$urlProof = $url.".json";
|
||||
$check = "\[Verifying my OpenPGP key: openpgp4fpr:$fingerprint\]";
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_URL, $urlProof);
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
$data = json_decode($result, true);
|
||||
|
||||
$response = array();
|
||||
$response["isDiscourse"] = false;
|
||||
|
||||
if (isset($data) && array_key_exists("user", $data) && array_key_exists("bio_raw", $data["user"])) {
|
||||
$response["isDiscourse"] = true;
|
||||
$response["fingerprint"] = $fingerprint;
|
||||
$response["user"] = $data["user"]["username"];
|
||||
$response["verified"] = false;
|
||||
}
|
||||
|
||||
if (preg_match("/{$check}/i", $data["user"]["bio_raw"])) {
|
||||
$response["verified"] = true;
|
||||
}
|
||||
|
||||
echo json_encode($response);
|
||||
|
||||
?>
|
|
@ -1,57 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
$fingerprint = urlencode($_GET["fp"]);
|
||||
$user = urlencode($_GET["user"]);
|
||||
|
||||
$url = "https://hacker-news.firebaseio.com/v0/user/$user.json";
|
||||
$check = "\[Verifying my OpenPGP key: openpgp4fpr:$fingerprint\]";
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_URL, $url);
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
$data = json_decode($result, true);
|
||||
|
||||
$response = array();
|
||||
$response["verified"] = false;
|
||||
$response["fingerprint"] = $fingerprint;
|
||||
$response["user"] = $user;
|
||||
|
||||
if (preg_match("/{$check}/i", $data["about"])) {
|
||||
$response["verified"] = true;
|
||||
}
|
||||
|
||||
echo json_encode($response);
|
||||
|
||||
?>
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
$fingerprint = urlencode($_GET["fp"]);
|
||||
$user = urlencode($_GET["user"]);
|
||||
|
||||
$url = "https://lobste.rs/u/$user.json";
|
||||
$check = "\[Verifying my OpenPGP key: openpgp4fpr:$fingerprint\]";
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_URL, $url);
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
$data = json_decode($result, true);
|
||||
|
||||
$response = array();
|
||||
$response["verified"] = false;
|
||||
$response["fingerprint"] = $fingerprint;
|
||||
$response["user"] = $user;
|
||||
$response["comment"] = $comment;
|
||||
|
||||
if (preg_match("/{$check}/i", $data["about"])) {
|
||||
$response["verified"] = true;
|
||||
}
|
||||
|
||||
echo json_encode($response);
|
||||
|
||||
?>
|
|
@ -1,65 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
$fingerprint = urlencode($_GET["fp"]);
|
||||
$user = urlencode($_GET["user"]);
|
||||
$comment = urlencode($_GET["comment"]);
|
||||
|
||||
$url = "https://www.reddit.com/user/$user/comments/$comment.json";
|
||||
$check = "\[Verifying my OpenPGP key: openpgp4fpr:$fingerprint";
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_URL, $url);
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
$data = json_decode($result, true);
|
||||
|
||||
$response = array();
|
||||
$response["verified"] = false;
|
||||
$response["fingerprint"] = $fingerprint;
|
||||
$response["user"] = $user;
|
||||
$response["comment"] = $comment;
|
||||
|
||||
foreach ($data as $entry) {
|
||||
$entryData = $entry["data"]["children"];
|
||||
|
||||
foreach ($entryData as $subEntry) {
|
||||
if (preg_match("/{$check}/i", $subEntry["data"]["selftext"])) {
|
||||
$response["verified"] = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
echo json_encode($response);
|
||||
|
||||
?>
|
|
@ -1,62 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php
|
||||
|
||||
include 'secrets.php';
|
||||
|
||||
$fingerprint = urlencode($_GET["fp"]);
|
||||
$tweetId = urlencode($_GET["id"]);
|
||||
|
||||
$check = "\[Verifying my OpenPGP key: openpgp4fpr:$fingerprint\]";
|
||||
|
||||
$response = array();
|
||||
$response["verified"] = false;
|
||||
$response["fingerprint"] = $fingerprint;
|
||||
$response["tweetId"] = $tweetId;
|
||||
$response["text"] = $data["data"]["text"];
|
||||
|
||||
if (!is_null($twitter_api_auth)) {
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json', $twitter_api_auth));
|
||||
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_URL, "https://api.twitter.com/labs/2/tweets/$tweetId?tweet.fields=author_id,created_at,id,source,text");
|
||||
$result = curl_exec($ch);
|
||||
curl_close($ch);
|
||||
$data = json_decode($result, true);
|
||||
|
||||
if (preg_match("/{$check}/i", $data["data"]["text"])) {
|
||||
$response["verified"] = true;
|
||||
}
|
||||
}
|
||||
|
||||
echo json_encode($response);
|
||||
|
||||
?>
|
Before Width: | Height: | Size: 1.7 KiB After Width: | Height: | Size: 1.7 KiB |
Before Width: | Height: | Size: 21 KiB After Width: | Height: | Size: 21 KiB |
Before Width: | Height: | Size: 55 KiB After Width: | Height: | Size: 55 KiB |
Before Width: | Height: | Size: 4.6 KiB After Width: | Height: | Size: 4.6 KiB |
Before Width: | Height: | Size: 445 B After Width: | Height: | Size: 445 B |
Before Width: | Height: | Size: 456 B After Width: | Height: | Size: 456 B |
0
assets/qrcode.min.js → static/qrcode.min.js
vendored
|
@ -461,19 +461,16 @@ async function verifyProof(url, fingerprint) {
|
|||
match = url.match(/https:\/\/twitter\.com\/(.*)\/status\/(.*)/);
|
||||
output.display = `@${match[1]}`;
|
||||
output.url = `https://twitter.com/${match[1]}`;
|
||||
output.proofUrlFetch = `/server/verifyTweet.php?id=${match[2]}&fp=${fingerprint}`;
|
||||
output.proofUrlFetch = `/server/verify/twitter
|
||||
?tweetId=${encodeURIComponent(match[2])}
|
||||
&fingerprint=${fingerprint}`;
|
||||
try {
|
||||
response = await fetch(output.proofUrlFetch, {
|
||||
headers: {
|
||||
Accept: 'application/json'
|
||||
},
|
||||
credentials: 'omit'
|
||||
});
|
||||
response = await fetch(output.proofUrlFetch);
|
||||
if (!response.ok) {
|
||||
throw new Error('Response failed: ' + response.status);
|
||||
}
|
||||
json = await response.json();
|
||||
output.isVerified = json.verified;
|
||||
output.isVerified = json.isVerified;
|
||||
} catch (e) {
|
||||
} finally {
|
||||
return output;
|
||||
|
@ -484,7 +481,8 @@ async function verifyProof(url, fingerprint) {
|
|||
output.type = "hackernews";
|
||||
match = url.match(/https:\/\/news.ycombinator.com\/user\?id=(.*)/);
|
||||
output.display = match[1];
|
||||
output.proofUrlFetch = `https://hacker-news.firebaseio.com/v0/user/${match[1]}.json`;
|
||||
output.proofUrl = `https://hacker-news.firebaseio.com/v0/user/${match[1]}.json`;
|
||||
output.proofUrlFetch = output.proofUrl;
|
||||
try {
|
||||
response = await fetch(output.proofUrlFetch, {
|
||||
headers: {
|
||||
|
@ -504,14 +502,14 @@ async function verifyProof(url, fingerprint) {
|
|||
}
|
||||
|
||||
if (!output.isVerified) {
|
||||
output.proofUrlFetch = `/server/verifyHackerNews.php?user=${match[1]}&fp=${fingerprint}`;
|
||||
output.proofUrlFetch = `/server/verify/proxy
|
||||
?url=${encodeURIComponent(output.proofUrl)}
|
||||
&fingerprint=${fingerprint}
|
||||
&checkRelation=contains
|
||||
&checkPath=about
|
||||
&checkClaimFormat=message`;
|
||||
try {
|
||||
response = await fetch(output.proofUrlFetch, {
|
||||
headers: {
|
||||
Accept: 'application/json'
|
||||
},
|
||||
credentials: 'omit'
|
||||
});
|
||||
response = await fetch(output.proofUrlFetch);
|
||||
if (!response.ok) {
|
