Description:
My Keyoxide profile previously worked and the GitHub proof was verified.
After changing the primary UID and updating the key signature, the profile page now shows:
No public profile/keys could be found
I already:
Keyserver link:
https://keys.openpgp.org/vks/v1/by-fingerprint/2A3391F72DB6A6E2CB84D1C894BB0A2151DC1C4C
Profile link:
https://keyoxide.org/2A3391F72DB6A6E2CB84D1C894BB0A2151DC1C4C
Name: Taler mailbox
Short description:
GNU Taler enables users to send/request money to/from their friends (P2P feature).
This is done (internally) by sending respective messages to a contact's mailbox.
The mailbox is identified through a URI.
The mailbox can be queries for its metadata.
The metadata has a free for plain text field which could contain a KOX proof.
Website: https://taler.net
API documentation: https://docs.taler.net/core/api-mailbox.html#configuration-information
The $MAILBOX_URI/info/$MAILBOX_ID endpoint is queried to retrieve the Mailbox Metadta JSON.
The info field is parsed for the proof.
This is part of https://nlnet.nl/project/TALER-LookupService/
The tasks below are not completely understood, guidance needed.
The text "example account" links to https://keyoxide.org/hkp/test%40doip.rocks but that page has a failure "Something went wrong while viewing the profile"
Further on, when cutting & pasting the signed message and signature in to https://keyoxide.org/sig - one gets
The following error was reported:
Signature could not be read (readCleartextMessage: options.cleartextMessage must be a string)"
Outdated docs? Broken services / pages?
]]>https://doma.in/@user/postid instead of https://doma.in/@user, it would have https://doma.in/users/user as backlink instead of https://doma.in/@user/. This is trivial and will redirect to the same page, the only problem is that mastodon verification badge does not work anymore because it can only recognize the format of https://doma.in/@user/.https://shar.key/users/userid. This will break the verification badge as well.I'll definitely switch to that
]]>After GitHub and Codeberg, https://keyoxide.org/[email protected] points now to my self-hosted website 🙂
]]>It's kind of weird to have one key verified and then link to stuff in a non-content-addressable way. I suggest at least adding your main key fingerprint in the comment as currently you've reduced the security of this entire scheme to basically "whatever GitHub serves at https://github.com/duxsco/duxsco" (with a nice green checkboxes).
@wiktor After GitHub and Codeberg, https://keyoxide.org/[email protected] points now to my self-hosted website 🙂
]]>example output:
$ ./kx-aspe generate proof
✗ failed to handle profile (reason: no ASPE URI found in profile. It must be uploaded before proofs can be generated)
resolves: #21
]]>It would be interesting to have a warning around how hashed claims may not work when using a browser that has WebAssembly disabled for security reasons.
]]>WebAssembly is needed for Keyoxide to be able to verify hashed claims with Argon2, WebAssembly however can be disabled for security purposes, decreasing attack surface.
Instead of the web app showing that this is a lack of WebAssembly, it will simply fail verification.
My suggestion is be able to detect when WASM isn't available, and warn the user.
]]>Can you merge against dev branch as main should remain stable? Thank you.
@Ryuno-Ki done!
]]>Thank you for the effort.
Can you share where you downloaded the images from? What license is attached?
@Ryuno-Ki From SimpleIcons and the website source.
The logo usage is defined here: https://sourceforge.net/p/forge/documentation/SourceForge%20Logo/
]]>Name: SourceForge
Short description: Centralized source code repository hosting service and software project management site
Website: https://sourceforge.net/
API documentation: REST API Overview
Create page from personal wiki and fetch from https://sourceforge.net/rest/u/<username>/<wikiname>/<pagename>/.
Example response (https://sourceforge.net/u/sitiom/keyoxide/proof/):
{
"_id": "62c95b51354138d6659cb7af",
"mod_date": "2025-10-06 05:26:07.187000",
"labels": [],
"related_artifacts": [],
"discussion_thread": {
"_id": "ddfffbdd9a",
"discussion_id": "62c95b51354138d6659cb7aa",
"subject": "",
"limit": 10,
"page": null,
"posts": []
},
"discussion_thread_url": "https://sourceforge.net/rest/u/sitiom/keyoxide/_discuss/thread/ddfffbdd9a/",
"title": "proof",
"text": "This is an OpenPGP proof that connects [my OpenPGP key](https://keyoxide.org/9763AE10706A1E8FCF74E5AEF6FD3820BCBC1A98) to [this SourceForge account](https://sourceforge.net/u/sitiom). For details check out https://docs.keyoxide.org/wiki/identity-claims-proofs/\r\n\r\n\\[Verifying my OpenPGP key: openpgp4fpr:9763AE10706A1E8FCF74E5AEF6FD3820BCBC1A98]",
"attachments": []
}
Creating an issue from https://community.keyoxide.org/d/37-add-sourceforge, which was from 3 years ago.
Sorry to bring up an old issue, ...
Don't be sorry! This is a bug/issue tracker, not a forum. Issues stay relevant until they are closed.
This is indeed still relevant because nobody worked on it. And yes, the only "workaround" is to use a non-hashed proof. From the comments by @tyy and myself above you can see, that this is due to the fact that the notation field [email protected], which is originally only intended for CLAIMS (which are always non-hashed), is currently misused to hold a proof, which can therefore only be non-hashed. This is a specification problem and can thus not be trivially fixed.
Unfortunately, as the project's main author @yarmo has gone mostly radio silent, I don't know when or even if this is going to be fixed. It's a shame. I had high hopes for the keyoxide project...
]]>?l=....?l=....
Fixes #114.
]]>