diff --git a/guides/contributing.md b/guides/contributing.md
new file mode 100644
index 0000000..dc162da
--- /dev/null
+++ b/guides/contributing.md
@@ -0,0 +1,20 @@
+# Contributing to Keyoxide
+
+Keyoxide is more than this website. It's a project that aims to make cryptography more accessible to everyone. Keyoxide is part of a larger community of people working hard to develop tools that add privacy and security to our digital online lives. Remember: privacy is not a luxury.
+
+## As a developer
+
+As Keyoxide is an open-source project licensed under the permissive [MIT License](https://codeberg.org/keyoxide/web/src/branch/main/LICENSE), everyone is welcome and encouraged to contribute. This can be done in various forms:
+
+* [Open an issue](https://codeberg.org/keyoxide/web/issues) to request changes, new features or simply get help.
+* [Open a PR](https://codeberg.org/keyoxide/web/pulls) to directly integrate your own changes and new features.
+
+## Not a developer?
+
+Not a developer? Not a problem? You could:
+
+* Learn more about the importance of online privacy and security and advocate for it (much needed!)
+* Write guides for others and help each other out.
+* Start using decentralized OpenPGP identity keys.
+* Spread the word about Keyoxide and OpenPGP keys in general.
+* Talk to persons you know using siloed or closed-source alternatives to Keyoxide.
diff --git a/guides/devto.md b/guides/devto.md
new file mode 100644
index 0000000..abc4a09
--- /dev/null
+++ b/guides/devto.md
@@ -0,0 +1,41 @@
+# Adding a dev.to proof
+
+Let's add a decentralized dev.to proof to your OpenPGP keys.
+
+[[toc]]
+
+## Post a dev.to proof message
+
+Log in to [dev.to](https://dev.to) and create a new post with the following text (make sure to replace FINGERPRINT and USERNAME):
+
+```
+This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this dev.to account](https://dev.to/USERNAME). For details check out https://keyoxide.org/guides/openpgp-proofs
+
+[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
+```
+
+After posting, copy the link to the post.
+
+## Update the PGP key
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Add a new notation:
+
+`notation`
+
+Enter the notation (make sure to update with the link to the post copied above):
+
+`proof@metacode.biz=https://dev.to/USERNAME/POST_TITLE`
+
+Save the key:
+
+`save`
+
+Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
+
+`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
+
+And you're done! Reload your profile page, it should now show a verified dev.to account.
diff --git a/guides/discourse.md b/guides/discourse.md
new file mode 100644
index 0000000..a6f065a
--- /dev/null
+++ b/guides/discourse.md
@@ -0,0 +1,41 @@
+# Adding a Discourse proof
+
+Let's add a decentralized Discourse proof to your OpenPGP keys.
+
+[[toc]]
+
+## Update the Discourse account
+
+Log in to the discourse instance website and add the following text to your **About me** (make sure to replace FINGERPRINT):
+
+```
+This is an OpenPGP proof that connects my OpenPGP key to this Discourse account. For details check out https://keyoxide.org/guides/openpgp-proofs
+
+[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
+```
+
+After posting, copy the link to your profile page (it should end with your **/u/USERNAME**).
+
+## Update the PGP key
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Add a new notation:
+
+`notation`
+
+Enter the notation (make sure to replace PROFILE_URL with the link to the profile copied above):
+
+`proof@metacode.biz=PROFILE_URL`
+
+Save the key:
+
+`save`
+
+Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
+
+`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
+
+And you're done! Reload your profile page, it should now show a verified Discourse account.
diff --git a/guides/dns.md b/guides/dns.md
new file mode 100644
index 0000000..56f9721
--- /dev/null
+++ b/guides/dns.md
@@ -0,0 +1,35 @@
+# Adding a DNS proof
+
+Let's add a decentralized DNS proof to your OpenPGP keys.
+
+[[toc]]
+
+## Update DNS records for your website
+
+Add the following TXT record to the DNS records of the (sub)domain you want to prove control over (make sure to replace FINGERPRINT):
+
+`openpgp4fpr:FINGERPRINT`
+
+No specific TTL value is required.
+
+## Update the PGP key
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Add a new notation:
+
+`notation`
+
+Enter the notation (make sure to replace DOMAIN, don't include https://):
+
+`proof@metacode.biz=dns:DOMAIN?type=TXT`
+
+Save the key:
+
+`save`
+
+Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
+
+`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
diff --git a/guides/encrypt.md b/guides/encrypt.md
new file mode 100644
index 0000000..7bfe1c9
--- /dev/null
+++ b/guides/encrypt.md
@@ -0,0 +1,27 @@
+# Encrypting a message
+
+Let's see how to encrypt a message.
+
+[[toc]]
+
+## Obtain a public key for encryption
+
+The idea is that you use someone's public key to encrypt a message. From then on, the message cannot be decrypted and read by anyone but the person possessing the private keys associated with the public key (they'll have the same fingerprint).