||||
throw new Error('Response failed: ' + response.status);
|
||||
}
|
||||
|
@ -550,19 +548,20 @@ async function verifyProof(url, fingerprint) {
|
|||
match = url.match(/https:\/\/(?:www\.)?reddit\.com\/user\/(.*)\/comments\/(.*)\/(.*)\//);
|
||||
output.display = match[1];
|
||||
output.url = `https://www.reddit.com/user/${match[1]}`;
|
||||
output.proofUrlFetch = `/server/verifyReddit.php?user=${match[1]}&comment=${match[2]}&fp=${fingerprint}`;
|
||||
output.proofUrl = `https://www.reddit.com/user/${match[1]}/comments/${match[2]}.json`;
|
||||
output.proofUrlFetch = `/server/verify/proxy
|
||||
?url=${encodeURIComponent(output.proofUrl)}
|
||||
&fingerprint=${fingerprint}
|
||||
&checkRelation=contains
|
||||
&checkPath=data,children,data,selftext
|
||||
&checkClaimFormat=message`;
|
||||
try {
|
||||
response = await fetch(output.proofUrlFetch, {
|
||||
headers: {
|
||||
Accept: 'application/json'
|
||||
},
|
||||
credentials: 'omit'
|
||||
});
|
||||
response = await fetch(output.proofUrlFetch);
|
||||
if (!response.ok) {
|
||||
throw new Error('Response failed: ' + response.status);
|
||||
}
|
||||
json = await response.json();
|
||||
output.isVerified = json.verified;
|
||||
output.isVerified = json.isVerified;
|
||||
} catch (e) {
|
||||
} finally {
|
||||
return output;
|
||||
|
@ -600,19 +599,20 @@ async function verifyProof(url, fingerprint) {
|
|||
output.type = "lobsters";
|
||||
match = url.match(/https:\/\/lobste.rs\/u\/(.*)/);
|
||||
output.display = match[1];
|
||||
output.proofUrlFetch = `/server/verifyLobsters.php?user=${match[1]}&fp=${fingerprint}`;
|
||||
output.proofUrl = `https://lobste.rs/u/${match[1]}.json`;
|
||||
output.proofUrlFetch = `/server/verify/proxy
|
||||
?url=${encodeURIComponent(output.proofUrl)}
|
||||
&fingerprint=${fingerprint}
|
||||
&checkRelation=contains
|
||||
&checkPath=about
|
||||
&checkClaimFormat=message`;
|
||||
try {
|
||||
response = await fetch(output.proofUrlFetch, {
|
||||
headers: {
|
||||
Accept: 'application/json'
|
||||
},
|
||||
credentials: 'omit'
|
||||
});
|
||||
response = await fetch(output.proofUrlFetch);
|
||||
if (!response.ok) {
|
||||
throw new Error('Response failed: ' + response.status);
|
||||
}
|
||||
json = await response.json();
|
||||
output.isVerified = json.verified;
|
||||
output.isVerified = json.isVerified;
|
||||
} catch (e) {
|
||||
} finally {
|
||||
return output;
|
||||
|
@ -661,22 +661,23 @@ async function verifyProof(url, fingerprint) {
|
|||
// Discourse
|
||||
try {
|
||||
match = url.match(/https:\/\/(.*)\/u\/(.*)/);
|
||||
output.proofUrlFetch = `/server/verifyDiscourse.php?url=${url}&fp=${fingerprint}`;
|
||||
output.proofUrl = `${url}.json`;
|
||||
output.proofUrlFetch = `/server/verify/proxy
|
||||
?url=${encodeURIComponent(output.proofUrl)}
|
||||
&fingerprint=${fingerprint}
|
||||
&checkRelation=contains
|
||||
&checkPath=user,bio_raw
|
||||
&checkClaimFormat=message`;
|
||||
try {
|
||||
response = await fetch(output.proofUrlFetch, {
|
||||
headers: {
|
||||
Accept: 'application/json'
|
||||
},
|
||||
credentials: 'omit'
|
||||
});
|
||||
response = await fetch(output.proofUrlFetch);
|
||||
if (!response.ok) {
|
||||
throw new Error('Response failed: ' + response.status);
|
||||
}
|
||||
json = await response.json();
|
||||
if (json.isDiscourse) {
|
||||
if (json.isVerified) {
|
||||
output.type = "discourse";
|
||||
output.display = `${json.user}@${match[1]}`;
|
||||
output.isVerified = json.verified;
|
||||
output.display = `${match[2]}@${match[1]}`;
|
||||
output.isVerified = json.isVerified;
|
||||
return output;
|
||||
}
|
||||
} catch (e) {
|
|
@ -35,7 +35,7 @@ body {
|
|||
color: #444;
|
||||
font-family: sans-serif;
|
||||
background-color: #9dd3f0;
|
||||
background-image: url('/assets/img/background.svg');
|
||||
background-image: url('/static/img/background.svg');
|
||||
background-repeat: repeat;
|
||||
background-size: 512px;
|
||||
background-position: -16px -16px;
|
||||
|
@ -163,13 +163,17 @@ a.bigBtn {
|
|||
ul {
|
||||
list-style: "- ";
|
||||
}
|
||||
pre {
|
||||
white-space: pre-wrap;
|
||||
}
|
||||
code {
|
||||
display: block;
|
||||
padding: 8px;
|
||||
background-color: #eee;
|
||||
border: solid 1px #ddd;
|
||||
user-select: all;
|
||||
word-break: break-all;
|
||||
word-break: break-word;
|
||||
/* word-break: break-all; */
|
||||
}
|
||||
textarea {
|
||||
width: 100%;
|
4
template.env
Normal file
|
@ -0,0 +1,4 @@
|
|||
# Twitter API bearer code
|
||||
# Documentation: https://developer.twitter.com/en/docs/basics/authentication/oauth-2-0
|
||||
# Expected format: "XXXXXXXXXXXXXXXXXXXXX"
|
||||
#TWITTER_API_AUTH=
|
|
@ -1,35 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php $this->layout('template.base', ['title' => $title]) ?>
|
||||
|
||||
<div class="content">
|
||||
<h1>404</h1>
|
||||
<p>The requested page could not be found :(</p>
|
||||
</div>
|
6
views/404.pug
Normal file
|
@ -0,0 +1,6 @@
|
|||
extends template.base.pug
|
||||
|
||||
block content
|
||||
.content
|
||||
h1 404
|
||||
p The requested page could not be found :(
|
|
@ -1,68 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php $this->layout('template.base', ['title' => $title]) ?>
|
||||
|
||||
<div class="content">
|
||||
<h1>Encrypt</h1>
|
||||
<form id="form-encrypt" method="post">
|
||||
<h3>Recipient</h3>
|
||||
<label for="modeSelect">Mode: </label>
|
||||
<select class="modeSelect" name="modeSelect" id="modeSelect">
|
||||
<option value="auto" <?php if ($mode=="auto"): ?>selected<?php endif ?>>Autodetect</option>
|
||||
<option value="wkd" <?php if ($mode=="wkd"): ?>selected<?php endif ?>>Web Key Directory</option>
|
||||
<option value="hkp" <?php if ($mode=="hkp"): ?>selected<?php endif ?>>Keyserver</option>
|
||||
<option value="plaintext" <?php if ($mode=="plaintext"): ?>selected<?php endif ?>>Plaintext</option>
|
||||
<option value="keybase" <?php if ($mode=="keybase"): ?>selected<?php endif ?>>Keybase</option>
|
||||
</select>
|
||||
<div class="modesContainer">
|
||||
<div class='modes modes--auto <?php if ($mode=="auto"): ?>modes--visible<?php endif ?>'>
|
||||
<input type="text" name="auto_input" id="auto_input" placeholder="Email / key id / fingerprint" value="<?=$this->escape($auto_input)?>">
|
||||
</div>
|
||||
<div class='modes modes--wkd <?php if ($mode=="wkd"): ?>modes--visible<?php endif ?>'>
|
||||
<input type="text" name="wkd_input" id="wkd_input" placeholder="name@domain.org" value="<?=$this->escape($wkd_input)?>">
|
||||
</div>
|
||||
<div class='modes modes--hkp <?php if ($mode=="hkp"): ?>modes--visible<?php endif ?>'>
|
||||
<input type="text" name="hkp_input" id="hkp_input" placeholder="Email / key id / fingerprint" value="<?=$this->escape($hkp_input)?>">
|
||||
<input type="text" name="hkp_server" id="hkp_server" placeholder="https://keys.openpgp.org/ (default)">
|
||||
</div>
|
||||
<div class='modes modes--plaintext <?php if ($mode=="plaintext"): ?>modes--visible<?php endif ?>'>
|
||||
<textarea name="plaintext_input" id="plaintext_input"></textarea>
|
||||
</div>
|
||||
<div class='modes modes--keybase <?php if ($mode=="keybase"): ?>modes--visible<?php endif ?>'>
|
||||
<input type="text" name="keybase_username" id="keybase_username" placeholder="username" value="<?=$this->escape($keybase_username)?>">
