keyoxide
/
keyoxide-web
19
165
Fork 24
Code Issues 62 Pull Requests 1 Projects 2 Releases 65 Wiki Activity
Labels Milestones
New Issue

Ideas for additional proofs #16

Closed
opened 3 years ago by Supernova · 15 comments
Supernova commented 3 years ago

I am really liking this project. Some additional proofs that would be nice to have:

Codeberg!!
Matrix
Keybase (possibly using your username.keybase.pub web space)
Telegram
Threema ID
LinkedIn

I am really liking this project. Some additional proofs that would be nice to have: Codeberg!! Matrix Keybase (possibly using your username.keybase.pub web space) Telegram Threema ID LinkedIn
yarmo added the enhancement label 3 years ago
emanuelpina commented 2 years ago

Is it possible to add proofs of Pixelfed accounts?

Pixelfed uses a API similar to Mastodon: https://docs.pixelfed.org/technical-documentation/api-v1.html

Using the API to retrieve my profile as example:

curl -H "Accept:application/json" https://pixelfed.social/emanuel | jq
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1793    0  1793    0     0   6543      0 --:--:-- --:--:-- --:--:--  6543
{
  "@context": [
    "https://www.w3.org/ns/activitystreams",
    "https://w3id.org/security/v1",
    {
      "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
      "PropertyValue": "schema:PropertyValue",
      "schema": "http://schema.org#",
      "value": "schema:value"
    }
  ],
  "id": "https://pixelfed.social/users/emanuel",
  "type": "Person",
  "following": "https://pixelfed.social/users/emanuel/following",
  "followers": "https://pixelfed.social/users/emanuel/followers",
  "inbox": "https://pixelfed.social/users/emanuel/inbox",
  "outbox": "https://pixelfed.social/users/emanuel/outbox",
  "preferredUsername": "emanuel",
  "name": "Emanuel Pina",
  "summary": "I'm a pediatric nurse by ☀️ and 🌙, ☕ lover and a 🐕 owner for life.\n\nI'm a motorsport fan (#f1, #wec, #imsa...) and I do some #simracing on #iracing 🏁\n\nThere're days (less than it should) when I take some time to #cycling 🚴‍♂️",
  "url": "https://pixelfed.social/emanuel",
  "manuallyApprovesFollowers": false,
  "publicKey": {
    "id": "https://pixelfed.social/users/emanuel#main-key",
    "owner": "https://pixelfed.social/users/emanuel",
    "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJnHiJw4+Wr/ehVTHFk9\nNX6PbXjEKaoqBKbJRZrnyzEwwlXiCJ992kJ8RrpTJyKWF/y723Yu0J13FwWOy30n\nrP+FGEjYQ+timXSOrBSwILyV/ApychA5W5N5FMt6wNyfuqceWlOsnn3cuS/mZsWD\njydX+gsYy9XEuEu+fn4no5+f55jYn2tVxMLMbODxUn9XMIQB0z3RuC+n34CSCt3Z\nhWz5k89iJ1Apq210Wgayig0Xh6OZLsAJ9VxGtHHLgoBre/EM/vF3dSgaJvw9ys0Z\nVBLj4vNiRTRoz1sDK0kWeBIoZcf7bPEnC6hzyJkrv8LcdAV5jo4wWfnTKlWTtOKi\nHQIDAQAB\n-----END PUBLIC KEY-----\n"
  },
  "icon": {
    "type": "Image",
    "mediaType": "image/jpeg",
    "url": "https://pixelfed.social/storage/avatars/007/587/328/082/484/019/2/hTjaFNVMsSIFk7OyMBd6_avatar.jpeg?v=2"
  }
}
Is it possible to add proofs of Pixelfed accounts? Pixelfed uses a API similar to Mastodon: https://docs.pixelfed.org/technical-documentation/api-v1.html Using the API to retrieve my profile as example: ``` curl -H "Accept:application/json" https://pixelfed.social/emanuel | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1793 0 1793 0 0 6543 0 --:--:-- --:--:-- --:--:-- 6543 { "@context": [ "https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1", { "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", "PropertyValue": "schema:PropertyValue", "schema": "http://schema.org#", "value": "schema:value" } ], "id": "https://pixelfed.social/users/emanuel", "type": "Person", "following": "https://pixelfed.social/users/emanuel/following", "followers": "https://pixelfed.social/users/emanuel/followers", "inbox": "https://pixelfed.social/users/emanuel/inbox", "outbox": "https://pixelfed.social/users/emanuel/outbox", "preferredUsername": "emanuel", "name": "Emanuel Pina", "summary": "I'm a pediatric nurse by ☀️ and 🌙, ☕ lover and a 🐕 owner for life.\n\nI'm a motorsport fan (#f1, #wec, #imsa...) and I do some #simracing on #iracing 🏁\n\nThere're days (less than it should) when I take some time to #cycling 🚴‍♂️", "url": "https://pixelfed.social/emanuel", "manuallyApprovesFollowers": false, "publicKey": { "id": "https://pixelfed.social/users/emanuel#main-key", "owner": "https://pixelfed.social/users/emanuel", "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJnHiJw4+Wr/ehVTHFk9\nNX6PbXjEKaoqBKbJRZrnyzEwwlXiCJ992kJ8RrpTJyKWF/y723Yu0J13FwWOy30n\nrP+FGEjYQ+timXSOrBSwILyV/ApychA5W5N5FMt6wNyfuqceWlOsnn3cuS/mZsWD\njydX+gsYy9XEuEu+fn4no5+f55jYn2tVxMLMbODxUn9XMIQB0z3RuC+n34CSCt3Z\nhWz5k89iJ1Apq210Wgayig0Xh6OZLsAJ9VxGtHHLgoBre/EM/vF3dSgaJvw9ys0Z\nVBLj4vNiRTRoz1sDK0kWeBIoZcf7bPEnC6hzyJkrv8LcdAV5jo4wWfnTKlWTtOKi\nHQIDAQAB\n-----END PUBLIC KEY-----\n" }, "icon": { "type": "Image", "mediaType": "image/jpeg", "url": "https://pixelfed.social/storage/avatars/007/587/328/082/484/019/2/hTjaFNVMsSIFk7OyMBd6_avatar.jpeg?v=2" } } ```
dusansimic commented 2 years ago