+
+If you already have a public key (or its fingerprint) you would like to use to encrypt a message, great! If not, you could use the following fingerprint:
+
+`9f0048ac0b23301e1f77e994909f6bd6f80f485d`
+
+## Encrypt a message
+
+Open the [keyoxide.org/encrypt](/encrypt) page and paste the fingerprint in the **Email / key id / fingerprint** field.
+
+Write a message in the **Message** field. Scroll down and press the **ENCRYPT MESSAGE** button.
+
+You have successfully encrypted the message! The encrypted message in the **Message** field can safely be sent via unsecured communication channels knowing that only the person possessing the private key associated with that fingerprint can read it.
+
+## Going further
+
+You could try using different mechanisms of fetching keys, such as **web key directory** or copy-pasting a plaintext public key.
+
+If you'd like to receive PGP encrypted messages, you must first learn the fundamentals of PGP and how to generate and handle your own keypair.
diff --git a/guides/feature-comparison-keybase.md b/guides/feature-comparison-keybase.md
new file mode 100644
index 0000000..df8eadf
--- /dev/null
+++ b/guides/feature-comparison-keybase.md
@@ -0,0 +1,41 @@
+# Feature comparison with Keybase
+
+Let's see how Keyoxide's features compare to those of Keybase.
+
+[[toc]]
+
+## Encrypt and verify
+
+Both Keyoxide and Keybase allow easy encryption of data and verification of signatures. While Keybase can only perform these actions for their users who uploaded at least a public key to their servers, Keyoxide can do this for any key on the internet, whether it's available through web key directory, dedicated key servers or simply copy-pasting a plaintext key.
+
+## Decrypt and sign
+
+Keyoxide cannot decrypt data or sign messages.
+
+Keybase can do both of those things but this should NOT be considered a feature. It requires one to upload their private key to closed-source servers which is an act in stark contradiction with all safety precautions any owner of a private key should aim to heed.
+
+## Online identity proofs
+
+Both Keyoxide and Keybase allow the user to generate proofs of online identity on various platforms. The difference lies in the method of generation and the implications this has on security.
+
+Keybase generates a signed message to be posted by the to-be-verified account. Since this involves a signature, any signing key can be used. If a signing key gets misappropriated, it becomes easy for a bad actor to create fake identity proofs.
+
+Keyoxide uses decentralized OpenPGP proofs in which the identity proofs are stored as notations within the keys themselves. This is only possible when you have access to keys with "certification" capability. As these are the most valuable of keys, they should also be handled more securely than signing keys and are therefore less prone to forgery of identity proofs.
+
+## Social network and additional services
+
+Keybase provides an additional social network, chat functionality, encrypted drive, encrypted git, XLM crypto wallet and much more.
+
+Keyoxide has none of that. Just keys and proofs.
+
+## Openness
+
+Keyoxide is fully open-source. It consists mainly of a client component which is the browser. The supporting server functions are open-source as well.
+
+Keybase has open-source clients but closed-source servers.
+
+## Data safety
+
+Keyoxide lets the user's devices do almost all of the heavy lifting, meaning no data is ever sent to a server to perform any of the actions. Only exceptions to this rule are a couple of "proxy scripts" for proofs that cannot be verified by a browser. These proxy scripts are open-source as well and inspectable by all.
+
+Keybase servers are closed-source. One does not know what happens inside that black box.
diff --git a/guides/github.md b/guides/github.md
new file mode 100644
index 0000000..7840419
--- /dev/null
+++ b/guides/github.md
@@ -0,0 +1,43 @@
+# Adding a Github proof
+
+Let's add a decentralized Github proof to your OpenPGP keys.
+
+[[toc]]
+
+## Post a Github proof message
+
+Log in to [github.com](https://github.com) and click on **New gist**.
+
+Name the file **openpgp.md** and copy the following content into it (make sure to replace FINGERPRINT and USERNAME):
+
+```
+This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this Github account](https://github.com/USERNAME). For details check out https://keyoxide.org/guides/openpgp-proofs
+
+[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
+```
+
+After creating a public gist, copy the link to the gist.
+
+## Update the PGP key
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Add a new notation:
+
+`notation`
+
+Enter the notation (make sure to update with the link to the post copied above):
+
+`proof@metacode.biz=https://gist.github.com/USERNAME/12345678912345678912345678912345`
+
+Save the key:
+
+`save`
+
+Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
+
+`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
+
+And you're done! Reload your profile page, it should now show a verified Github account.
diff --git a/guides/hackernews.md b/guides/hackernews.md
new file mode 100644
index 0000000..097f89a
--- /dev/null
+++ b/guides/hackernews.md
@@ -0,0 +1,41 @@
+# Adding a Hackernews proof
+
+Let's add a decentralized Hackernews proof to your OpenPGP keys.
+
+[[toc]]
+
+## Update the Hackernews account
+
+Log in to [Hackernews](https://news.ycombinator.com) and click on your **username**.
