It's finally here, teasing is over:

I'm excited to launch #keyoxide today!

yarmo.eu/post/keyoxide

#FOSS solution for easy encryption, signature verification and decentralized identity proofs!

I've been in favor of #DeleteKeybase but I never had something to offer as an alternative. Now I do :)

@yarmo

Interesting tool, good for self-hosting.

Where does cryptography happen? On the browser or on the server?

@Shamar (almost) fully in the browser. Some like it, some don't.

"Almost" because websites fight you a little bit when trying to prove someone's identity. In these rare cases, the server handles the verification process.

Other than that, everything related to encrypt and signature verification, all happens in the browser!

@yarmo

Fine thanks!

A question: did you consider to separate the crypto functionality that can be executed in the browser and the identity related ones in two different applications?

While I don't like crypto done in Javascript, I think a clear separation of concerns would reduce the attack surface.

@Shamar Those concerns are valid. There are definitely plans to make a CLI tool for the distributed identity proofs. I suppose such a tool could be the backbone of the proof verification displayed online. Would that solve your concerns or is even more separation needed?

Follow

@yarmo

Actually a clear separation between encryption&signing on one side and identity management in the other would allow to separate packaging, deployment and upgrade.

For example you could install the browser-only system on a server that do not provide any serverside scripting.

This would reduce the attack surface both for the server and for the visitor.

It's not safe(TM) anyway, but it could be useful in some self-hosted system.

@Shamar right! So I should make an API, basically? Every website, my own or anyone else's, can request to verify the proofs of a key. That's the idea right? I could see that happening

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.