From d653d762b3306be486fe23de4a37f9948661553c Mon Sep 17 00:00:00 2001 From: Yarmo Mackenbach Date: Sat, 8 Aug 2020 01:06:08 +0200 Subject: [PATCH] Convert views to pug --- views/404.php | 35 -------- views/404.pug | 6 ++ views/encrypt.php | 68 -------------- views/encrypt.pug | 14 +++ views/faq.php | 92 ------------------- views/faq.pug | 151 ++++++++++++++++++++++++++++++++ views/guide.php | 36 -------- views/guide.pug | 4 + views/guides.php | 78 ----------------- views/guides.pug | 59 +++++++++++++ views/index.php | 105 ---------------------- views/index.pug | 101 +++++++++++++++++++++ views/partials/key_selector.pug | 24 +++++ views/profile.php | 58 ------------ views/profile.pug | 25 ++++++ views/proofs.php | 63 ------------- views/proofs.pug | 14 +++ views/template.base.php | 70 --------------- views/template.base.pug | 33 +++++++ views/verify.php | 70 --------------- views/verify.pug | 17 ++++ 21 files changed, 448 insertions(+), 675 deletions(-) delete mode 100644 views/404.php create mode 100644 views/404.pug delete mode 100644 views/encrypt.php create mode 100644 views/encrypt.pug delete mode 100644 views/faq.php create mode 100644 views/faq.pug delete mode 100644 views/guide.php create mode 100644 views/guide.pug delete mode 100644 views/guides.php create mode 100644 views/guides.pug delete mode 100644 views/index.php create mode 100644 views/index.pug create mode 100644 views/partials/key_selector.pug delete mode 100644 views/profile.php create mode 100644 views/profile.pug delete mode 100644 views/proofs.php create mode 100644 views/proofs.pug delete mode 100644 views/template.base.php create mode 100644 views/template.base.pug delete mode 100644 views/verify.php create mode 100644 views/verify.pug diff --git a/views/404.php b/views/404.php deleted file mode 100644 index 0dd1c66..0000000 --- a/views/404.php +++ /dev/null @@ -1,35 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - -
-

404

-

The requested page could not be found :(

-
diff --git a/views/404.pug b/views/404.pug new file mode 100644 index 0000000..7de3aa3 --- /dev/null +++ b/views/404.pug @@ -0,0 +1,6 @@ +extends template.base.pug + +block content + .content + h1 404 + p The requested page could not be found :( diff --git a/views/encrypt.php b/views/encrypt.php deleted file mode 100644 index bbd13cb..0000000 --- a/views/encrypt.php +++ /dev/null @@ -1,68 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - -
-

Encrypt

-
-

Recipient

- - -
-
- -
-
- -
-
- - -
-
- -
-
- - -
-
-

Message

- -

- -
-
diff --git a/views/encrypt.pug b/views/encrypt.pug new file mode 100644 index 0000000..cd1b4f6 --- /dev/null +++ b/views/encrypt.pug @@ -0,0 +1,14 @@ +extends template.base.pug + +block content + .content + h1 Encrypt + form#form-encrypt(method='post') + h3 Recipient + label(for='modeSelect') Mode: + include partials/key_selector + + h3 Message + textarea#message(name='message') + p#result + input.bigBtn(type='submit' name='submit' value='ENCRYPT MESSAGE') diff --git a/views/faq.php b/views/faq.php deleted file mode 100644 index c71f2f3..0000000 --- a/views/faq.php +++ /dev/null @@ -1,92 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - -
-

FAQ

-

# What is Keyoxide?

-

Keyoxide is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans. It is built to be privacy friendly and secure, it can even be self-hosted.

- -

# Why does Keyoxide exist?

-

Keyoxide provides a solution to a modern problem: we humans have developed advanced methods of encrypting data and signing it. Unfortunately, it requires complicated tools that demand a minimal level of understanding cryptography and how keypairs work to leverage these technologies.

-

Sadly, this means that true privacy and secrecy in this modern age of surveillance capitalism is reserved to a subset of the world population.

-

Luckily, there is one thing we can do. Some cryptographic operations are more accessible than others and less prone to leaking private data. By building a service around only those operations, we hope a wider general audience can benefit from modern cryptography.