|
||||
<input type="text" name="keybase_fingerprint" id="keybase_fingerprint" placeholder="fingerprint" value="<?=$this->escape($keybase_fingerprint)?>">
|
||||
</div>
|
||||
</div>
|
||||
<h3>Message</h3>
|
||||
<textarea name="message" id="message"></textarea>
|
||||
<p id="result"></p>
|
||||
<input type="submit" class="bigBtn" name="submit" value="ENCRYPT MESSAGE">
|
||||
</form>
|
||||
</div>
|
14
views/encrypt.pug
Normal file
|
@ -0,0 +1,14 @@
|
|||
extends template.base.pug
|
||||
|
||||
block content
|
||||
.content
|
||||
h1 Encrypt
|
||||
form#form-encrypt(method='post')
|
||||
h3 Recipient
|
||||
label(for='modeSelect') Mode:
|
||||
include partials/key_selector
|
||||
|
||||
h3 Message
|
||||
textarea#message(name='message')
|
||||
p#result
|
||||
input.bigBtn(type='submit' name='submit' value='ENCRYPT MESSAGE')
|
|
@ -1,92 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php $this->layout('template.base', ['title' => $title]) ?>
|
||||
|
||||
<div class="content">
|
||||
<h1>FAQ</h1>
|
||||
<h3 id="what-is-keyoxide"><a href="#what-is-keyoxide">#</a> What is Keyoxide?</h3>
|
||||
<p><a href="/">Keyoxide</a> is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans. It is built to be privacy friendly and secure, it can even be self-hosted.</p>
|
||||
|
||||
<h3 id="why-does-keyoxide-exist"><a href="#why-does-keyoxide-exist">#</a> Why does Keyoxide exist?</h3>
|
||||
<p><a href="/">Keyoxide</a> provides a solution to a modern problem: we humans have developed advanced methods of encrypting data and signing it. Unfortunately, it requires complicated tools that demand a minimal level of understanding cryptography and how keypairs work to leverage these technologies.</p>
|
||||
<p>Sadly, this means that true privacy and secrecy in this modern age of surveillance capitalism is reserved to a subset of the world population.</p>
|
||||
<p>Luckily, there is one thing we can do. Some cryptographic operations are more accessible than others and less prone to leaking private data. By building a service around only those operations, we hope a wider general audience can benefit from modern cryptography.</p>
|
||||
|
||||
<h3 id="what-cryptographic-operations-can-keyoxide-handle"><a href="#what-cryptographic-operations-can-keyoxide-handle">#</a> What cryptographic operations can Keyoxide handle?</h3>
|
||||
<p><a href="/">Keyoxide</a> can: <a href="/verify">verify signatures</a> and <a href="/encrypt">encrypt messages</a>.<br><a href="/">Keyoxide</a> can't: sign messages or decrypt messages.</p>
|
||||
|
||||
<h3 id="why-so-few-cryptographic-operations"><a href="#why-so-few-cryptographic-operations">#</a> Why so few cryptographic operations?</h3>
|
||||
<p>Good question. First, what cryptographic operations are generally available? There's <strong>encryption</strong> and its counterpart, <strong>decryption</strong>, but also <strong>signing</strong> and its counterpart, <strong>signature verification</strong>.</p>
|
||||
<p><strong>Decryption</strong> and <strong>signing</strong> require private keys. <strong>Encryption</strong> and <strong>signature verification</strong> only require public keys.</p>
|
||||
<p>If you happen to be in possession of a private key, there is one thing you should know: that key is private! It shouldn't leave your computer and most certainly should never be uploaded to any website!</p>
|
||||
<p>So yes, alternative services may offer more cryptographic operations but at the highest cost of surrendering your private keys to servers you generally shouldn't trust and companies that may be under geopolitical influence.</p>
|
||||
<p><a href="/">Keyoxide</a> offers a simple solution to the trust issue: we don't want your keys, therefore you don't even need to trust us. Everything that this service offers is possible thanks to publicly available keys.</p>
|
||||
|
||||
<h3 id="how-does-keyoxide-work-without-keys"><a href="#how-does-keyoxide-work-without-keys">#</a> How does Keyoxide work without keys?</h3>
|
||||
<p>We still need keys, of course, but only the harmless public keys. And yes, we could have built a website where one can make an account and upload public keys, in a similar fashion as alternative services.</p>
|
||||
<p>But why would we? There's already an entire infrastructure out there in the form of websites that host their own keys (plaintext or web key directory) or dedicated "HTTP Key Protocol" or HKP servers, designed specifically for public key hosting. Why reinvent the wheel?</p>
|
||||
|
||||
<h3 id="how-is-this-privacy-friendly-and-secure"><a href="#how-is-this-privacy-friendly-and-secure">#</a> How is this privacy friendly and secure?</h3>
|
||||
<p>You can't make an account on <a href="/">Keyoxide</a> because for basic cryptographic operations, we don't need your data or your keys. By not knowing anything about you or using any trackers, this is as privacy-friendly as it gets.</p>
|
||||
<p>As for secure, <a href="/">Keyoxide</a> does all the cryptographic processing on your device and never sends data to the server. It also doesn't use private keys for any operation (so make sure to never upload those anywhere).</p>
|
||||
|
||||
<h3 id="how-can-i-make-an-account"><a href="#how-can-i-make-an-account">#</a> How can I make an account?</h3>
|
||||
<p>Well, you can't and that is the whole point of <a href="/">Keyoxide</a>. We don't want your data or your keys. Uploading your keys and/or data to our servers is never required for any of the operations provided by <a href="/">Keyoxide</a>.</p>
|
||||
|
||||
<h3 id="can-i-get-a-sweet-profile-page"><a href="#can-i-get-a-sweet-profile-page">#</a> Can I get a sweet profile page?</h3>
|
||||
<p>That, we can help you with! Just append your fingerprint to the domain (like so: <a href="https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D">https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D</a>) to generate a profile page.</p>
|
||||
|
||||
<h3 id="where-is-the-app"><a href="#where-is-the-app">#</a> Where is the app?</h3>
|
||||
<p>There's no app. Why would you want yet another app for what is essentially just a form with a big blue button?</p>
|
||||
|
||||
<h3 id="where-do-i-put-my-private-key"><a href="#where-do-i-put-my-private-key">#</a> Where do I put my private key?</h3>
|
||||
<p><strong>DON'T</strong>! We don't want it!</p>
|
||||
<p>Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer.</p>
|
||||
|
||||
<h3 id="what-is-the-use-if-i-can't-decrypt-or-sign-messages"><a href="#what-is-the-use-if-i-can't-decrypt-or-sign-messages">#</a> What is the use if I can't decrypt or sign messages?</h3>
|
||||
<p>If you want to be on the receiving end of securely encrypted messages, you should either learn the basics of modern cryptography and know your way around your computer's command line or switch to end-to-end encrypted instant messaging providers.</p>
|
||||
<p>Simply put, if you have private keys, you probably won't be using <a href="/">Keyoxide</a>. You will benefit from using command line tools or GUIs like <a href="https://www.openpgp.org/software/kleopatra/">Kleopatra</a>.</p>
|
||||
