#keyoxide — Public Fediverse posts

Breaking! Well, not really, I'm a day late. #Keytrace launched publicly! Keytrace is the alternative to #Keybase for verying your accounts. One could say it's like #Keyoxide too but lives in the ATmosphere network.

Introducing Keytrace — Keytrac...

Breaking! Well, not really, I'm a day late.

#Keytrace launched publicly! Keytrace is the alternative to #Keybase for verying your accounts. One could say it's like #Keyoxide too but lives in the ATmosphere network.

https://keytrace.dev/blog/introducing-keytrace

My #keyoxide proof failed.

I registered for #KeyBase then I thought,,,, certainly there must be some #FOSS etc version, right?

Yes, there is @Keyoxide – but that last time that acct tooted was 2024 and the last time the official blog was updated was 2023!

Is it a dead project? 🤔

Plus, the Getting Started page is intimidating AF for a non-geeky person lime me! https://docs.keyoxide.org/getting-started/creating-profile/

Is there a better FOSS-y KeyBase alternative?

Thx
JD

#Keyoxide #Encryption

spent time creating and adding to my #Keyoxide profile, during which I came across some interesting things popping up. #Anime sites just don't work for me for some reason (#MAL, #Anilist, #Anime-Planet, #Anisocial, etc.). #TikTok has an 80-character limit on their bio.

upon rereading that and reflecting on the tone: i actually like keyoxide in general.

What are the current best practices for setting up proofs of your online identity? I've seen people on Mastodon using https://keyoxide.org/ for that, is it the right thing to use, and should I use it with GPG keys?

Also what's the best practice for setting up the key/identity for multiple machines? Should I just copy the private key around, or there are better ways of doing that?

#openpgp #gpg #keyoxide #onlineidentity #pgp #fedihelp

***** Important information for my
***** followers on a personal matter

My account moved!

My current account: @oszy
My old account: @osz

Both accounts are verified in my #Keyoxide profile:

https://keyoxide.org/aspe%3Akeyoxide.org%3AS2X77NV7IN6YE6P553PE7YA2NI

Please make sure to follow this account, if you still want to follow me.

***** Important information for my
***** followers on a personal matter

Now that I have your attention...
I"moving my account to another instance, soon!

This account: @osz
My new account: @oszy

Both accounts are verifid in my #Keyoxide profile:

https://keyoxide.org/aspe%3Akeyoxide.org%3AS2X77NV7IN6YE6P553PE7YA2NI

If everything goes well, we'll see each other again over there. 😉🤘

Twitter/X: come verificare la tua identità senza pagare con Mastodon

https://emanuelegori.uno/twitter-x-come-verificare-la-tua-identita-senza-pagare-con-mastodon/

@randahl
It won't stop trolls from continuing to troll, but I can recommend @keyoxide . It's "a decentralized tool to create and verify decentralized online identities."

"[...]

Just like passports for real-life identities, Keyoxide can be used to verify the online identity of people to make sure one is interacting with whom they intended to be and not an imposter.

[...]"

This makes it a little easier for others to understand who they are dealing with.

https://keyoxide.org/

#keyoxide

Aaaaaand I've done the manual upgrade from tails 6.x to 7.1 :D A round of applause for the #tails @tails team (which, as I understand it, has merged with the @torproject team #tor). The walk-through steps on the website are straightforward (it feels like a technical writer actually spent some time working with the language and with readers/users to iron out kinks). The on-boarding experience for new installs once you've loaded it up is great too! Setting up a new persistent storage volume and configuring it was a breeze.

I effectively use tails as a not-quite-airgap environment for when I need to fiddle with #pki #pgp #OpenPGP #gpg stuff (I made updates to my public key notations for #KeyOxide @keyoxide). All of that worked flawlessly too, including with a #SmartCard reader.

done; also updated the key notations adding #Keyoxide proofs for my #SourceHut and #Codeberg users

https://keyoxide.org/[email protected]

Just realized my earlier mentions of @keyoxide were invalid because I forgot the domain name suffix, haha. Editing the text post facto apparently won't send a notification in Mastodon.

Posting this reply with a proper mention to hopefully get this thread on their radar!