- -

# What cryptographic operations can Keyoxide handle?

-

Keyoxide can: verify signatures and encrypt messages.
Keyoxide can't: sign messages or decrypt messages.

- -

# Why so few cryptographic operations?

-

Good question. First, what cryptographic operations are generally available? There's encryption and its counterpart, decryption, but also signing and its counterpart, signature verification.

-

Decryption and signing require private keys. Encryption and signature verification only require public keys.

-

If you happen to be in possession of a private key, there is one thing you should know: that key is private! It shouldn't leave your computer and most certainly should never be uploaded to any website!

-

So yes, alternative services may offer more cryptographic operations but at the highest cost of surrendering your private keys to servers you generally shouldn't trust and companies that may be under geopolitical influence.

-

Keyoxide offers a simple solution to the trust issue: we don't want your keys, therefore you don't even need to trust us. Everything that this service offers is possible thanks to publicly available keys.

- -

# How does Keyoxide work without keys?

-

We still need keys, of course, but only the harmless public keys. And yes, we could have built a website where one can make an account and upload public keys, in a similar fashion as alternative services.

-

But why would we? There's already an entire infrastructure out there in the form of websites that host their own keys (plaintext or web key directory) or dedicated "HTTP Key Protocol" or HKP servers, designed specifically for public key hosting. Why reinvent the wheel?

- -

# How is this privacy friendly and secure?

-

You can't make an account on Keyoxide because for basic cryptographic operations, we don't need your data or your keys. By not knowing anything about you or using any trackers, this is as privacy-friendly as it gets.

-

As for secure, Keyoxide does all the cryptographic processing on your device and never sends data to the server. It also doesn't use private keys for any operation (so make sure to never upload those anywhere).

- -

# How can I make an account?

-

Well, you can't and that is the whole point of Keyoxide. We don't want your data or your keys. Uploading your keys and/or data to our servers is never required for any of the operations provided by Keyoxide.

- -

# Can I get a sweet profile page?

-

That, we can help you with! Just append your fingerprint to the domain (like so: https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D) to generate a profile page.

- -

# Where is the app?

-

There's no app. Why would you want yet another app for what is essentially just a form with a big blue button?

- -

# Where do I put my private key?

-

DON'T! We don't want it!

-

Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer.

- -

# What is the use if I can't decrypt or sign messages?

-

If you want to be on the receiving end of securely encrypted messages, you should either learn the basics of modern cryptography and know your way around your computer's command line or switch to end-to-end encrypted instant messaging providers.

-

Simply put, if you have private keys, you probably won't be using Keyoxide. You will benefit from using command line tools or GUIs like Kleopatra.

-

Keyoxide is designed for those without extensive knowledge about cryptography and who wish to encrypt messages to, or verify the authenticity of messages coming from the people with that extensive knowledge.

- -

# But other services provide a social network function!

-

It doesn't need to be centralized to have a "social network" function. Keyoxide simply uses the already existing "social network" of websites hosting their own keys and servers dedicated to hosting large amounts of keys.

- -

# PGP must die!

-

Not a question but we get your point. While there are legitimate reasons PGP should cease to exist, it is still widely used and without any clear sign of imminent extinction, it needs proper tooling.

-

It should be noted that while PGP can indeed be harmful when applied to email encryption, there are other legitimate ways of leveraging PGP to encrypt and/or sign messages.

-

That being said, Keyoxide aims to integrate different cryptographic technologies and therefore ease the transition away from PGP.