<p><a href="/">Keyoxide</a> is designed for those without extensive knowledge about cryptography and who wish to encrypt messages to, or verify the authenticity of messages coming from the people with that extensive knowledge.</p>
|
||||
|
||||
<h3 id="but-other-services-provide-a-social-network-function"><a href="#but-other-services-provide-a-social-network-function">#</a> But other services provide a social network function!</h3>
|
||||
<p>It doesn't need to be centralized to have a "social network" function. <a href="/">Keyoxide</a> simply uses the already existing "social network" of websites hosting their own keys and servers dedicated to hosting large amounts of keys.</p>
|
||||
|
||||
<h3 id="pgp-must-die"><a href="#pgp-must-die">#</a> PGP must die!</h3>
|
||||
<p>Not a question but we get your point. While there are <a href="https://restoreprivacy.com/let-pgp-die/">legitimate reasons PGP should cease to exist</a>, it is still widely used and without any clear sign of imminent extinction, it needs proper tooling.</p>
|
||||
<p>It should be noted that while PGP can indeed be harmful when applied to email encryption, there are other legitimate ways of leveraging PGP to encrypt and/or sign messages.</p>
|
||||
<p>That being said, <a href="/">Keyoxide</a> aims to integrate different cryptographic technologies and therefore ease the transition away from PGP.</p>
|
||||
|
||||
<h3 id="what-is-on-the-roadmap"><a href="#what-is-on-the-roadmap">#</a> What is on the roadmap?</h3>
|
||||
<ul>
|
||||
<li>Support more decentralized proofs</li>
|
||||
<li>Write more guides</li>
|
||||
<li>Integrate other encryption programs</li>
|
||||
</ul>
|
||||
</div>
|
151
views/faq.pug
Normal file
|
@ -0,0 +1,151 @@
|
|||
extends template.base.pug
|
||||
|
||||
block content
|
||||
.content
|
||||
h1 FAQ
|
||||
h3#what-is-keyoxide
|
||||
a(href='#what-is-keyoxide') #
|
||||
| What is Keyoxide?
|
||||
p
|
||||
a(href='/') Keyoxide
|
||||
| is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans. It is built to be privacy friendly and secure, it can even be self-hosted.
|
||||
h3#why-does-keyoxide-exist
|
||||
a(href='#why-does-keyoxide-exist') #
|
||||
| Why does Keyoxide exist?
|
||||
p
|
||||
a(href='/') Keyoxide
|
||||
| provides a solution to a modern problem: we humans have developed advanced methods of encrypting data and signing it. Unfortunately, it requires complicated tools that demand a minimal level of understanding cryptography and how keypairs work to leverage these technologies.
|
||||
p
|
||||
| Sadly, this means that true privacy and secrecy in this modern age of surveillance capitalism is reserved to a subset of the world population.
|
||||
p
|
||||
| Luckily, there is one thing we can do. Some cryptographic operations are more accessible than others and less prone to leaking private data. By building a service around only those operations, we hope a wider general audience can benefit from modern cryptography.
|
||||
h3#what-cryptographic-operations-can-keyoxide-handle
|
||||
a(href='#what-cryptographic-operations-can-keyoxide-handle') #
|
||||
| What cryptographic operations can Keyoxide handle?
|
||||
p
|
||||
a(href='/') Keyoxide
|
||||
| can:
|
||||
a(href='/verify') verify signatures
|
||||
| and
|
||||
a(href='/encrypt') encrypt messages
|
||||
| .
|
||||
br
|
||||
a(href='/') Keyoxide
|
||||
| can't: sign messages or decrypt messages.
|
||||
h3#why-so-few-cryptographic-operations
|
||||
a(href='#why-so-few-cryptographic-operations') #
|
||||
| Why so few cryptographic operations?
|
||||
p
|
||||
| Good question. First, what cryptographic operations are generally available? There's
|
||||
strong encryption
|
||||
| and its counterpart,
|
||||
strong decryption
|
||||
| , but also
|
||||
strong signing
|
||||
| and its counterpart,
|
||||
strong signature verification
|
||||
| .
|
||||
p
|
||||
strong Decryption
|
||||
| and
|
||||
strong signing
|
||||
| require private keys.
|
||||
strong Encryption
|
||||
| and
|
||||
strong signature verification
|
||||
| only require public keys.
|
||||
p
|
||||
| If you happen to be in possession of a private key, there is one thing you should know: that key is private! It shouldn't leave your computer and most certainly should never be uploaded to any website!
|
||||
p
|
||||
| So yes, alternative services may offer more cryptographic operations but at the highest cost of surrendering your private keys to servers you generally shouldn't trust and companies that may be under geopolitical influence.
|
||||
p
|
||||
a(href='/') Keyoxide
|
||||
| offers a simple solution to the trust issue: we don't want your keys, therefore you don't even need to trust us. Everything that this service offers is possible thanks to publicly available keys.
|
||||
h3#how-does-keyoxide-work-without-keys
|
||||
a(href='#how-does-keyoxide-work-without-keys') #
|
||||
| How does Keyoxide work without keys?
|
||||
p
|
||||
| We still need keys, of course, but only the harmless public keys. And yes, we could have built a website where one can make an account and upload public keys, in a similar fashion as alternative services.
|
||||
p
|
||||
| But why would we? There's already an entire infrastructure out there in the form of websites that host their own keys (plaintext or web key directory) or dedicated "HTTP Key Protocol" or HKP servers, designed specifically for public key hosting. Why reinvent the wheel?
|
||||
h3#how-is-this-privacy-friendly-and-secure
|
||||
a(href='#how-is-this-privacy-friendly-and-secure') #
|
||||
| How is this privacy friendly and secure?
|
||||
p
|
||||
| You can't make an account on
|
||||
a(href='/') Keyoxide
|
||||
| because for basic cryptographic operations, we don't need your data or your keys. By not knowing anything about you or using any trackers, this is as privacy-friendly as it gets.
|
||||
p
|
||||
| As for secure,
|
||||
a(href='/') Keyoxide
|
||||
| does all the cryptographic processing on your device and never sends data to the server. It also doesn't use private keys for any operation (so make sure to never upload those anywhere).
|
||||
h3#how-can-i-make-an-account
|
||||
a(href='#how-can-i-make-an-account') #
|
||||
| How can I make an account?
|
||||
p
|
||||
| Well, you can't and that is the whole point of
|
||||
a(href='/') Keyoxide
|
||||
| . We don't want your data or your keys. Uploading your keys and/or data to our servers is never required for any of the operations provided by
|
||||
a(href='/') Keyoxide
|
||||
| .
|
||||
h3#can-i-get-a-sweet-profile-page
|
||||
a(href='#can-i-get-a-sweet-profile-page') #
|
||||
| Can I get a sweet profile page?
|
||||
p
|
||||
| That, we can help you with! Just append your fingerprint to the domain (like so:
|
||||
a(href='https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D') https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D
|
||||
| ) to generate a profile page.
|
||||
h3#where-is-the-app
|
||||
a(href='#where-is-the-app') #
|
||||
| Where is the app?
|
||||
p
|
||||
| There's no app. Why would you want yet another app for what is essentially just a form with a big blue button?
|
||||
h3#where-do-i-put-my-private-key
|
||||
a(href='#where-do-i-put-my-private-key') #
|
||||
| Where do I put my private key?
