💾 Archived View for rawtext.club › ~sloum › geminilist › 005550.gmi captured on 2024-02-05 at 11:09:38. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Christophe HENRY listes at sbgodin.fr
Tue Feb 23 23:10:48 GMT 2021
- - - - - - - - - - - - - - - - - - -
Hi all!
This is a proposal to add signature capability to any page ordirectory. Indeed, this could also be applicable to an HTML service.The point is, with Gemini, that the page you get on Gemini is just likeit appears to be.
You may need to publish and be sure that like people can check thepages. People may want to be sure that the text was signed by itsalleged author.
gpg --detach-sign --armor --output index.gmi.sig index.gmi
The file "index.gmi" is signed using the current certificate. Thesignature is a binary file.
gpg --verify index.gmi.sig index.gmi
The command checks the signature and returns the date and the key used.
sha256sum directory/* | gpg --clear-sign --output directory.sig
All the file of "directory" are sha256-sumed. The results go in a file that is signed.
./chapter_1.gmi./chapter_1.sig./chapter_2.gmi./chapter_2.sig
./page.gmi./page.gmi.sig/./page.gmi.sig/{sha256 of the signed file}-{fingerprint of the signing key #1}.sig./page.gmi.sig/{sha256 of the signed file}-{fingerprint of the signing key #2}.sig
./mybook/chapter_1.gmi./mybook/chapter_2.gmi./mybook.sig
./mybook/chapter_1.gmi./mybook/chapter_2.gmi./mybook.sig/ : {sha256 of the signed file list}-{fingerprint of thesigning key #1}.sig /mybook.sig/ : {sha256 of the signed filelist}-{fingerprint of the signing key #2}.sig
Signatures discovery for ./directory/page.gmi :
1. ./directory/page.gmi.sig # one signature2. ./directory/page.gmi.sig/ # several signatures for one page3. ./directory.sig # all the files of the directory for one signature4. ./directory.sig/ # all the files of the directory for several signatures
In such a case, the server must return a directory index or a"index.gmi" containing all the links for the signatures.
The writer signs the files before publishing them. The server may alsogenerate the signature on the fly ; it regenerates the signature if thefile is newer than the signature.
Thanks in advance for all point of view and remarks!
-- Christophe HENRYFR EO EN - https://sbgodin.fr-------------- next part --------------A non-text attachment was scrubbed...Name: not availableType: application/pgp-signatureSize: 833 bytesDesc: Signature digitale OpenPGPURL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210224/e176874f/attachment-0001.sig>