Thanks again to the #Keyoxide community and to the team behind it! 😄

Just felt like recounting my experience migrating away from #Keybase over to #Keyoxide. Many thanks to the @keyoxide team for the awesome work! ❤️

Please feel free to reply to this thread or in the blog comments with corrections, if I got anything wrong.

Thanks for reading! 🤗

https://eyalkalderon.com/blog/moving-from-keybase-to-keyoxide/

@gimulnautti
You can use #Keyoxide to create a PGP key which will be used to verify your account: https://keyoxide.org Please look in my profile to see how it looks like. This won't prevent your profile or some of its details being copied by ruSSian bots but it's easier for followers to identify the correct account. The bots can do all of this too, of course, but they will often have to do it with their disposable accounts, whereas you only have to do it once. There is also a Keyoxide app.

I made a very rookie error for not exporting my ASP Profile the moment I created it on the Keyoxide Android app... And now my profile is "lost" forever! The app hard crashed on me and reverted to onboarding.😰Hope maybe a @keyoxide admin can help me delete the old profile so I can start a new one? 🙏 #keyoxide #asp #secretkeys #BackupReminder

It's been pretty interesting trying to set up a #Keyoxide profile using the #ASP method instead of #OpenPGP. I used the Keyoxide Android app and it's been pretty easy. Thanks to the team at @keyoxide and @Berker for making such a cool way of verifying #onlineidentities! #decentralization

@aspensmonster @keyoxide @Berker Yes! That's good there's no need for two Keyoxide links (URL and the public key), I didn't know that. I'll try your guide later thanks. But you misunderstood me actually. I'm talking about the profile description inside the #Keyoxide page. When I type a description (it says optional) on the Android client, it shows up twice like this. Idk if it's a bug or supposed to be like that? Looks a bit weird having it repeated. (Berker is the Android client creator.)

It is possible that Mastodon doesn't require a "proof", it just needs that <a rel
link right?

#Mastodon #Keyoxide #MastodonVerification

@shoppingtonz @a @keyoxide #keyoxide

A ha! I think I've found the problem. I created a test ASP profile on keyoxide with just this mastodon account as the claimed identity, done two different ways:

https://keyoxide.org/aspe:keyoxide.org:ZPZNQV5T2BDHSUVEFUINFRS4B4

The first way is the standard way of adding a claim to the ASP profile, by selecting the dropdown of "Mastodon" and putting in your username. This produces a `rel="me"` URL on the profile page that looks like this:

<a rel="me" href="https://tenforward.social/@aspensmonster" aria-label="link to profile">https://tenforward.social/@aspensmonster</a>

This follows the exact format that Mastodon docs say they are looking for in a verification link, and the Mastodon client will respect this and show the link as verified (see my "Keyoxide ASP" metadata block on my profile for proof).

However, if instead of "Mastodon" in the claim creation dropdown I pick "Manual input", and then put in a link to a specific *post* on my account as the claim, then the generated URL is instead:

<a rel="me" href="https://tenforward.social/users/aspensmonster" aria-label="link to profile">https://tenforward.social/users/aspensmonster</a>

Notice how instead of `$instance/@$user`, the format is `$instance/users/$user`. Since this is not what Mastodon expects the format of the verification URL to be, it does not show the URL as verified.

I believe that the `/users/` approach is a more general activitypub approach, and is probably more "AP standard." However, Mastodon specifically doesn't seem to consider that as equivalent.

Three options:

1. Mastodon accepts the /users/ approach and considers the link verified (probably won't happen)
2. Keyoxide tries to determine if the specific AP implementation is Mastodon, and tweaks the URL to be in the expected format (not ideal)
3. Have ASP users only use profile claims and not post claims for Mastodon if they want Mastodon's green checkmark (easiest).

For @shoppingtonz , the easiest thing for you to do would be to remove the post claim that you have on your ASP profile, and use the standard "Mastodon" dropdown instead. Then, the green verification bar and check should work for you too.

@lynnesbian #keybase may be dead in the water, but #keyoxide is still around at least

@Xeniax Totally nerdsniped :D I'd love to be a part of the study.