|
||||
p
|
||||
strong DON'T
|
||||
| ! We don't want it!
|
||||
p
|
||||
| Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer.
|
||||
h3(id="what-is-the-use-if-i-can't-decrypt-or-sign-messages")
|
||||
a(href="#what-is-the-use-if-i-can't-decrypt-or-sign-messages") #
|
||||
| What is the use if I can't decrypt or sign messages?
|
||||
p
|
||||
| If you want to be on the receiving end of securely encrypted messages, you should either learn the basics of modern cryptography and know your way around your computer's command line or switch to end-to-end encrypted instant messaging providers.
|
||||
p
|
||||
| Simply put, if you have private keys, you probably won't be using
|
||||
a(href='/') Keyoxide
|
||||
| . You will benefit from using command line tools or GUIs like
|
||||
a(href='https://www.openpgp.org/software/kleopatra/') Kleopatra
|
||||
| .
|
||||
p
|
||||
a(href='/') Keyoxide
|
||||
| is designed for those without extensive knowledge about cryptography and who wish to encrypt messages to, or verify the authenticity of messages coming from the people with that extensive knowledge.
|
||||
h3#but-other-services-provide-a-social-network-function
|
||||
a(href='#but-other-services-provide-a-social-network-function') #
|
||||
| But other services provide a social network function!
|
||||
p
|
||||
| It doesn't need to be centralized to have a "social network" function.
|
||||
a(href='/') Keyoxide
|
||||
| simply uses the already existing "social network" of websites hosting their own keys and servers dedicated to hosting large amounts of keys.
|
||||
h3#pgp-must-die
|
||||
a(href='#pgp-must-die') #
|
||||
| PGP must die!
|
||||
p
|
||||
| Not a question but we get your point. While there are
|
||||
a(href='https://restoreprivacy.com/let-pgp-die/') legitimate reasons PGP should cease to exist
|
||||
| , it is still widely used and without any clear sign of imminent extinction, it needs proper tooling.
|
||||
p
|
||||
| It should be noted that while PGP can indeed be harmful when applied to email encryption, there are other legitimate ways of leveraging PGP to encrypt and/or sign messages.
|
||||
p
|
||||
| That being said,
|
||||
a(href='/') Keyoxide
|
||||
| aims to integrate different cryptographic technologies and therefore ease the transition away from PGP.
|
||||
h3#what-is-on-the-roadmap
|
||||
a(href='#what-is-on-the-roadmap') #
|
||||
| What is on the roadmap?
|
||||
ul
|
||||
li Support more decentralized proofs
|
||||
li Write more guides
|
||||
li Integrate other encryption programs
|
|
@ -1,36 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php $this->layout('template.base', ['title' => $title]) ?>
|
||||
|
||||
<div class="content">
|
||||
<h1><?php $this->insert("guides/$id.title") ?></h1>
|
||||
<p><a href='/guides'>Back to guides</a></p>
|
||||
<?php $this->insert("guides/$id.content") ?>
|
||||
</div>
|
4
views/guide.pug
Normal file
|
@ -0,0 +1,4 @@
|
|||
extends template.base.pug
|
||||
|
||||
block content
|
||||
.content !{ content }
|
|
@ -1,78 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<?php $this->layout('template.base', ['title' => $title]) ?>
|
||||
|
||||
<div class="content">
|
||||
<h1>Guides</h1>
|
||||
|
||||
<div class="guides">
|
||||
<div class="guides__section">
|
||||
<h3>Using Keyoxide</h3>
|
||||
<a href="/guides/verify">Verifying a signature</a><br>
|
||||
<a href="/guides/encrypt">Encrypting a message</a><br>
|
||||
<a href="/guides/proofs">Verifying identity proofs</a><br>
|
||||
<a href="/guides/contributing">Contributing to Keyoxide</a><br>
|
||||
<a href="/guides/self-hosting-keyoxide">Self-hosting Keyoxide</a><br>
|
||||
</div>
|
||||
|
||||
<div class="guides__section">
|
||||
<h3>OpenPGP and identity proofs</h3>
|
||||
<a href="/guides/openpgp-proofs">How OpenPGP identity proofs work</a><br>
|
||||
<a href="/guides/web-key-directory">Uploading keys using web key directory</a><br>
|
||||
</div>
|
||||
|
||||
<div class="guides__section">
|
||||
<h3>Adding proofs</h3>
|
||||
<a href="/guides/devto">Dev.to</a><br>
|
||||
<a href="/guides/discourse">Discourse</a><br>
|
||||
<a href="/guides/dns">Domain / DNS</a><br>
|
||||
<a href="/guides/github">Github</a><br>
|
||||
<a href="/guides/hackernews">Hackernews</a><br>
|
||||
<a href="/guides/lobsters">Lobste.rs</a><br>
|
||||
<a href="/guides/mastodon">Mastodon</a><br>
|
||||
<a href="/guides/pleroma">Pleroma</a><br>
|
||||
<a href="/guides/reddit">Reddit</a><br>
|
||||
<a href="/guides/twitter">Twitter</a><br>
|
||||
<a href="/guides/xmpp">XMPP+OMEMO</a><br>
|
||||
</div>
|
||||
|
||||
<div class="guides__section">
|
||||
<h3>Other services</h3>
|
||||
<a href="/guides/feature-comparison-keybase">Feature comparison with Keybase</a><br>
|
||||
<a href="/guides/migrating-from-keybase">Migrating from Keybase</a><br>
|
||||
</div>
|
||||
|
||||
<div class="guides__section">
|
||||
<h3>Managing proofs in GnuPG</h3>
|
||||
<a href="/guides/managing-proofs-listing">Listing proofs</a><br>
|
||||
<a href="/guides/managing-proofs-deleting">Deleting proofs</a><br>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
59
views/guides.pug
Normal file
|
@ -0,0 +1,59 @@
|
|||
extends template.base.pug
|
||||
|
||||
block content
|
||||
.content
|
||||
h1 Guides
|
||||
.guides
|
||||
.guides__section
|
||||
h3 Using Keyoxide
|
||||
a(href='/guides/verify') Verifying a signature
|
||||
br
|
||||
a(href='/guides/encrypt') Encrypting a message
|
||||
br
|
||||
a(href='/guides/proofs') Verifying identity proofs
|
||||
br
|
||||
a(href='/guides/contributing') Contributing to Keyoxide
|
||||
br
|
||||
a(href='/guides/self-hosting-keyoxide') Self-hosting Keyoxide
|
||||
|
||||
.guides__section
|
||||
h3 OpenPGP and identity proofs
|
||||
a(href='/guides/openpgp-proofs') How OpenPGP identity proofs work
|
||||
br
|
||||
a(href='/guides/web-key-directory') Uploading keys using web key directory
|
||||
|
||||
.guides__section
|
||||
h3 Adding proofs
|
||||
a(href='/guides/devto') Dev.to
|
||||
br
|
||||
a(href='/guides/discourse') Discourse
|
||||
br
|
||||
a(href='/guides/dns') Domain / DNS
|
||||
br
|
||||
a(href='/guides/github') Github
|
||||
br
|
||||
a(href='/guides/hackernews') Hackernews
|
||||
br
|
||||
a(href='/guides/lobsters') Lobste.rs
|
||||
br
|
||||
a(href='/guides/mastodon') Mastodon
|
||||
br
|
||||
a(href='/guides/pleroma') Pleroma
|
||||
br
|
||||
a(href='/guides/reddit') Reddit
|
||||
br
|
||||
a(href='/guides/twitter') Twitter
|
||||
br
|
||||
a(href='/guides/xmpp') XMPP+OMEMO
|
||||
|
||||
.guides__section
|
||||
h3 Other services
|
||||
a(href='/guides/feature-comparison-keybase') Feature comparison with Keybase
|
||||
br
|
||||
a(href='/guides/migrating-from-keybase') Migrating from Keybase
|
||||
|
||||
.guides__section
|
||||
h3 Managing proofs in GnuPG
|
||||
a(href='/guides/managing-proofs-listing') Listing proofs
|
||||
br
|
||||
a(href='/guides/managing-proofs-deleting') Deleting proofs
|
|
@ -1,51 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Keyoxide is more than this website. It's a project that aims to make cryptography more accessible to everyone. Keyoxide is part of a larger community of people working hard to develop tools that add privacy and security to our digital online lives. Remember: privacy is not a luxury.</p>
|
||||
|
||||
<h3>As a developer</h3>
|
||||
|
||||
<p>As Keyoxide is an open-source project licensed under the permissive <a href="https://codeberg.org/keyoxide/web/src/branch/main/LICENSE">MIT License</a>, everyone is welcome and encouraged to contribute. This can be done in various forms:</p>
|
||||
|
||||
<ul>
|
||||
<li><a href="https://codeberg.org/keyoxide/web/issues">Open an issue</a> to request changes, new features or simply get help.</li>
|
||||
<li><a href="https://codeberg.org/keyoxide/web/pulls">Open a PR</a> to directly integrate your own changes and new features.</li>
|
||||
</ul>
|
||||
|
||||
<h3>Not a developer?</h3>
|
||||
|
||||
<p>Not a developer? Not a problem? You could:</p>
|
||||
|
||||
<ul>
|
||||
<li>Learn more about the importance of online privacy and security and advocate for it (much needed!)</li>
|
||||
<li>Write guides for others and help each other out.</li>
|
||||
<li>Start using decentralized OpenPGP identity keys.</li>
|
||||
<li>Spread the word about Keyoxide and OpenPGP keys in general.</li>
|
||||
<li>Talk to persons you know using siloed or closed-source alternatives to Keyoxide.</li>
|
||||
</ul>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Contributing to Keyoxide
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized dev.to proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Post a dev.to proof message</h3>
|
||||
|
||||
<p>Log in to <a href="https://dev.to">dev.to</a> and create a new post with the following text (make sure to replace FINGERPRINT and USERNAME):</p>
|
||||
<code>This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this dev.to account](https://dev.to/USERNAME).