+
+Add the following lines to your **about** (make sure to replace FINGERPRINT):
+
+```
+This is an OpenPGP proof that connects my OpenPGP key to this Hackernews account. For details check out https://keyoxide.org/guides/openpgp-proofs
+
+[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
+```
+
+## Update the PGP key
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Add a new notation:
+
+`notation`
+
+Enter the notation (make sure to replace USERNAME):
+
+`proof@metacode.biz=https://news.ycombinator.com/user?id=USERNAME`
+
+Save the key:
+
+`save`
+
+Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
+
+`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
+
+And you're done! Reload your profile page, it should now show a verified Hackernews account.
diff --git a/guides/lobsters.md b/guides/lobsters.md
new file mode 100644
index 0000000..0f39e56
--- /dev/null
+++ b/guides/lobsters.md
@@ -0,0 +1,39 @@
+# Adding a Lobste.rs proof
+
+Let's add a decentralized Lobste.rs proof to your OpenPGP keys.
+
+[[toc]]
+
+## Update the Lobste.rs account
+
+Log in to [Lobste.rs](https://lobste.rs) and append the following text to the **About** section (make sure to replace FINGERPRINT):
+
+```
+This is an OpenPGP proof that connects my OpenPGP key to this Lobste.rs account. For details check out https://keyoxide.org/guides/openpgp-proofs
+
+[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
+```
+
+## Update the PGP key
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Add a new notation:
+
+`notation`
+
+Enter the notation (make sure to replace USERNAME):
+
+`proof@metacode.biz=https://lobste.rs/u/USERNAME`
+
+Save the key:
+
+`save`
+
+Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
+
+`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
+
+And you're done! Reload your profile page, it should now show a verified Lobste.rs account.
diff --git a/guides/managing-proofs-deleting.md b/guides/managing-proofs-deleting.md
new file mode 100644
index 0000000..a52bdb3
--- /dev/null
+++ b/guides/managing-proofs-deleting.md
@@ -0,0 +1,45 @@
+# Deleting Proofs using GnuPG
+
+Over time, you may need to delete proofs. Changing proofs can be achieved by deleting proofs and adding new ones.
+
+## Delete all proofs
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Launch the notation prompt:
+
+`notation`
+
+Enter the 'none' notation to delete all notations:
+
+`none`
+
+Save the changes:
+
+`save`
+
+## Delete one of your proofs
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+Launch the notation prompt:
+
+`notation`
+
+Enter the **-** (minus) symbol followed by the proof you want to delete. Make sure you type the proof exactly like it is in your key.
+
+`-proof@metacode.biz=dns:yourdomain.org?type=TXT`
+
+_To make it easier to enter the right proof, you could first [list all proofs](managing-proofs-listing) and simply copy the proof (including "proof@metacode.biz=") you want to delete._
+
+Save the changes:
+
+`save`
+
+Upload the key to WKD or use the following command to upload the key to [keys.openpgp.org](https://keys.openpgp.org) (make sure to replace FINGERPRINT):
+
+`gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT`
diff --git a/guides/managing-proofs-listing.md b/guides/managing-proofs-listing.md
new file mode 100644
index 0000000..ee0d03c
--- /dev/null
+++ b/guides/managing-proofs-listing.md
@@ -0,0 +1,29 @@
+# Listing Proofs using GnuPG
+
+Let's list the identity proofs stored in our OpenPGP keys.
+
+## Listing notations in GnuPG
+
+First, edit the key (make sure to replace FINGERPRINT):
+
+`gpg --edit-key FINGERPRINT`
+
+List detailed preferences:
+
+`showpref`
+
+You should now see your key details, uid, and proofs assigned to your keys:
+
+```
+[ultimate] (1). Your Name
Keyoxide is more than this website. It's a project that aims to make cryptography more accessible to everyone. Keyoxide is part of a larger community of people working hard to develop tools that add privacy and security to our digital online lives. Remember: privacy is not a luxury.
- -As Keyoxide is an open-source project licensed under the permissive MIT License, everyone is welcome and encouraged to contribute. This can be done in various forms:
- -Not a developer? Not a problem? You could:
- -Let's add a decentralized dev.to proof to your OpenPGP keys.
- -Log in to dev.to and create a new post with the following text (make sure to replace FINGERPRINT and USERNAME):
-This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this dev.to account](https://dev.to/USERNAME).
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-After posting, copy the link to the post.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to update with the link to the post copied above):
-proof@metacode.biz=https://dev.to/USERNAME/POST_TITLE
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified dev.to account.
diff --git a/views/guides/devto.title.php b/views/guides/devto.title.php deleted file mode 100644 index 343cdff..0000000 --- a/views/guides/devto.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Discourse proof to your OpenPGP keys.
- -Log in to the discourse instance website and add the following text to your About me (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this Discourse account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-After posting, copy the link to your profile page (it should end with your /u/USERNAME).