I don't think that #KeyServers are dead. I think they evolved into Verifying Key Servers (VKS), like the one run by a few folks from the OpenPGP ecosystem at https://keys.openpgp.org/about . More generally, I believe that #PGP / #GPG / #OpenPGP retains important use-cases where accountability is prioritized, as contrasted with ecosystems (like #Matrix, #SignalMessenger) where deniability (and Perfect Forward Secrecy generally) is prioritized. Further, PGP can still serve to bootstrap those other ecosystems by way of signature notations (see the #KeyOxide project).

Ultimately, the needs of asynchronous and synchronous cryptographic systems are, at certain design points, mutually exclusive (in my amateur estimation, anyway). I don't think that implies that email encryption is somehow a dead-end or pointless. Email merely, by virtue of being an asynchronous protocol, cannot meaningfully offer PFS (or can it? Some smart people over at crypto.stackexchange.com seem to think there might be papers floating around that can get at it: https://crypto.stackexchange.com/questions/9268/is-asynchronous-perfect-forward-secrecy-possible).

To me, the killer feature of PGP is actually not encryption per se. It's certification, signatures, and authentication/authorization. I'm more concerned with "so-and-so definitely said/attested to this" than "i need to keep what so-and-so said strictly private/confidential forever and ever." What smaller countries like Croatia have done with #PKI leaves me green with envy.

Introducing WKD Tester – a free, open-source tool for testing OpenPGP Web Key Directory implementations! I built it to help out with the Keyoxide project, making it easier to generate lookup URIs and discover keys on the fly. Check it out at https://wkd.dp42.dev.

#OpenPGP #WKD #opensource #cybersecurity #Keyoxide

You may have noticed that I updated my #Keyoxide profile link in various places. That was legit – my old RSA #OpenPGP key had expired back in early November without me noticing, and yesterday, I created a new #ed25519 key. If you still see my old Keyoxide link somewhere, please tell me. #pgp #rsa

🔗 https://keyoxide.org/FEF07E34F003F58EF486E744A49FCA80F5B7DE61

First, however, I had to manually update #GPG to version 2.4 by compiling it from source. 🤡

🔗 https://www.procustodibus.com/blog/2023/02/gpg-2-4-on-ubuntu-22-04/

QT https://fed.brid.gy/r/https://bsky.app/profile/did:plc:dxkyhpbv4bsktz3x2yp6m2rz/post/3lcvpgpgnu22j

I stumbled across Keyoxide today. I gave it a shot, created and uploaded an ASP [1]. Now I have my own profile [2] that verifies some of my identities, neat! Adding my mail throws an error message though. I use WKD to publish my OpenPGP key [3]. I learned that my mail address is therefore already discovered by keyoxide.org [4], can't be used twice as it seems.

[1] https://asp.keyoxide.org
[2] https://keyoxide.org/aspe:keyoxide.org:CDKSMZK6K2WIQFSXRLHXVRIJ6E
[3] https://dominik.wombacher.cc/posts/my-gpg-key-is-now-available-via-web-key-directory-wkd.html
[4] https://keyoxide.org/dominik@wombacher.cc

#keyoxide #openpg #wkd

Schon klar, warum sich verschlüsselte E-Mail nicht durchsetzen.

Ich dachte, wissend und vorbereitet zu sein, doch ich irrte. Vergeblich schlage ich mich seit Stunden mit #gpg, #keyoxide und #Schlüssel herum und drehe mich inzwischen im Kreis. Keine Ahnung, woran es hakt, dass ich eine verschlüsselte Mail nicht öffnen kann. Und bevor ich zum HB-Männchen mutiere, lasse ich es bleiben und rufe allen Verweigerern zu: Ich verstehe euch!