|
||||
For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
<br><br>[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]</code>
|
||||
|
||||
<p>After posting, copy the link to the post.</p>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to update with the link to the post copied above):</p>
|
||||
<code>proof@metacode.biz=https://dev.to/USERNAME/POST_TITLE</code>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified dev.to account.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a dev.to proof
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized Discourse proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Update the Discourse account</h3>
|
||||
|
||||
<p>Log in to the discourse instance website and add the following text to your <strong>About me</strong> (make sure to replace FINGERPRINT):</p>
|
||||
<code>This is an OpenPGP proof that connects my OpenPGP key to this Discourse account.
|
||||
For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
<br><br>[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]</code>
|
||||
|
||||
<p>After posting, copy the link to your profile page (it should end with your <strong>/u/USERNAME</strong>).</p>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to replace PROFILE_URL with the link to the profile copied above):</p>
|
||||
<code>proof@metacode.biz=PROFILE_URL</code>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified Discourse account.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a Discourse proof
|
|
@ -1,56 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized DNS proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Update DNS records for your website</h3>
|
||||
|
||||
<p>Add the following TXT record to the DNS records of the (sub)domain you want to prove control over (make sure to replace FINGERPRINT):</p>
|
||||
<code>openpgp4fpr:FINGERPRINT</code>
|
||||
|
||||
<p>No specific TTL value is required.</p>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to replace DOMAIN, don't include https://):</p>
|
||||
<code>proof@metacode.biz=dns:DOMAIN?type=TXT</code>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified domain.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a DNS proof
|
|
@ -1,49 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's see how to encrypt a message.</p>
|
||||
|
||||
<h3>Obtain a public key for encryption</h3>
|
||||
|
||||
<p>The idea is that you use someone's public key to encrypt a message. From then on, the message cannot be decrypted and read by anyone but the person possessing the private keys associated with the public key (they'll have the same fingerprint).</p>
|
||||
|
||||
<p>If you already have a public key (or its fingerprint) you would like to use to encrypt a message, great! If not, you could use the following fingerprint:</p>
|
||||
<code>9f0048ac0b23301e1f77e994909f6bd6f80f485d</code>
|
||||
|
||||
<h3>Encrypt a message</h3>
|
||||
|
||||
<p>Open the <a href="/encrypt" target="_blank">keyoxide.org/encrypt</a> page and paste the fingerprint in the <strong>Email / key id / fingerprint</strong> field.</p>
|
||||
<p>Write a message in the <strong>Message</strong> field. Scroll down and press the <strong>ENCRYPT MESSAGE</strong> button.</p>
|
||||
<p>You have successfully encrypted the message! The encrypted message in the <strong>Message</strong> field can safely be sent via unsecured communication channels knowing that only the person possessing the private key associated with that fingerprint can read it.</p>
|
||||
|
||||
<h3>Going further</h3>
|
||||
|
||||
<p>You could try using different mechanisms of fetching keys, such as <strong>web key directory</strong> or copy-pasting a plaintext public key.</p>
|
||||
|
||||
<p>If you'd like to receive PGP encrypted messages, you must first learn the fundamentals of PGP and how to generate and handle your own keypair.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Encrypting a message
|
|
@ -1,62 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's see how Keyoxide's features compare to those of Keybase.</p>
|
||||
|
||||
<h3>Encrypt and verify</h3>
|
||||
|
||||
<p>Both Keyoxide and Keybase allow easy encryption of data and verification of signatures. While Keybase can only perform these actions for their users who uploaded at least a public key to their servers, Keyoxide can do this for any key on the internet, whether it's available through web key directory, dedicated key servers or simply copy-pasting a plaintext key.</p>
|
||||
|
||||
<h3>Decrypt and sign</h3>
|
||||
|
||||
<p>Keyoxide cannot decrypt data or sign messages.</p>
|
||||
<p>Keybase can do both of those things but this should NOT be considered a feature. It requires one to upload their private key to closed-source servers which is an act in stark contradiction with all safety precautions any owner of a private key should aim to heed.</p>
|
||||
|
||||
<h3>Online identity proofs</h3>
|
||||
|
||||
<p>Both Keyoxide and Keybase allow the user to generate proofs of online identity on various platforms. The difference lies in the method of generation and the implications this has on security.</p>
|
||||
|
||||
<p>Keybase generates a signed message to be posted by the to-be-verified account. Since this involves a signature, any signing key can be used. If a signing key gets misappropriated, it becomes easy for a bad actor to create fake identity proofs.</p>
|
||||
|
||||
<p>Keyoxide uses decentralized OpenPGP proofs in which the identity proofs are stored as notations within the keys themselves. This is only possible when you have access to keys with "certification" capability. As these are the most valuable of keys, they should also be handled more securely than signing keys and are therefore less prone to forgery of identity proofs.</p>
|
||||
|
||||
<h3>Social network and additional services</h3>
|
||||
|
||||
<p>Keybase provides an additional social network, chat functionality, encrypted drive, encrypted git, XLM crypto wallet and much more.</p>
|
||||
<p>Keyoxide has none of that. Just keys and proofs.</p>
|
||||
|
||||
<h3>Openness</h3>
|
||||
|
||||
<p>Keyoxide is fully open-source. It consists mainly of a client component which is the browser. The supporting server functions are open-source as well.</p>
|
||||
<p>Keybase has open-source clients but closed-source servers.</p>
|
||||
|
||||
<h3>Data safety</h3>
|
||||
|
||||
<p>Keyoxide lets the user's devices do almost all of the heavy lifting, meaning no data is ever sent to a server to perform any of the actions. Only exceptions to this rule are a couple of "proxy scripts" for proofs that cannot be verified by a browser. These proxy scripts are open-source as well and inspectable by all.</p>
|
||||
<p>Keybase servers are closed-source. One does not know what happens inside that black box.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Feature comparison with Keybase
|
|
@ -1,60 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized Github proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Post a Github proof message</h3>
|
||||
|
||||
<p>Log in to <a href="https://github.com">github.com</a> and click on <strong>New gist</strong>.</p>
|
||||
|
||||
<p>Name the file <strong>openpgp.md</strong> and copy the following content into it (make sure to replace FINGERPRINT and USERNAME):</p>
|
||||
<code>This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this Github account](https://github.com/USERNAME).