Is it possible to add proofs of Pixelfed accounts?

@emanuelpina Pixelfed is a bit tricky since Mastodon has a an array called attachments which stores some values you want to share with other people. That is how Mastodon account's are verified (you sat and OpenPGP attachment with the fingerprint). Pixelfed doesn't have that feature, only summary which has limited number of bytes that can be stored. We could reach out to Pixelfed maintainer to add this feature.

> Is it possible to add proofs of Pixelfed accounts? @emanuelpina Pixelfed is a bit tricky since Mastodon has a an array called `attachments` which stores some values you want to share with other people. That is how Mastodon account's are verified (you sat and OpenPGP attachment with the fingerprint). Pixelfed doesn't have that feature, only summary which has limited number of bytes that can be stored. We could reach out to Pixelfed maintainer to add this feature.
avalos commented 2 years ago

Codeberg is basically Gitea, right?

Codeberg is basically Gitea, right?
dusansimic commented 2 years ago

@avalos correct. Gitea and also GitLab have been added already. You can check out the guides on the website.

@avalos correct. Gitea and also GitLab have been added already. You can check out the guides on the website.
👍 1
yisraeldov commented 2 years ago

@dusansimic You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon.

@dusansimic You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon.
KubikPixel commented 2 years ago

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?
dusansimic commented 2 years ago

You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon.

@yisraeldov While that is a perfectly valid solution I personally don't like that I would have to post a photo with a description that contains the fingerprint. That could be implemented but since Pixelfed is part of fediverse and it could be validated the same way mastodon is verified, I belive this feature should be handled on Pixelfed side if the maintainer is okay with that. Just a simple textbox where user can set the fingerprint will be great.

> You should beable to do a search on pixel feed for a post with a specific content, something like how keybase validates mastodon. @yisraeldov While that is a perfectly valid solution I personally don't like that I would have to post a photo with a description that contains the fingerprint. That could be implemented but since Pixelfed is part of fediverse and it could be validated the same way mastodon is verified, I belive this feature should be handled on Pixelfed side if the maintainer is okay with that. Just a simple textbox where user can set the fingerprint will be great.
dusansimic commented 2 years ago

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?

@KubikPixel right now, I think that feature is not supported but it could be easily done since we already have access to the instace url and username if user want's to verify mastodon account. That being said, you wont be able to use fingerprint as an OpenPGP attribute, rather the keyoxide url to your profile because mastodon required a url so an attribute can be verified. See my profile as an example.

@yarmo this is a feature that could be implemented if you're interested.

> Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project? @KubikPixel right now, I think that feature is not supported but it could be easily done since we already have access to the instace url and username if user want's to verify mastodon account. That being said, you wont be able to use fingerprint as an OpenPGP attribute, rather the keyoxide url to your profile because mastodon required a url so an attribute can be verified. See [my profile](https://mastodon.technology/@dusansimic) as an example. @yarmo this is a feature that could be implemented if you're interested.
KubikPixel commented 2 years ago

Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project?

I mren this with Keyoxide the same way as Keybase on Mastadon (not Pixafeed).

>Is it possible as with Keybase, that with Mastodon the field OpenPGP is confirmed with a green check mark or is this rather a point that I should add to the Mastodon project? I mren this with [Keyoxide](https://keyoxide.org) the same way as Keybase on Mastadon (not Pixafeed).
dusansimic commented 2 years ago

@KubikPixel that is exactly what I'm talking about. The feature you're talking about is not implemented yet but it could be. However, you wont set the fingerprint as an attribute rather the url to your keyoxide profile.

Meaning, you wont set OpenPGP to be ae8e46cd64ec9d68382bf21ebb1768f4534593c0. You'll set it to be https://keyoxide.org/ae8e46cd64ec9d68382bf21ebb1768f4534593c0.