- -

# What is on the roadmap?

-
    -
  • Support more decentralized proofs
  • -
  • Write more guides
  • -
  • Integrate other encryption programs
  • -
-
diff --git a/views/faq.pug b/views/faq.pug new file mode 100644 index 0000000..5821edd --- /dev/null +++ b/views/faq.pug @@ -0,0 +1,151 @@ +extends template.base.pug + +block content + .content + h1 FAQ + h3#what-is-keyoxide + a(href='#what-is-keyoxide') # + | What is Keyoxide? + p + a(href='/') Keyoxide + | is a lightweight and FOSS solution to make basic cryptography operations accessible to regular humans. It is built to be privacy friendly and secure, it can even be self-hosted. + h3#why-does-keyoxide-exist + a(href='#why-does-keyoxide-exist') # + | Why does Keyoxide exist? + p + a(href='/') Keyoxide + | provides a solution to a modern problem: we humans have developed advanced methods of encrypting data and signing it. Unfortunately, it requires complicated tools that demand a minimal level of understanding cryptography and how keypairs work to leverage these technologies. + p + | Sadly, this means that true privacy and secrecy in this modern age of surveillance capitalism is reserved to a subset of the world population. + p + | Luckily, there is one thing we can do. Some cryptographic operations are more accessible than others and less prone to leaking private data. By building a service around only those operations, we hope a wider general audience can benefit from modern cryptography. + h3#what-cryptographic-operations-can-keyoxide-handle + a(href='#what-cryptographic-operations-can-keyoxide-handle') # + | What cryptographic operations can Keyoxide handle? + p + a(href='/') Keyoxide + | can: + a(href='/verify') verify signatures + | and + a(href='/encrypt') encrypt messages + | . + br + a(href='/') Keyoxide + | can't: sign messages or decrypt messages. + h3#why-so-few-cryptographic-operations + a(href='#why-so-few-cryptographic-operations') # + | Why so few cryptographic operations? + p + | Good question. First, what cryptographic operations are generally available? There's + strong encryption + | and its counterpart, + strong decryption + | , but also + strong signing + | and its counterpart, + strong signature verification + | . + p + strong Decryption + | and + strong signing + | require private keys. + strong Encryption + | and + strong signature verification + | only require public keys. + p + | If you happen to be in possession of a private key, there is one thing you should know: that key is private! It shouldn't leave your computer and most certainly should never be uploaded to any website! + p + | So yes, alternative services may offer more cryptographic operations but at the highest cost of surrendering your private keys to servers you generally shouldn't trust and companies that may be under geopolitical influence. + p + a(href='/') Keyoxide + | offers a simple solution to the trust issue: we don't want your keys, therefore you don't even need to trust us. Everything that this service offers is possible thanks to publicly available keys. + h3#how-does-keyoxide-work-without-keys + a(href='#how-does-keyoxide-work-without-keys') # + | How does Keyoxide work without keys? + p + | We still need keys, of course, but only the harmless public keys. And yes, we could have built a website where one can make an account and upload public keys, in a similar fashion as alternative services. + p + | But why would we? There's already an entire infrastructure out there in the form of websites that host their own keys (plaintext or web key directory) or dedicated "HTTP Key Protocol" or HKP servers, designed specifically for public key hosting. Why reinvent the wheel? + h3#how-is-this-privacy-friendly-and-secure + a(href='#how-is-this-privacy-friendly-and-secure') # + | How is this privacy friendly and secure? + p + | You can't make an account on + a(href='/') Keyoxide + | because for basic cryptographic operations, we don't need your data or your keys. By not knowing anything about you or using any trackers, this is as privacy-friendly as it gets. + p + | As for secure, + a(href='/') Keyoxide + | does all the cryptographic processing on your device and never sends data to the server. It also doesn't use private keys for any operation (so make sure to never upload those anywhere). + h3#how-can-i-make-an-account + a(href='#how-can-i-make-an-account') # + | How can I make an account? + p + | Well, you can't and that is the whole point of + a(href='/') Keyoxide + | . We don't want your data or your keys. Uploading your keys and/or data to our servers is never required for any of the operations provided by + a(href='/') Keyoxide + | . + h3#can-i-get-a-sweet-profile-page + a(href='#can-i-get-a-sweet-profile-page') # + | Can I get a sweet profile page? + p + | That, we can help you with! Just append your fingerprint to the domain (like so: + a(href='https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D') https://keyoxide.org/9F0048AC0B23301E1F77E994909F6BD6F80F485D + | ) to generate a profile page. + h3#where-is-the-app + a(href='#where-is-the-app') # + | Where is the app? + p + | There's no app. Why would you want yet another app for what is essentially just a form with a big blue button? + h3#where-do-i-put-my-private-key + a(href='#where-do-i-put-my-private-key') # + | Where do I put my private key? + p + strong DON'T + | ! We don't want it! + p + | Alternative services may ask you for your private keys so that they can offer additional functionality. Please understand that your private key is yours and ONLY yours. You should never upload it to any online service, in fact it should never leave your computer. + h3(id="what-is-the-use-if-i-can't-decrypt-or-sign-messages") + a(href="#what-is-the-use-if-i-can't-decrypt-or-sign-messages") # + | What is the use if I can't decrypt or sign messages? + p + | If you want to be on the receiving end of securely encrypted messages, you should either learn the basics of modern cryptography and know your way around your computer's command line or switch to end-to-end encrypted instant messaging providers. + p + | Simply put, if you have private keys, you probably won't be using + a(href='/') Keyoxide + | . You will benefit from using command line tools or GUIs like + a(href='https://www.openpgp.org/software/kleopatra/') Kleopatra + | . + p + a(href='/') Keyoxide + | is designed for those without extensive knowledge about cryptography and who wish to encrypt messages to, or verify the authenticity of messages coming from the people with that extensive knowledge. + h3#but-other-services-provide-a-social-network-function + a(href='#but-other-services-provide-a-social-network-function') # + | But other services provide a social network function! + p + | It doesn't need to be centralized to have a "social network" function. + a(href='/') Keyoxide + | simply uses the already existing "social network" of websites hosting their own keys and servers dedicated to hosting large amounts of keys. + h3#pgp-must-die + a(href='#pgp-must-die') # + | PGP must die! + p + | Not a question but we get your point. While there are + a(href='https://restoreprivacy.com/let-pgp-die/') legitimate reasons PGP should cease to exist + | , it is still widely used and without any clear sign of imminent extinction, it needs proper tooling. + p + | It should be noted that while PGP can indeed be harmful when applied to email encryption, there are other legitimate ways of leveraging PGP to encrypt and/or sign messages. + p + | That being said, + a(href='/') Keyoxide + | aims to integrate different cryptographic technologies and therefore ease the transition away from PGP. + h3#what-is-on-the-roadmap + a(href='#what-is-on-the-roadmap') # + | What is on the roadmap? + ul + li Support more decentralized proofs + li Write more guides + li Integrate other encryption programs diff --git a/views/guide.php b/views/guide.php deleted file mode 100644 index 66dfc0c..0000000 --- a/views/guide.php +++ /dev/null @@ -1,36 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - -
-