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to replace PROFILE_URL with the link to the profile copied above):
-proof@metacode.biz=PROFILE_URL
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Discourse account.
diff --git a/views/guides/discourse.title.php b/views/guides/discourse.title.php deleted file mode 100644 index 37a82ab..0000000 --- a/views/guides/discourse.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized DNS proof to your OpenPGP keys.
- -Add the following TXT record to the DNS records of the (sub)domain you want to prove control over (make sure to replace FINGERPRINT):
-openpgp4fpr:FINGERPRINT
-
-No specific TTL value is required.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to replace DOMAIN, don't include https://):
-proof@metacode.biz=dns:DOMAIN?type=TXT
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified domain.
diff --git a/views/guides/dns.title.php b/views/guides/dns.title.php deleted file mode 100644 index aaad4bf..0000000 --- a/views/guides/dns.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's see how to encrypt a message.
- -The idea is that you use someone's public key to encrypt a message. From then on, the message cannot be decrypted and read by anyone but the person possessing the private keys associated with the public key (they'll have the same fingerprint).
- -If you already have a public key (or its fingerprint) you would like to use to encrypt a message, great! If not, you could use the following fingerprint:
-9f0048ac0b23301e1f77e994909f6bd6f80f485d
-
-Open the keyoxide.org/encrypt page and paste the fingerprint in the Email / key id / fingerprint field.
-Write a message in the Message field. Scroll down and press the ENCRYPT MESSAGE button.
-You have successfully encrypted the message! The encrypted message in the Message field can safely be sent via unsecured communication channels knowing that only the person possessing the private key associated with that fingerprint can read it.
- -You could try using different mechanisms of fetching keys, such as web key directory or copy-pasting a plaintext public key.
- -If you'd like to receive PGP encrypted messages, you must first learn the fundamentals of PGP and how to generate and handle your own keypair.
diff --git a/views/guides/encrypt.title.php b/views/guides/encrypt.title.php deleted file mode 100644 index 737e3d5..0000000 --- a/views/guides/encrypt.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's see how Keyoxide's features compare to those of Keybase.
- -Both Keyoxide and Keybase allow easy encryption of data and verification of signatures. While Keybase can only perform these actions for their users who uploaded at least a public key to their servers, Keyoxide can do this for any key on the internet, whether it's available through web key directory, dedicated key servers or simply copy-pasting a plaintext key.
- -Keyoxide cannot decrypt data or sign messages.
-Keybase can do both of those things but this should NOT be considered a feature. It requires one to upload their private key to closed-source servers which is an act in stark contradiction with all safety precautions any owner of a private key should aim to heed.
- -Both Keyoxide and Keybase allow the user to generate proofs of online identity on various platforms. The difference lies in the method of generation and the implications this has on security.
- -Keybase generates a signed message to be posted by the to-be-verified account. Since this involves a signature, any signing key can be used. If a signing key gets misappropriated, it becomes easy for a bad actor to create fake identity proofs.
- -Keyoxide uses decentralized OpenPGP proofs in which the identity proofs are stored as notations within the keys themselves. This is only possible when you have access to keys with "certification" capability. As these are the most valuable of keys, they should also be handled more securely than signing keys and are therefore less prone to forgery of identity proofs.
- -Keybase provides an additional social network, chat functionality, encrypted drive, encrypted git, XLM crypto wallet and much more.
-Keyoxide has none of that. Just keys and proofs.
- -Keyoxide is fully open-source. It consists mainly of a client component which is the browser. The supporting server functions are open-source as well.
-Keybase has open-source clients but closed-source servers.
- -Keyoxide lets the user's devices do almost all of the heavy lifting, meaning no data is ever sent to a server to perform any of the actions. Only exceptions to this rule are a couple of "proxy scripts" for proofs that cannot be verified by a browser. These proxy scripts are open-source as well and inspectable by all.
-Keybase servers are closed-source. One does not know what happens inside that black box.
diff --git a/views/guides/feature-comparison-keybase.title.php b/views/guides/feature-comparison-keybase.title.php deleted file mode 100644 index 6abf001..0000000 --- a/views/guides/feature-comparison-keybase.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Github proof to your OpenPGP keys.
- -Log in to github.com and click on New gist.
- -Name the file openpgp.md and copy the following content into it (make sure to replace FINGERPRINT and USERNAME):
-This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/FINGERPRINT) to [this Github account](https://github.com/USERNAME).
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-After creating a public gist, copy the link to the gist.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to update with the link to the post copied above):
-proof@metacode.biz=https://gist.github.com/USERNAME/12345678912345678912345678912345
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Github account.
diff --git a/views/guides/github.title.php b/views/guides/github.title.php deleted file mode 100644 index b6da803..0000000 --- a/views/guides/github.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Hackernews proof to your OpenPGP keys.
- -Log in to Hackernews and click on your username.
- -Add the following lines to your about (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this Hackernews account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to replace USERNAME):
-proof@metacode.biz=https://news.ycombinator.com/user?id=USERNAME
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Hackernews account.
diff --git a/views/guides/hackernews.title.php b/views/guides/hackernews.title.php deleted file mode 100644 index 7839be7..0000000 --- a/views/guides/hackernews.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Lobste.rs proof to your OpenPGP keys.
