Proofs are extracted from OpenPGP self-signature notations using key and then matched to the data in proofs.json file. Proof validation logic is designed to be as simple as possible. After the gist has been created a notation needs to be added to OpenPGP key that points to the proof document:Įnter the notation: notations on user ID "Test McTestington "Īdding notation: the key to keyservers if you want others to be able to verify your proofs (this is not strictly needed). Proof documents can be added using platform specific editors only at the moment (for example GitHub gists). If all checks succeed then the proof is considered validated. This is compared to a claim, that in this case is USERNAME that has been extracted from the URL.
The proof document is then fetched with appropriate headers and a number of checks, also defined in proofs.json is performed.Ĭhecks always extract a piece of data from the JSON document by recursively extracing objects by keys.įor example the first check extracts owner object and then, from that object login key ( ). Or proof URL, that points to the JSON representation of the proof document: These groups can be used to construct other elements, such as profile URL: It is matched to first entry in proofs.json, this regular expression:Ĭapturing groups are assigned names, in this case first group is a USERNAME and the second PROOFID. One additional document: proofs.json is needed for validators to properly handle proof URIs. These documents contain back-link data pointing to an OpenPGP key. Proof URIs are converted to URLs that are used to fetch JSON documents. (Inspect proofs from command line by using gpg -list-options show-notations -list-sigs D8E8F074 | grep proof). Proofs are URIs to documents hosted on third-party sites (such as ) that can be used by proof-validating clients to check if the key owner has access to given social account.
See also online version at Technical details If this is a person you were looking for you can locally sign the key:
0 kommentar(er)