insert("guides/$id.title") ?>

-

Back to guides

- insert("guides/$id.content") ?> -
diff --git a/views/guide.pug b/views/guide.pug new file mode 100644 index 0000000..bf01cdc --- /dev/null +++ b/views/guide.pug @@ -0,0 +1,4 @@ +extends template.base.pug + +block content + .content !{ content } diff --git a/views/guides.php b/views/guides.php deleted file mode 100644 index dfbdc4e..0000000 --- a/views/guides.php +++ /dev/null @@ -1,78 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - - diff --git a/views/guides.pug b/views/guides.pug new file mode 100644 index 0000000..26c50d2 --- /dev/null +++ b/views/guides.pug @@ -0,0 +1,59 @@ +extends template.base.pug + +block content + .content + h1 Guides + .guides + .guides__section + h3 Using Keyoxide + a(href='/guides/verify') Verifying a signature + br + a(href='/guides/encrypt') Encrypting a message + br + a(href='/guides/proofs') Verifying identity proofs + br + a(href='/guides/contributing') Contributing to Keyoxide + br + a(href='/guides/self-hosting-keyoxide') Self-hosting Keyoxide + + .guides__section + h3 OpenPGP and identity proofs + a(href='/guides/openpgp-proofs') How OpenPGP identity proofs work + br + a(href='/guides/web-key-directory') Uploading keys using web key directory + + .guides__section + h3 Adding proofs + a(href='/guides/devto') Dev.to + br + a(href='/guides/discourse') Discourse + br + a(href='/guides/dns') Domain / DNS + br + a(href='/guides/github') Github + br + a(href='/guides/hackernews') Hackernews + br + a(href='/guides/lobsters') Lobste.rs + br + a(href='/guides/mastodon') Mastodon + br + a(href='/guides/pleroma') Pleroma + br + a(href='/guides/reddit') Reddit + br + a(href='/guides/twitter') Twitter + br + a(href='/guides/xmpp') XMPP+OMEMO + + .guides__section + h3 Other services + a(href='/guides/feature-comparison-keybase') Feature comparison with Keybase + br + a(href='/guides/migrating-from-keybase') Migrating from Keybase + + .guides__section + h3 Managing proofs in GnuPG + a(href='/guides/managing-proofs-listing') Listing proofs + br + a(href='/guides/managing-proofs-deleting') Deleting proofs diff --git a/views/index.php b/views/index.php deleted file mode 100644 index 26406ac..0000000 --- a/views/index.php +++ /dev/null @@ -1,105 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - -
-

Keyoxide

-

A modern, secure and privacy-friendly platform to establish your decentralized online identity and perform basic cryptographic operations.