- -Log in to Lobste.rs and append the following text to the About section (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this Lobste.rs account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to replace USERNAME):
-proof@metacode.biz=https://lobste.rs/u/USERNAME
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Lobste.rs account.
diff --git a/views/guides/lobsters.title.php b/views/guides/lobsters.title.php deleted file mode 100644 index 5eef758..0000000 --- a/views/guides/lobsters.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeOver time, you may need to delete proofs. Changing proofs can be achieved by deleting proofs and adding new ones.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Launch the notation prompt:
-notation
-
-Enter the 'none' notation to delete all notations:
-none
-
-Save the changes:
-save
-
-First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Launch the notation prompt:
-notation
-
-Enter the - (minus) symbol followed by the proof you want to delete. Make sure you type the proof exactly like it is in your key.
--proof@metacode.biz=dns:yourdomain.org?type=TXT
-
-To make it easier to enter the right proof, you could first list all proofs and simply copy the proof (including "proof@metacode.biz=") you want to delete.
- -Save the changes:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
diff --git a/views/guides/managing-proofs-deleting.title.php b/views/guides/managing-proofs-deleting.title.php
deleted file mode 100644
index 19040a5..0000000
--- a/views/guides/managing-proofs-deleting.title.php
+++ /dev/null
@@ -1,30 +0,0 @@
-.
-//
-// Also add information on how to contact you by electronic and paper mail.
-//
-// If your software can interact with users remotely through a computer network,
-// you should also make sure that it provides a way for users to get its source.
-// For example, if your program is a web application, its interface could display
-// a "Source" link that leads users to an archive of the code. There are many
-// ways you could offer source, and different solutions will be better for different
-// programs; see section 13 for the specific requirements.
-//
-// You should also get your employer (if you work as a programmer) or school,
-// if any, to sign a "copyright disclaimer" for the program, if necessary. For
-// more information on this, and how to apply and follow the GNU AGPL, see Let's list the identity proofs stored in our OpenPGP keys.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-List detailed preferences:
-showpref
-
-You should now see your key details, uid, and proofs assigned to your keys:
-
-[ultimate] (1). Your Name
- Cipher: AES256, AES192, AES, 3DES
- Digest: SHA512, SHA384, SHA256, SHA1
- Compression: ZLIB, BZIP2, ZIP, Uncompressed
- Features: MDC, Keyserver no-modify
- Notations: proof@metacode.biz=https://gist.github.com/youruser/somehash
- proof@metacode.biz=dns:yourdomain.org?type=TXT
-
-
-Exit gpg:
-quit
diff --git a/views/guides/managing-proofs-listing.title.php b/views/guides/managing-proofs-listing.title.php
deleted file mode 100644
index a819fe3..0000000
--- a/views/guides/managing-proofs-listing.title.php
+++ /dev/null
@@ -1,30 +0,0 @@
-.
-//
-// Also add information on how to contact you by electronic and paper mail.
-//
-// If your software can interact with users remotely through a computer network,
-// you should also make sure that it provides a way for users to get its source.
-// For example, if your program is a web application, its interface could display
-// a "Source" link that leads users to an archive of the code. There are many
-// ways you could offer source, and different solutions will be better for different
-// programs; see section 13 for the specific requirements.
-//
-// You should also get your employer (if you work as a programmer) or school,
-// if any, to sign a "copyright disclaimer" for the program, if necessary. For
-// more information on this, and how to apply and follow the GNU AGPL, see Let's add a decentralized Mastodon proof to your OpenPGP keys.
- -Log in to your Mastodon instance and click on Edit profile.
-Add a new item under Profile metadata with the label OpenPGP and your PGP fingerprint as the content.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to update the link):
-proof@metacode.biz=https://INSTANCE.ORG/@USERNAME
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Mastodon account.
diff --git a/views/guides/mastodon.title.php b/views/guides/mastodon.title.php deleted file mode 100644 index 8d6e727..0000000 --- a/views/guides/mastodon.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's see how easy it is to get a Keyoxide profile when you already have a Keybase account.
- -Go to the profile URL generator, set Keybase as Source and follow the Keybase specific instructions. Has a profile URL been generated? Congratulations, you now have your very own Keyoxide profile!
- -Unfortunately, you get very little control when using your Keybase key directly. You will need to generate your own PGP keypair (use guides like this one for help) to unlock the full potential of distributed identity proofs.
- -Have you generated a keypair and made the public key accessible through web key directory (WKD) or uploaded it to keys.openpgp.org? Use the profile URL generator to get your own profile URL and start adding identity proofs.
- -It's important to moderate expectations and state that Keyoxide only replaces the subset of Keybase features that are considered the "core" features: message encryption, signature verification and identity proofs.
- -Message decryption and signing are not supported features: they would require you to upload your secret key to a website which is a big no-no.