Verschlüsselung? Rutsch mir doch den Buckel runter 😡

Another set of sshd-openpgp-auth and ssh-openpgp-auth releases is out:
This server and client-side tooling for managing the #authentication of #SSH host keys with the help of an #OpenPGP #certificate as trust anchor is now feature complete.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #PGPKI #Rust #Rustlang #Software #SSH #WebKeyDirectory #WebOfTrust #WKD #WoT

Another set of sshd-openpgp-auth and ssh-openpgp-auth releases is out:
This server and client-side tooling for managing the #authentication of #SSH host keys with the help of an #OpenPGP #certificate as trust anchor is now feature complete.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #PGPKI #Rust #Rustlang #Software #SSH #WebKeyDirectory #WebOfTrust #WKD #WoT

Another set of sshd-openpgp-auth and ssh-openpgp-auth releases is out:
This server and client-side tooling for managing the #authentication of #SSH host keys with the help of an #OpenPGP #certificate as trust anchor is now feature complete.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #PGPKI #Rust #Rustlang #Software #SSH #WebKeyDirectory #WebOfTrust #WKD #WoT

Another set of sshd-openpgp-auth and ssh-openpgp-auth releases is out:
This server and client-side tooling for managing the #authentication of #SSH host keys with the help of an #OpenPGP #certificate as trust anchor is now feature complete.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #PGPKI #Rust #Rustlang #Software #SSH #WebKeyDirectory #WebOfTrust #WKD #WoT

Another set of sshd-openpgp-auth and ssh-openpgp-auth releases is out:
This server and client-side tooling for managing the #authentication of #SSH host keys with the help of an #OpenPGP #certificate as trust anchor is now feature complete.
https://crates.io/crates/sshd-openpgp-auth
https://crates.io/crates/ssh-openpgp-auth
Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!
#DNS #KeyOxide #KnownHosts #OpenSSH #PGPKI #Rust #Rustlang #Software #SSH #WebKeyDirectory #WebOfTrust #WKD #WoT

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

https://crates.io/crates/sshd-openpgp-auth

https://crates.io/crates/ssh-openpgp-auth

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

https://crates.io/crates/sshd-openpgp-auth

https://crates.io/crates/ssh-openpgp-auth

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

https://crates.io/crates/sshd-openpgp-auth

https://crates.io/crates/ssh-openpgp-auth

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

https://crates.io/crates/sshd-openpgp-auth

https://crates.io/crates/ssh-openpgp-auth

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT

We have just issued the first #release of #sshd-openpgp-auth and #ssh-openpgp-auth.

Using this server and client-side tooling it is possible to manage the #authentication of #SSH host keys with the help of an #OpenPGP certificate as trust anchor.

https://crates.io/crates/sshd-openpgp-auth

https://crates.io/crates/ssh-openpgp-auth

Many thanks to @wiktor for the great collaboration and #NLnet / #NGIAssure for funding this work!

#DNS #KeyOxide #KnownHosts #OpenSSH #Rustlang #Software #WebKeyDirectory #WebOfTrust #WKD #WoT

#TIL about another online identify verifier, #Keyoxide. Quite a lift! But I did get it going with the help of a few Mastodonians and this guide from @sbr

Pixelfed is still giving me problems, but I'm done for the day.

Next up, understanding the #Gravatar, #Libravatar, #Ivatar

https://www.rockyourcode.com/verify-your-online-accounts-with-keyoxide/

## Two Dixie Cups and a piece of string

### Oh my goodness\!

Okay first of all, I use #Matrix and #Jabber - #XMPP w/ #OMEMO, primarily.

I typically don't even regularly give out my email address nowadays, and more and more over the past four years or so, find myself publishing a #Fediverse address for myself too as a contact point.

Most often, if you ask me for my #email address I'll give you my Matrix address.

If someone wants to email me then I figure they can get that from my #PGP fingerprint or #Keyoxide.

If they don't know what a #keyserver is or where any of them are located then I just figure they're to dumb to use email.

Yes. As a technologist, I'm at times, rather arrogant, opinionated, discriminatory, and condescending... But only sometimes. The rest of the time I'm patient, attentive, empathetic, and accommodating.

Basically, if i know you don't know shit I'm a nice guy, yet if you pretend to be an all that jazz hipster know it all, then it's quite likely you'll find that I'm pretty much a full on dikhed. Spelled just like that too.