- - - -

About

-

Keyoxide allows you to link accounts on various online services and platforms together, prove they belong to you and establish an online identity. This puts you, the internet citizen, in charge when it comes to defining who you are on the internet instead of large corporations.

-

As an example, here's the developer's Keyoxide profile.

-

- Keyoxide is developed by Yarmo Mackenbach. - The MIT-licensed code is hosted on Codeberg. - It uses openpgp.js (version 4.10.7) for all cryptographic operations. -

- -

Features

- -

Decentralized online identity proofs

-
    -
  • You decide which accounts are linked together
  • -
  • You decide where this data is stored
  • -
  • Keyoxide does not hold your identity data on its servers
  • -
  • Keyoxide merely verifies the identity proofs and displays them
  • -
- -

Empowering the internet citizen

-
    -
  • A verified identity proof proves ownership of an account and builds trust
  • -
  • No bad actor can impersonate you as long as your accounts aren't compromised
  • -
  • Your online identity data is safe from greedy internet corporations
  • -
- -

User-centric platform

-
    -
  • Easily encrypt messages and verify signatures from the profile page
  • -
  • Keyoxide generates QR codes that integrate with OpenKeychain
  • -
  • Keyoxide fetches the key wherever the used decides to store it
  • -
  • Keyoxide is self-hostable, meaning you could put it on any server you trust
  • -
- -

Secure and privacy-friendly

-
    -
  • Keyoxide doesn't want your personal data, track you or show you ads
  • -
  • You never give data to Keyoxide, it simply uses the data you have made public
  • -
  • Keyoxide relies on OpenPGP, a widely used public-key cryptography standard (RFC-4880)
  • -
  • Cryptographic operations are performed in-browser by OpenPGP.js, a library maintained by ProtonMail
  • -
- -