|
||||
For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
<br><br>[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]</code>
|
||||
|
||||
<p>After creating a public gist, copy the link to the gist.</p>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to update with the link to the post copied above):</p>
|
||||
<code>proof@metacode.biz=https://gist.github.com/USERNAME/12345678912345678912345678912345</code>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified Github account.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a Github proof
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized Hackernews proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Update the Hackernews account</h3>
|
||||
|
||||
<p>Log in to <a href="https://news.ycombinator.com">Hackernews</a> and click on your <strong>username</strong>.</p>
|
||||
|
||||
<p>Add the following lines to your <strong>about</strong> (make sure to replace FINGERPRINT):</p>
|
||||
<code>This is an OpenPGP proof that connects my OpenPGP key to this Hackernews account.
|
||||
For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
<br><br>[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]</code>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to replace USERNAME):</p>
|
||||
<code>proof@metacode.biz=https://news.ycombinator.com/user?id=USERNAME</code>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified Hackernews account.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a Hackernews proof
|
|
@ -1,56 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized Lobste.rs proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Update the Lobste.rs account</h3>
|
||||
|
||||
<p>Log in to <a href="https://lobste.rs">Lobste.rs</a> and append the following text to the <strong>About</strong> section (make sure to replace FINGERPRINT):</p>
|
||||
<code>This is an OpenPGP proof that connects my OpenPGP key to this Lobste.rs account.
|
||||
For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
<br><br>[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]</code>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to replace USERNAME):</p>
|
||||
<code>proof@metacode.biz=https://lobste.rs/u/USERNAME</code>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified Lobste.rs account.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a Lobste.rs proof
|
|
@ -1,63 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Over time, you may need to delete proofs. Changing proofs can be achieved by deleting proofs and adding new ones.</p>
|
||||
|
||||
<h3>Delete all proofs</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Launch the notation prompt:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the 'none' notation to delete all notations:</p>
|
||||
<code>none</code>
|
||||
|
||||
<p>Save the changes:</p>
|
||||
<code>save</code>
|
||||
|
||||
<h3>Delete one of your proofs</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Launch the notation prompt:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the <b>-</b> (minus) symbol followed by the proof you want to delete. Make sure you type the proof exactly like it is in your key.</p>
|
||||
<code>-proof@metacode.biz=dns:yourdomain.org?type=TXT</code>
|
||||
|
||||
<p><i>To make it easier to enter the right proof, you could first <a href="managing-proofs-listing">list all proofs</a> and simply copy the proof (including "proof@metacode.biz=") you want to delete.</i></p>
|
||||
|
||||
<p>Save the changes:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Deleting Proofs using GnuPG
|
|
@ -1,52 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's list the identity proofs stored in our OpenPGP keys.</p>
|
||||
|
||||
<h3>Listing notations in GnuPG</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>List detailed preferences:</p>
|
||||
<code>showpref</code>
|
||||
|
||||
<p>You should now see your key details, uid, and proofs assigned to your keys:</p>
|
||||
<code>
|
||||
[ultimate] (1). Your Name <your@email>
|
||||
Cipher: AES256, AES192, AES, 3DES
|
||||
Digest: SHA512, SHA384, SHA256, SHA1
|
||||
Compression: ZLIB, BZIP2, ZIP, Uncompressed
|
||||
Features: MDC, Keyserver no-modify
|
||||
Notations: proof@metacode.biz=https://gist.github.com/youruser/somehash
|
||||
proof@metacode.biz=dns:yourdomain.org?type=TXT
|
||||
</code>
|
||||
|
||||
<p>Exit gpg:</p>
|
||||
<code>quit</code>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Listing Proofs using GnuPG
|
|
@ -1,54 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized Mastodon proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Update the Mastodon account</h3>
|
||||
|
||||
<p>Log in to your Mastodon instance and click on <strong>Edit profile</strong>.</p>
|
||||
<p>Add a new item under <strong>Profile metadata</strong> with the label <strong>OpenPGP</strong> and your PGP fingerprint as the content.</p>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to update the link):</p>
|
||||
<code>proof@metacode.biz=https://INSTANCE.ORG/@USERNAME</code>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified Mastodon account.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a Mastodon proof
|
|
@ -1,50 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's see how easy it is to get a Keyoxide profile when you already have a Keybase account.</p>
|
||||
|
||||
<h3>Claim your Keyoxide profile</h3>
|
||||
|
||||
<p>Go to the <a href="/util/profile-url">profile URL generator</a>, set Keybase as Source and follow the Keybase specific instructions. Has a profile URL been generated? Congratulations, you now have your very own Keyoxide profile!</p>
|
||||
|
||||
<h3>Actually migrating to Keyoxide</h3>
|
||||
|
||||
<p>Unfortunately, you get very little control when using your Keybase key directly. You will need to generate your own PGP keypair (use guides like <a href="https://spin.atomicobject.com/2013/11/24/secure-gpg-keys-guide/">this one</a> for help) to unlock the full potential of <a href="/guides/proofs">distributed identity proofs</a>.</p>
|
||||
|
||||
<p>Have you generated a keypair and made the public key accessible through <a href="/guides/web-key-directory">web key directory (WKD)</a> or uploaded it to <a href="https://keys.openpgp.org/">keys.openpgp.org</a>? Use the <a href="/util/profile-url">profile URL generator</a> to get your own profile URL and <a href="/guides">start adding identity proofs</a>.</p>
|
||||
|
||||
<h3>Keyoxide as a partial replacement for Keybase</h3>
|
||||
|
||||
<p>It's important to moderate expectations and state that <a href="/">Keyoxide</a> only replaces the subset of Keybase features that are considered the "core" features: message encryption, signature verification and identity proofs.</p>
|
||||
|
||||
<p>Message decryption and signing are <strong>not</strong> supported features: they would require you to upload your secret key to a website which is a big <strong>no-no</strong>.</p>
|
||||
|
||||
<p>Encrypted chat and cloud storage are <strong>not</strong> supported features: there are plenty of dedicated alternative services.</p>
|
||||
|
||||
<p>If you need any of these Keybase-specific supports, <a href="/">Keyoxide</a> may not be a full Keybase replacement for you but you could still generate a profile and take advantage of <strong>distributed identity proofs</strong>.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Migrating from Keybase
|
|
@ -1,63 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<h3>Decentralized OpenPGP identity proofs</h3>
|
||||
|
||||
<p>Decentralized OpenPGP identity proofs are the brainchild of Wiktor who wrote the original guide on <a href="https://metacode.biz/openpgp/proofs">his website</a> (a suggested read to get first-hand information).</p>
|
||||
|
||||
<p>Unlike proofs provided by for example <a href="https://keybase.io">Keybase</a>, OpenPGP proofs are stored inside the PGP keys themselves instead of being mere signatures. Since this operation requires keys with "certify" capabilities and not simply "sign" capabilities, these OpenPGP proofs could be considered more secure.</p>
|
||||
|
||||
<h3>Example</h3>
|
||||
|
||||
<ul>
|
||||
<li>Alice and Bob have been talking for years on service A. Alice already has an account on service B. Bob wants to move to service B as well. A simple decentralized proof confirms that the person who is known as Alice on service A is also known as Alice on service B. Bob can safely move to service B and talk to Alice without having to meet in person to confirm their accounts.</li>
|
||||
<li>Alice has received a friend request from Bob29 on service C. Is this the same Bob from service A or not? A simple decentralized proof confirms that the person who is known as Bob on platform A is also known as Bob29 on service C. Turns out 28 Bobs were already using service C.</li>