- -Encrypted chat and cloud storage are not supported features: there are plenty of dedicated alternative services.
- -If you need any of these Keybase-specific supports, Keyoxide may not be a full Keybase replacement for you but you could still generate a profile and take advantage of distributed identity proofs.
diff --git a/views/guides/migrating-from-keybase.title.php b/views/guides/migrating-from-keybase.title.php deleted file mode 100644 index cccab0f..0000000 --- a/views/guides/migrating-from-keybase.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeDecentralized OpenPGP identity proofs are the brainchild of Wiktor who wrote the original guide on his website (a suggested read to get first-hand information).
- -Unlike proofs provided by for example Keybase, OpenPGP proofs are stored inside the PGP keys themselves instead of being mere signatures. Since this operation requires keys with "certify" capabilities and not simply "sign" capabilities, these OpenPGP proofs could be considered more secure.
- -Every OpenPGP identity proof is stored in the PGP key as a notation that looks like this:
-proof@metacode.biz=https://twitter.com/USERNAME/status/1234567891234567891
-
-This particular proof is for a Twitter account (read more in the Twitter guide). Let's analyse the notation:
- -The proof should always link to a document that can be parsed as JSON to make the verification easy and feasible by the browser. Sometimes however, due to CORS restrictions or API requirements (as is the case for Twitter), no such link is provided by the platform. In these rare exceptional cases, the verification process is delegated to the Keyoxide server which will communicate directly with the platform's servers to get the content of the post.
- -If you'd like to add decentralized OpenPGP identity proofs to your key, go to the guides and find the right one for your platform of choice. You may find the process to be remarkably easy.
- -If your platform is not in the list of guides, it's not supported yet. See the contributing guide for more information on how to get that platform supported.
diff --git a/views/guides/openpgp-proofs.title.php b/views/guides/openpgp-proofs.title.php deleted file mode 100644 index 33c49d6..0000000 --- a/views/guides/openpgp-proofs.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Pixelfed proof to your OpenPGP keys.
- -Log in to your Pixelfed instance and add the following lines to your Bio (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this Pixelfed account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to update the link):
-proof@metacode.biz=https://INSTANCE.ORG/users/USERNAME
-
-Please note that the /users/ part of the URL is mandatory for the proof to work.
- -Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Fediverse account (Pixelfed is part of the Fediverse).
diff --git a/views/guides/pixelfed.title.php b/views/guides/pixelfed.title.php deleted file mode 100644 index 5f9c5a8..0000000 --- a/views/guides/pixelfed.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Pleroma proof to your OpenPGP keys.
- -Log in to your Pleroma instance and add the following lines to your Bio (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this Pleroma account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to update the link):
-proof@metacode.biz=https://INSTANCE.ORG/users/USERNAME
-
-Please note that the /users/ part of the URL is mandatory for the proof to work.
- -Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Fediverse account (Pleroma is part of the Fediverse).
diff --git a/views/guides/pleroma.title.php b/views/guides/pleroma.title.php deleted file mode 100644 index e43bcfe..0000000 --- a/views/guides/pleroma.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's see how to verify identity proofs.
- -The idea is that anyone can add identity proofs of various platforms in their keys. Since this information is kept in the public key, you could take anyone's public key and check whether they indeed have control over the accounts they claim to.
- -If you already have a public key (or its fingerprint) with OpenPGP identity proofs you would like to use to verify, great! If not, you could use the following fingerprint:
-9f0048ac0b23301e1f77e994909f6bd6f80f485d
-
-Open the keyoxide.org/proofs page and paste the fingerprint in the Email / key id / fingerprint field. Scroll down and press the VERIFY PROOFS button.
-You now see a list of domains and/or accounts on platforms for which the owner of the public key claims to have an control over.
-If the last link on a line says proof, the proof could not be verified for any number of reasons but Keyoxide still allows to check the supposed proof and decide for yourself whether you trust the claim. If the
-If the last link on a line says verified, the owner of the public key indeed has shown beyond doubt that it has control over the domain or account.
- -If you'd like to add decentralized OpenPGP identity proofs to your key, go to the guides and find the right one for your platform of choice. You may find the process to be remarkably easy.
- -If your platform is not in the list of guides, it's not supported yet. See the contributing guide for more information on how to get that platform supported.
diff --git a/views/guides/proofs.title.php b/views/guides/proofs.title.php deleted file mode 100644 index 24f9eee..0000000 --- a/views/guides/proofs.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Reddit proof to your OpenPGP keys.
- -Log in to www.reddit.com and create a new post with the following text (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this Reddit account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-After posting, copy the link to the post.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to update with the link to the post copied above):
-proof@metacode.biz=https://www.reddit.com/user/USERNAME/comments/123123/TITLE/
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Reddit account.
diff --git a/views/guides/reddit.title.php b/views/guides/reddit.title.php deleted file mode 100644 index 8905a41..0000000 --- a/views/guides/reddit.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeThough it's not a fully supported use case yet, anyone can take the source code and put it on their own server. The idea is that Keyoxide.org is not special in itself. After all, all the heavy lifting is done by the browser. So the role of any individual Keyoxide server is to get the tool in the hands of the end user.