Free Open Source Software

- - -
diff --git a/views/index.pug b/views/index.pug new file mode 100644 index 0000000..dffb364 --- /dev/null +++ b/views/index.pug @@ -0,0 +1,101 @@ +extends template.base.pug + +block content + .content + h1 Keyoxide + p + | A modern, secure and privacy-friendly platform to establish your + strong decentralized online identity + | and perform + strong basic cryptographic operations + | . + .flex-column-container + .flex-column + h2 Cryptographic operations + p + a(href='/verify') Verify PGP signature + br + a(href='/encrypt') Encrypt PGP message + br + a(href='/proofs') Verify distributed identity proofs + .flex-column + h2 Utilities + p + a(href='/util/profile-url') Profile URL generator + br + a(href='/util/wkd') Web Key Directory URL generator + br + a(href='/util/qrfp') Fingerprint QR generator + + h2 About + p + strong Keyoxide + | allows you to link accounts on various online services and platforms together, prove they belong to you and establish an online identity. This puts + strong you + | , the internet citizen, in charge when it comes to defining who you are on the internet instead of large corporations. + p + | As an example, here's the + a(href='/9f0048ac0b23301e1f77e994909f6bd6f80f485d') developer's Keyoxide profile + | . + p + strong Keyoxide + | is developed by + a(href='https://yarmo.eu') Yarmo Mackenbach + | . The MIT-licensed code is hosted on + a(href='https://codeberg.org/keyoxide/web') Codeberg + | . It uses + a(href='https://github.com/openpgpjs/openpgpjs') openpgp.js + | (version + a(href='https://github.com/openpgpjs/openpgpjs/releases/tag/v4.10.7') 4.10.7 + | ) for all cryptographic operations. + + h2 Features + + h3 Decentralized online identity proofs + ul + li You decide which accounts are linked together + li You decide where this data is stored + li Keyoxide does not hold your identity data on its servers + li Keyoxide merely verifies the identity proofs and displays them + + h3 Empowering the internet citizen + ul + li A verified identity proof proves ownership of an account and builds trust + li No bad actor can impersonate you as long as your accounts aren't compromised + li Your online identity data is safe from greedy internet corporations + + h3 User-centric platform + ul + li Easily encrypt messages and verify signatures from the profile page + li + | Keyoxide generates QR codes that integrate with + a(href='https://www.openkeychain.org/') OpenKeychain + li Keyoxide fetches the key wherever the used decides to store it + li Keyoxide is self-hostable, meaning you could put it on any server you trust + + h3 Secure and privacy-friendly + ul + li Keyoxide doesn't want your personal data, track you or show you ads + li You never give data to Keyoxide, it simply uses the data you have made public + li + | Keyoxide relies on OpenPGP, a widely used public-key cryptography standard ( + a(href='https://tools.ietf.org/html/rfc4880') RFC-4880 + | ) + li + | Cryptographic operations are performed in-browser by + a(href='https://openpgpjs.org/') OpenPGP.js + | , a library maintained by + a(href='https://protonmail.com/blog/openpgpjs-email-encryption/') ProtonMail + + h3 Free Open Source Software + ul + li + | Keyoxide is licensed under the permissive + a(href='https://codeberg.org/keyoxide/web/src/branch/dev/LICENSE') MIT license + li + | The source code is hosted on + a(href='https://codeberg.org/keyoxide/web') Codeberg.org + li + | Even the + a(href='https://drone.keyoxide.org/keyoxide/web/') CI/CD activity + | is publicly visible diff --git a/views/partials/key_selector.pug b/views/partials/key_selector.pug new file mode 100644 index 0000000..fb7f38c --- /dev/null +++ b/views/partials/key_selector.pug @@ -0,0 +1,24 @@ +select#modeSelect.modeSelect(name='modeSelect') + option(value='auto' selected=(mode == "auto" ? true : false)) Autodetect + option(value='wkd' selected=(mode == "wkd" ? true : false)) Web Key Directory + option(value='hkp' selected=(mode == "hkp" ? true : false)) Keyserver + option(value='plaintext' selected=(mode == "plaintext" ? true : false)) Plaintext + option(value='keybase' selected=(mode == "keybase" ? true : false)) Keybase + +.modesContainer + .modes.modes--auto(class=(mode == "auto" ? "modes--visible" : "")) + input#auto_input(type='text' name='auto_input' placeholder='Email / key id / fingerprint' value=(mode == "auto" ? input : "")) + + .modes.modes--wkd(class=(mode == "wkd" ? "modes--visible" : "")) + input#wkd_input(type='text' name='wkd_input' placeholder='name@domain.org' value=(mode == "wkd" ? input : "")) + + .modes.modes--hkp(class=(mode == "hkp" ? "modes--visible" : "")) + input#hkp_input(type='text' name='hkp_input' placeholder='Email / key id / fingerprint' value=(mode == "hkp" ? input : "")) + input#hkp_server(type='text' name='hkp_server' placeholder='https://keys.openpgp.org/ (default)') + + .modes.modes--plaintext(class=(mode == "plaintext" ? "modes--visible" : "")) + textarea#plaintext_input(name='plaintext_input') + + .modes.modes--keybase(class=(mode == "keybase" ? "modes--visible" : "")) + input#keybase_username(type='text' name='keybase_username' placeholder='username' value=(mode == "keybase" ? username : "")) + input#keybase_fingerprint(type='text' name='keybase_fingerprint' placeholder='fingerprint' value=(mode == "keybase" ? fingerprint : "")) diff --git a/views/profile.php b/views/profile.php deleted file mode 100644 index 338e8c2..0000000 --- a/views/profile.php +++ /dev/null @@ -1,58 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> - - - - - - - Keyoxide - - - -
-
- - -
- -

-
-

Loading keys & verifying proofs…

-
- - -
- - - - diff --git a/views/profile.pug b/views/profile.pug new file mode 100644 index 0000000..ca42316 --- /dev/null +++ b/views/profile.pug @@ -0,0 +1,25 @@ +doctype html +head + meta(charset='utf-8') + meta(name='viewport' content='width=device-width, initial-scale=1') + link(rel='shortcut icon' href='/favicon.svg') + title Keyoxide + link(rel='stylesheet' href='/static/styles.css') + +main.container.container--profile + .content + span#profileUid(style='display: none;') #{uid} + span#profileMode(style='display: none;') #{mode} + #profileHeader + img#profileAvatar(src='/static/img/avatar_placeholder.png' alt='avatar' style='display: none') + p#profileName + #profileData + p Loading keys & verifying proofs… + footer + p + | Page generated by + a(href='/') Keyoxide + | . + +script(src='/static/openpgp.min.js') +script(type='text/javascript' src='/static/scripts.js' charset='utf-8') diff --git a/views/proofs.php b/views/proofs.php deleted file mode 100644 index 2783706..0000000 --- a/views/proofs.php +++ /dev/null @@ -1,63 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - -
-