|
||||
<li>Bob has been invited by an account named Alyce to create an account on an unknown server. Is this a legit request? A simple decentralized proof tells Bob that Alice does not have such an account. Bob knows something is up and does not click the link possibly sent by an imposter.</li>
|
||||
</ul>
|
||||
|
||||
<h3>What an OpenPGP proof looks like</h3>
|
||||
|
||||
<p>Every OpenPGP identity proof is stored in the PGP key as a notation that looks like this:</p>
|
||||
<code>proof@metacode.biz=https://twitter.com/USERNAME/status/1234567891234567891</code>
|
||||
|
||||
<p>This particular proof is for a Twitter account (read more in the <a href="/guides/twitter">Twitter guide</a>). Let's analyse the notation:</p>
|
||||
|
||||
<ul>
|
||||
<li><strong>proof</strong> means the current notation is for an identity proof.</li>
|
||||
<li><strong>@metacode.biz</strong> is the domain of the person who came up with OpenPGP proofs and serves as a namespace for the notation. The domain is included and used for all proofs to comply with the <a href="https://tools.ietf.org/html/rfc4880#section-5.2.3.16">OpenPGP Message Format standard (RFC 4880)</a>.</li>
|
||||
<li><strong>https://twitter.com/USERNAME/status/1234567891234567891</strong> is the value of the notation. It is a link to the piece of online content that contains a pre-defined message which must always include the fingerprint of the PGP key that will hold the proof.</li>
|
||||
</ul>
|
||||
|
||||
<p>The proof should always link to a document that can be parsed as JSON to make the verification easy and feasible by the browser. Sometimes however, due to CORS restrictions or API requirements (as is the case for Twitter), no such link is provided by the platform. In these rare exceptional cases, the verification process is delegated to the Keyoxide server which will communicate directly with the platform's servers to get the content of the post.</p>
|
||||
|
||||
<h3>Your turn</h3>
|
||||
|
||||
<p>If you'd like to add decentralized OpenPGP identity proofs to your key, go to the <a href="/guides">guides</a> and find the right one for your platform of choice. You may find the process to be remarkably easy.</p>
|
||||
|
||||
<p>If your platform is not in the list of <a href="/guides">guides</a>, it's not supported yet. See the <a href="/guides/contributing">contributing guide</a> for more information on how to get that platform supported.</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
How OpenPGP identity proofs work
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized Pixelfed proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Update the Pixelfed account</h3>
|
||||
|
||||
<p>Log in to your Pixelfed instance and add the following lines to your <strong>Bio</strong> (make sure to replace FINGERPRINT):</p>
|
||||
<code>This is an OpenPGP proof that connects my OpenPGP key to this Pixelfed account.
|
||||
For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
<br><br>[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]</code>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to update the link):</p>
|
||||
<code>proof@metacode.biz=https://INSTANCE.ORG/users/USERNAME</code>
|
||||
|
||||
<p>Please note that the <strong>/users/</strong> part of the URL is mandatory for the proof to work.</p>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified Fediverse account (Pixelfed is part of the <a href="#https://en.wikipedia.org/wiki/Fediverse">Fediverse</a>).</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a Pixelfed proof
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's add a decentralized Pleroma proof to your OpenPGP keys.</p>
|
||||
|
||||
<h3>Update the Pleroma account</h3>
|
||||
|
||||
<p>Log in to your Pleroma instance and add the following lines to your <strong>Bio</strong> (make sure to replace FINGERPRINT):</p>
|
||||
<code>This is an OpenPGP proof that connects my OpenPGP key to this Pleroma account.
|
||||
For details check out https://keyoxide.org/guides/openpgp-proofs
|
||||
<br><br>[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]</code>
|
||||
|
||||
<h3>Update the PGP key</h3>
|
||||
|
||||
<p>First, edit the key (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --edit-key FINGERPRINT</code>
|
||||
|
||||
<p>Add a new notation:</p>
|
||||
<code>notation</code>
|
||||
|
||||
<p>Enter the notation (make sure to update the link):</p>
|
||||
<code>proof@metacode.biz=https://INSTANCE.ORG/users/USERNAME</code>
|
||||
|
||||
<p>Please note that the <strong>/users/</strong> part of the URL is mandatory for the proof to work.</p>
|
||||
|
||||
<p>Save the key:</p>
|
||||
<code>save</code>
|
||||
|
||||
<p>Upload the key to WKD or use the following command to upload the key to <a href="https://keys.openpgp.org">keys.openpgp.org</a> (make sure to replace FINGERPRINT):</p>
|
||||
<code>gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT</code>
|
||||
|
||||
<p>And you're done! Reload your profile page, it should now show a verified Fediverse account (Pleroma is part of the <a href="#https://en.wikipedia.org/wiki/Fediverse">Fediverse</a>).</p>
|
|
@ -1,30 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
Adding a Pleroma proof
|
|
@ -1,50 +0,0 @@
|
|||
<?php
|
||||
// Copyright (C) 2020 Yarmo Mackenbach
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify it under
|
||||
// the terms of the GNU Affero General Public License as published by the Free
|
||||
// Software Foundation, either version 3 of the License, or (at your option)
|
||||
// any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
// FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
||||
// details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License along
|
||||
// with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
//
|
||||
// Also add information on how to contact you by electronic and paper mail.
|
||||
//
|
||||
// If your software can interact with users remotely through a computer network,
|
||||
// you should also make sure that it provides a way for users to get its source.
|
||||
// For example, if your program is a web application, its interface could display
|
||||
// a "Source" link that leads users to an archive of the code. There are many
|
||||
// ways you could offer source, and different solutions will be better for different
|
||||
// programs; see section 13 for the specific requirements.
|
||||
//
|
||||
// You should also get your employer (if you work as a programmer) or school,
|
||||
// if any, to sign a "copyright disclaimer" for the program, if necessary. For
|
||||
// more information on this, and how to apply and follow the GNU AGPL, see <https://www.gnu.org/licenses/>.
|
||||
?>
|
||||
<p>Let's see how to verify identity proofs.</p>
|
||||
|
||||
<h3>Obtain a public key for verification</h3>
|
||||
|
||||
<p>The idea is that anyone can add identity proofs of various platforms in their keys. Since this information is kept in the public key, you could take anyone's public key and check whether they indeed have control over the accounts they claim to.</p>
|
||||
|
||||
<p>If you already have a public key (or its fingerprint) with OpenPGP identity proofs you would like to use to verify, great! If not, you could use the following fingerprint:</p>
|
||||
<code>9f0048ac0b23301e1f77e994909f6bd6f80f485d</code>
|
||||
|
||||
<h3>Verify proofs</h3>
|
||||
|
||||
<p>Open the <a href="/proofs" target="_blank">keyoxide.org/proofs</a> page and paste the fingerprint in the <strong>Email / key id / fingerprint</strong> field. Scroll down and press the <strong>VERIFY PROOFS</strong> button.</p>
|
||||
<p>You now see a list of domains and/or accounts on platforms for which the owner of the public key claims to have an control over.</p>
|
||||
<p>If the last link on a line says <strong>proof</strong>, the proof could not be verified for any number of reasons but Keyoxide still allows to check the supposed proof and decide for yourself whether you trust the claim. If the </p>
|
||||
<p>If the last link on a line says <strong>verified</strong>, the owner of the public key indeed has shown beyond doubt that it has control over the domain or account.</p>
|
||||
|
||||
<h3>Your turn</h3>
|
||||
|
||||
<p>If you'd like to add decentralized OpenPGP identity proofs to your key, go to the <a href="/guides">guides</a> and find the right one for your platform of choice. You may find the process to be remarkably easy.</p>
|
||||
|
||||
<p>If your platform is not in the list of <a href="/guides">guides</a>, it's not supported yet. See the <a href="/guides/contributing">contributing guide</a> for more information on how to get that platform supported.</p>
|