- -The few supporting roles the server has can easily be performed by any other (PHP) server.
- -So if you like the project but perhaps are mistrusting of servers of others, especially when it comes to keypairs, here's the source code and put it on your own server. Thanks for using the project!
diff --git a/views/guides/self-hosting-keyoxide.title.php b/views/guides/self-hosting-keyoxide.title.php deleted file mode 100644 index 7a68760..0000000 --- a/views/guides/self-hosting-keyoxide.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeIf you have:
- -Then you may be interested in supporting decentralized identity proofs as they allow your users to securely prove their identity across services. Take a look at this [example](guides/service-provider) to find out how two persons can gain more confidence in knowing they are talking to and interacting with the right person in an online world where impersonating is all too easy.
- -The internet could be a slightly safer place if your service allowed your users to prove their identity. All the service needs to do is make a JSON file available with basic details about the user and set the correct CORS headers.
- -The documentation on what is precisely required is provided by the original creator of decentralized OpenPGP identity proofs.
diff --git a/views/guides/service-provider.title.php b/views/guides/service-provider.title.php deleted file mode 100644 index f6dd961..0000000 --- a/views/guides/service-provider.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized Twitter proof to your OpenPGP keys.
- -Log in to twitter.com and compose a new tweet with the following text (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this Twitter account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-After posting, copy the link to the tweet.
- -First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to update with the link to the tweet copied above):
-proof@metacode.biz=https://twitter.com/USERNAME/status/1234567891234567891
-
-Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a verified Twitter account.
diff --git a/views/guides/twitter.title.php b/views/guides/twitter.title.php deleted file mode 100644 index 7dec5fa..0000000 --- a/views/guides/twitter.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's see how to verify an OpenPGP signature.
- -If you already have a signature you would like to verify, great! If not, let's use the following signature for the guide:
------BEGIN PGP SIGNED MESSAGE-----
-
Hash: SHA256
-
-
I like pineapple.
-
-----BEGIN PGP SIGNATURE-----
-
-
iQJDBAEBCAAtFiEEog/Pt4tEmnyVrrtlNzZ/SvQIetEFAl70mVUPHHlhcm1vQHlh
-cm1vLmV1AAoJEDc2f0r0CHrRQXIP/08uza9zOtmZXv5K+uPGVzDKwkgPgZJEezX7
-6iQ358f1pjSRvYfQ5aB13k2epUHoqCKArMYu1zPqxhvLvvAvp8uOHABnr9NGL3El
-u7UUgaeUNHkr0gxCKEq3p81abrrbbWveP8OBP4RyxmaFx13Xcj7mfDluiBHmjVvv
-WU09EdH9VPlJ7WfZ+2G2ZZDHuE5XiaeP7ocugTxXXLkp33zwpDX0+ZuCIXM6fQGe
-OccSffglFPdNBnfasuuxDWxTQPsEbWGOPJV+CAPmBDeApX+TBF9bovO3hw4Uozk2
-VT7EAy8Hb0SOrUb3UNGxzoKv++5676IxyB4JXX0Tr9O4ZxhO8o9pEEHwirtn/J1+
-MWven4gVlWM/6bMeUqx6ydyNc2nqF5059yfRmwGMlp09x82G4x1bcf6aDZ+5njDG
-fS5T2OpXRIkZHJx8BhmZjsxiDR0KV44zwHpt06+96ef3EDWB0BcP6M+a5Rtc33zf
-irRmQd2M6RLyXCYtdGIiiAFRuomw802U4F0P4LwVrZdbGA6ObqBv1k8BUFCMbMz8
-Ab4hF7kO4z0Vh3JaKzcHey0pOzdNCPpAHZ51sAoAnFDM4PdMBgQxxVweCMu4KYMZ
-FN8sNn42oY/b7gDmwCelVhgD+rvUn/a8+B7CDmCp+wIquyrjrTt00voATcb+ZPMJ
-
pTXJ/NcM
-
=rqTX
-
-----END PGP SIGNATURE-----
-
-
-Copy the above signature.
- -Open the keyoxide.org/verify page and paste the signature in the corresponding field. Scroll down and press the VERIFY SIGNATURE button.
-Keyoxide lets you know the signature was verified and signed by a certain person.
- -Sometimes, you want to know if a specific person or public key was used to create a signature. In this case, let's figure out if the message was signed by Yarmo's public key or his friend Wiktor's public key.
- -Copy the following fingerprint:
-653909A2F0E37C106F5FAF546C8857E0D8E8F074
-Paste it in the Email / key id / fingerprint field under Public Key (3: HKP server) and press the big button again. It could not be verified. Guess it wasn't Wiktor who signed that message.
- -Now, copy the following fingerprint:
-9f0048ac0b23301e1f77e994909f6bd6f80f485d
-Paste it in the same field and press the big button again. It did verify! It was Yarmo all along.
- -You could try using different mechanisms of fetching keys, such as web key directory or copy-pasting a plaintext public key.
- -If you'd like to sign messages using PGP, you must first learn the fundamentals of PGP and how to generate and handle your own keypair.
diff --git a/views/guides/verify.title.php b/views/guides/verify.title.php deleted file mode 100644 index 0f14f40..0000000 --- a/views/guides/verify.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeWeb key directory or WKD refers to the method of uploading one's public key to their website in a specific location to make it easily accessible by other services supporting WKD. The key will be discoverable using an identifier similar to an email address: username@domain.org.
- -The benefit of WKD is having full control over the key while still having it widely available. It does however require a domain and some form of file hosting. Luckily, openpgp.org have made a WKD-as-a-service. Read more at the end of the guide.
- -It exists in two variants: the Direct setup and the Advanced setup. Despite their names, both require roughly the same steps.
- -To make your keys available via WKD using the Direct setup, you'll need two paths on your server:
- -https://domain.org/.well-known/openpgpkey/policy: this is an empty file
-https://domain.org/.well-known/openpgpkey/hu/LOCALPART: this is the binary public key (so NOT ASCII armored)
- -The LOCALPART above is actually the username hashed using the SHA-1 algorithm and encoded using the Z-Base-32 method. As it's not humanly possible to compute this by ourselves, Keyoxide provides a small utility to do this for you.
- -So if you wish to make your key available as jimothy@dm.com, according to the small utility, the URL would become:
-https://dm.com/.well-known/openpgpkey/hu/n9utc41qty791upt63rm5xtiudabmw6m
-
-While not necessary if the Direct setup works, there is a second setup to make WKD work: the Advanced setup. The paths needed are:
- -https://openpgpkey.domain.org/.well-known/openpgpkey/domain.org/policy: this is an empty file
-https://openpgpkey.domain.org/.well-known/openpgpkey/domain.org/hu/LOCALPART: this is the binary public key (so NOT ASCII armored)
- -Indeed, quite similar to the Direct setup, except for the openpgpkey subdomain and the additional domain.org in the path of the public key.
- -The public key for jimothy@dm.com would be available at:
-https://openpgpkey.dm.com/.well-known/openpgpkey/hu/dm.com/n9utc41qty791upt63rm5xtiudabmw6m
-
-In case hosting is problem, Openpgp.org has a handy WKD-as-a-service.
diff --git a/views/guides/web-key-directory.title.php b/views/guides/web-key-directory.title.php deleted file mode 100644 index b83b792..0000000 --- a/views/guides/web-key-directory.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, seeLet's add a decentralized XMPP proof to your OpenPGP keys.
- -Using a XMPP client that supports editing the vCard (such as Dino and Gajim), append the following message to the About section (make sure to replace FINGERPRINT):
-This is an OpenPGP proof that connects my OpenPGP key to this XMPP account.
-For details check out https://keyoxide.org/guides/openpgp-proofs
-
[Verifying my OpenPGP key: openpgp4fpr:FINGERPRINT]
-
-First, edit the key (make sure to replace FINGERPRINT):
-gpg --edit-key FINGERPRINT
-
-Add a new notation:
-notation
-
-Enter the notation (make sure to replace XMPP-ID):
-proof@metacode.biz=xmpp:XMPP-ID
-
-The XMPP-ID looks something like an email address: user@domain.org.
- -Save the key:
-save
-
-Upload the key to WKD or use the following command to upload the key to keys.openpgp.org (make sure to replace FINGERPRINT):
-gpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
-
-And you're done! Reload your profile page, it should now show a XMPP account.
- -XMPP communication can be end-to-end encrypted with OMEMO. Verifying OMEMO fingerprints is essential to trust your communication and keep it safe from Man-in-the-Middle attacks.
- -Keyoxide makes the fingerprint verification process easy for all. Add a special identity proof that not only contains your XMPP-ID but also the fingerprints of all your OMEMO keys.
- -If your XMPP identity proof is verified, a QR code is shown. Anyone can scan this QR code using XMPP apps like Conversations (free on F-Droid) to not only add you as a contact, but also verify your OMEMO keys with the highest level of trust.
- -Making this identity proof yourself can be a tad difficult when using clients like Gajim, but luckily for us, Conversations can directly generate the proof by going to Account details > Share > Share as XMPP URI. The resulting URI should look something like:
- -xmpp:user@domain.org?omemo-sid-123456789=A1B2C3D4E5F6G7H8I9...
-
-To take advantage of the easy and secure XMPP identity proof including OMEMO fingerprints, follow the basic edition guide above but replace XMPP-ID with the URI obtained through the Conversations app.
diff --git a/views/guides/xmpp.title.php b/views/guides/xmpp.title.php deleted file mode 100644 index f27dbf7..0000000 --- a/views/guides/xmpp.title.php +++ /dev/null @@ -1,30 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see