Easier GitHub proofs
Utilize the fact that for any user name one can construct a URL that fetches the OpenPGP key already stored in GitHub (e.g. https://github.com/wiktor-k.gpg ). Verify if the fingerprint of the fetched key is the same as the current one.
Thus we only need the notations on the key... let's call it... gist-less GitHub proofs!
Just an idea for when the backlog dries ;)
Sadly, a drying backlog is not a thing ;)
Smart! So you upload your public key to github and we just check whether that key has the same fingerprint as the profile key? That sounds like the endgame of cryptographic identity verification!
Shouldn't be too difficult to implement.
Actually GitLab supports the same URL scheme GitHub uses:
To view a user’s public GPG key, you can:
- Go to
- Select View public GPG keys in the top right of the user’s profile.
$ curl -sL https://invent.kde.org/ngraham.gpg | gpg gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096 2021-04-01 [SC] 1B60D5E4692092B3E41E737E3C452E1BBF06A76F uid Nate Graham <firstname.lastname@example.org> sub rsa4096 2021-04-01 [E]
Gitea supports this too:
$ curl -sL https://codeberg.org/yarmo.gpg | gpg - gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096 2019-07-10 [SC] 9F0048AC0B23301E1F77E994909F6BD6F80F485D uid Yarmo Mackenbach <email@example.com> sub rsa3072 2019-07-10 [E] sub rsa4096 2019-08-16 [S]
Wow, this is very interesting @ShadowRZ! Bad news is that doip.js seems the be designed around JSON proofs but if multiple forges already support this standard then this might be something worth the work.
IIRC Facebook also has a "GPG key" download link but I don't have an account to verify (nor a link to account that has this set up).
Interesting indeed! Well, I think this method should be supported and promoted, it would be great if more service providers allowed uploading a public key.
There is currently work underway to create a spec in the form of a living document that describes the entire keyoxide/doip process. This must be somehow integrated in there.
I'll come back to this thread once the living document is up.
Deleting a branch is permanent. It CANNOT be undone. Continue?