Beginning in the later eighties I think, and then the nineties they called us #BOFH. That's an acronym for someone who might already have forgotten more than you will ever know. I knew a few old Mainframe engineers with Honeywell and IBM when I was a young programmer - those guys were Gods and could tell you how many wraps of copper to make around a toroid if you had an emergency and needed to make an in the field replacement of your memory - Gods. #SuperFreakyGeeks, having already, back then, forgotten more than you or I will ever know.

They called me #Whizkid, coz I was learning shit that they were never gonna bother with - they're gonna retire soon in Mexico with boats, babes, and beers.

But I digress. I do that.

### Back to secure communications...

When it comes to Signal, I know a lot of you really like it. I have little use for it. It bleeds my DID and farms everyone's contact databases - "bing! Ex stalker bitch girlfriend just joined signal. Say hello!" What the fuck?

Well I guess she's still got me in her contacts lolz. Fuckin' bitch.

### Ummm... Yeah I'll pass.

I actually only use Signal with people who already have my #DID (phone number) anyway.

Recently, a colleague flew a cray cray route to Thailand, via #LAX to #NYC, then #Qatar. Signal works on jetliner's #WiFi too, and isn't dependant on cellular services.

Good choice, but I'm still wondering why his "safety number" changed after he departed #New_York and before arriving in #Thailand - he neither reinstalled nor switched to a new device. But that's another matter.

Sounds a little cloak & dagger fishy to me.

Anyway, I hadn't actually used #Signal in a while, and left it muted for a few months.

To my surprise... #Stories! Yay! Stories!

Wait, what are Stories? You mean like #YouTube or #InstaSPAM? And I'm assuming like they have in #Whaaaasup (never used it, never will)?

Ummm... I just tucked that little nugget of, I guess, good news away, not really knowing even how to process news of the introduction of such a useless fucking feature.

Until now.

Without further adieu, I defer to @how , one of our more prominently distinguished members in the Fediverse community, for his novel, clever, and appropriate recommendation:

https://ps.s10y.eu/@how/109308591992363124

#tallship #FOSS #communications #privacy #shenanigans

⛵

.

Added some verifications on #keyoxide - not entirely sure if it'll be useful, but #playingAround

https://keyoxide.org/[email protected]

Mastodon Konto verifizieren mit GPG

Mittels Keyoxide kann eine dezentrale sichere Online-Identität gebildet werden, die sich beispielsweise zur Verifizierung eines Mastodon Accounts eignet.

#Mastodon #Verifikation #Verifizierung #GPG #Keyserver #Keyoxide #neuhier #Linux

https://gnulinux.ch/mastodon-konto-verifizieren-mit-gpg

@cameron @jamescridland

Where are these discussions taking place?

And what's wrong with email? I suppose using #ETH addresses for login, or #RetroShare, something like that might work, but you're still tied to DNS otherwise if that is the big beef with email... Just speculating though, which is why I asked.

If #DNS isn't the offender, then perhaps the simplest would be #Keyoxide, #Matrix, #Fediverse address or #XMPP account verification?

https://github.com/Cameron-IPFSPodcasting/podcastnode-Umbrel

#tallship #FOSS #IPFS #IPNS

@darius

Almost forgot to mention Darius, #Keyoxide is perhaps the best method for verification in today's #DeSoc world of the #Fediverse and even the deprecated legacy monolithic silos like #Faceplant, #Twatter, #InstaSPAM, etc.

@keyoxide

https://fosstodon.org/@keyoxide

I hope that helps! Enjoy 🙂

#tallship #FOSS #identity #cryptographic_proofs

⛵

.

## Hi, it’s #me, Volkan ##

About Me
https://volkan.io

My #articles and #ScreenCasts:
https://zerotohero.dev/

My #music:
https://youtube.com/@SeeTheMusic

#gpg #keyoxide
https://keyoxide.org/BEEA40682AB610C720ABB8E5D70523FA4A63DFB7

@sotolf @dyamon hey there, thanks for the summoning 🙂

Happy to see you found my project. #keyoxide is a partial replacement for the now largely abandoned #keybase.

They had a great idea (identity) but because of #venturecapitalism they had to build additional services (storage, social network, git) in order to get an out.

Keyoxide does one thing and does it well. And, of course, in a fully open source manner. Decentralized, open standards and no blockchains.