Proofs

-
-

Public key

- - -
-
- -
-
- -
-
- - -
-
- -
-
-

Result

-

-

- -
-
diff --git a/views/proofs.pug b/views/proofs.pug new file mode 100644 index 0000000..8e22f37 --- /dev/null +++ b/views/proofs.pug @@ -0,0 +1,14 @@ +extends template.base.pug + +block content + .content + h1 Proofs + form#form-proofs(method='post') + h3 Public key + label(for='modeSelect') Mode: + include partials/key_selector + + h3 Result + p#result + p#resultContent + input.bigBtn(type='submit' name='submit' value='VERIFY PROOFS') diff --git a/views/template.base.php b/views/template.base.php deleted file mode 100644 index 37803a6..0000000 --- a/views/template.base.php +++ /dev/null @@ -1,70 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> - - - - - - - - <?=$this->e($title)?>Keyoxide - - - -
-
- -
- -
-
- -
- section('content')?> - - -
- - - - - - diff --git a/views/template.base.pug b/views/template.base.pug new file mode 100644 index 0000000..c6d2ec9 --- /dev/null +++ b/views/template.base.pug @@ -0,0 +1,33 @@ +doctype html +head + meta(charset='utf-8') + meta(name='viewport' content='width=device-width, initial-scale=1') + meta(name='theme-color' content='#fff') + link(rel='shortcut icon' href='/favicon.svg') + title= (title ? title : "Keyoxide") + link(rel='stylesheet' href='/static/styles.css') +header + .container + a.logo(href='/') + img(src='/static/img/logo_96.png' alt='Keyoxide logo') + .spacer + nav + a(href='/') about + a(href='/guides') guides + a(href='/faq') faq + +main.container + block content + + footer + p + a(href='https://codeberg.org/keyoxide') Source code + | - + a(href='https://drone.keyoxide.org/keyoxide/web/') CI/CD + | - + a(href='https://fosstodon.org/@keyoxide') Mastodon + p © 2020 Keyoxide contributors + +script(src='/static/openpgp.min.js') +script(src='/static/qrcode.min.js') +script(type='text/javascript' src='/static/scripts.js' charset='utf-8') diff --git a/views/verify.php b/views/verify.php deleted file mode 100644 index e31afd2..0000000 --- a/views/verify.php +++ /dev/null @@ -1,70 +0,0 @@ -. -// -// Also add information on how to contact you by electronic and paper mail. -// -// If your software can interact with users remotely through a computer network, -// you should also make sure that it provides a way for users to get its source. -// For example, if your program is a web application, its interface could display -// a "Source" link that leads users to an archive of the code. There are many -// ways you could offer source, and different solutions will be better for different -// programs; see section 13 for the specific requirements. -// -// You should also get your employer (if you work as a programmer) or school, -// if any, to sign a "copyright disclaimer" for the program, if necessary. For -// more information on this, and how to apply and follow the GNU AGPL, see . -?> -layout('template.base', ['title' => $title]) ?> - -
-

Verify

-
-

Signer

- - -
-
- -
-
- -
-
- - -
-
- -
-
- - -
-
-

Signature

- -

Result

-

-

- -
-
diff --git a/views/verify.pug b/views/verify.pug new file mode 100644 index 0000000..9f81035 --- /dev/null +++ b/views/verify.pug @@ -0,0 +1,17 @@ +extends template.base.pug + +block content + .content + h1 Verify + form#form-verify(method='post') + h3 Signer + label(for='modeSelect') Mode: + include partials/key_selector + + h3 Signature + textarea#signature(name='signature') + + h3 Result + p#result + p#result + input.bigBtn(type='submit' name='submit' value='VERIFY SIGNATURE')