I'll open a separate issue for this feature since it a fair idea that could be implemeneted.

@KubikPixel that is exactly what I'm talking about. The feature you're talking about is not implemented yet but it could be. However, you wont set the fingerprint as an attribute rather the url to your keyoxide profile. Meaning, you wont set OpenPGP to be `ae8e46cd64ec9d68382bf21ebb1768f4534593c0`. You'll set it to be https://keyoxide.org/ae8e46cd64ec9d68382bf21ebb1768f4534593c0. I'll open a separate issue for this feature since it a fair idea that could be implemeneted.
👍 1
KubikPixel commented 2 years ago

@dusansimic I see we talk in a circle but yes why not a Link to Keyoxide as a verification. I think this is fine and peoples see on the Keyoxide site the OpenPGP key and its proov but the atzribute name must in my opinion Keyoxide.

@dusansimic I see we talk in a circle but yes why not a Link to Keyoxide as a verification. I think this is fine and peoples see on the Keyoxide site the OpenPGP key and its proov but the `atzribute` name must in my opinion Keyoxide.
yarmo commented 2 years ago
Owner

It is now possible to verify a Mastodon proof using only the URL to a Mastodon account. See yarmo@fosstodon.org.

As for getting that link in my Mastodon account green and verified, what we need is to render the Keyoxide profile page on the server instead of in the browser. The proof verification can still happen in the browser! It's just the initial rendering of all proofs (with a "waiting for verification..." message) needs to happen on the server.

I'm already working on this.

It is now possible to verify a Mastodon proof using only the URL to a Mastodon account. See [yarmo@fosstodon.org](https://fosstodon.org/@yarmo). As for getting that link in my Mastodon account green and verified, what we need is to render the Keyoxide profile page on the server instead of in the browser. The proof verification can still happen in the browser! It's just the initial rendering of all proofs (with a "waiting for verification..." message) needs to happen on the server. I'm already working on this.
🚀 3
wiktor commented 2 years ago

Actually Keybase verification is quite straightforward as they have an API (that is even CORS-ready!): https://keybase.io/_/api/1.0/user/lookup.json?usernames=chris

Just check out them[0].public_keys.primary.key_fingerprint if it matches then it's the same user :)

Actually Keybase verification is quite straightforward as they have an API (that is even CORS-ready!): https://keybase.io/_/api/1.0/user/lookup.json?usernames=chris Just check out `them[0].public_keys.primary.key_fingerprint` if it matches then it's the same user :)
wiktor commented 2 years ago

@KubikPixel, @dusansimic, do note that Keybase has special treatment in Mastodon as it prints just username (not full link) and the verification is special cased in Mastodon.

I think it would be a good idea if Mastodon supported Keyoxide natively too - it's more decentralized and true to the open nature. If you think it's a good idea too you could vote / comment in here: https://github.com/tootsuite/mastodon/issues/14770 (haha, just noted that it's you @KubikPixel that created the issue :D )

@KubikPixel, @dusansimic, do note that Keybase has special treatment in Mastodon as it prints just username (not full link) and the verification is special cased in Mastodon. I think it would be a good idea if Mastodon supported Keyoxide natively too - it's more decentralized and true to the open nature. If you think it's a good idea too you could vote / comment in here: https://github.com/tootsuite/mastodon/issues/14770 (haha, just noted that it's you @KubikPixel that created the issue :D )
yarmo commented 2 years ago
Owner

I think I can close this issue for now. I created separate issues for each of the service providers mentioned above:

keyoxide/doipjs#4 Keybase
keyoxide/doipjs#5 Matrix
keyoxide/doipjs#6 Telegram
keyoxide/doipjs#7 Threema
keyoxide/doipjs#8 Linkedin

Pixelfed is already supported as well as Mastodon using links instead of fingerprints.

Only unsolved issue is that of the Mastodon links not being green and "verified". Created a separate issue for that: keyoxide/web#57

I think I can close this issue for now. I created separate issues for each of the service providers mentioned above: https://codeberg.org/keyoxide/doipjs/issues/4 Keybase https://codeberg.org/keyoxide/doipjs/issues/5 Matrix https://codeberg.org/keyoxide/doipjs/issues/6 Telegram https://codeberg.org/keyoxide/doipjs/issues/7 Threema https://codeberg.org/keyoxide/doipjs/issues/8 Linkedin Pixelfed is already supported as well as Mastodon using links instead of fingerprints. Only unsolved issue is that of the Mastodon links not being green and "verified". Created a separate issue for that: https://codeberg.org/keyoxide/web/issues/57
👍 1
yarmo closed this issue 2 years ago
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
Labels
Apply labels
Clear labels
bug
Something is not working duplicate
This issue or pull request already exists enhancement
New feature help wanted
Need some help invalid
Something is wrong low hanging fruit
Beginner friendly issues question
More information is needed wontfix
This won't be fixed
No Label bug duplicate enhancement help wanted invalid low hanging fruit question wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
8 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: keyoxide/keyoxide-web#16
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes