A short update to help me remember the recent technical tasks I’ve completed for the site.
First, a couple months ago I got a subdomain set up for my genealogy research, which can now be found at genealogy.steinea.ca. After a bit of research, it turned out to be fairly straight forward. I created a separate complete site repository on GitLab, and then went through the process of deploying the site on Netlify, as I originally described in this post. Then, I went into my DNS records on Hover, created a CNAME record with the hostname genealogy and the target name set to the default Netlify URL for the new site. Then, in the production domains settings in Netlify, I added a new domain alias for genealogy.steinea.ca and set it to primary. After a few minutes to propagate, the new subdomain was live.
Second, I’ve been getting back into doing IndieWeb research, and starting to look at the process of indiewebifying my site. The first step after publishing your own website on your own domain is set up web sign in with IndieAuth, and I saw that one of the options for signing in to IndieAuth is with PGP. This reminded me that I’d been meaning to do some updates to my PGP profile on Keyoxide, and so I had to read through some documentation to remind myself how GPG notation works.
The documentation for Keyoxide has been updated and is now, at least for me, very confusing. However, thanks to the wonder that is the Wayback Machine, I was able to recover the pages of the original links I saved and follow the steps as outlined there, which are still valid. To add claims, simply follow the steps detailed for your site of choice. I needed to set up claims for GitLab, Mastodon, and DNS (I had previously created GitHub and Twitter claims). For GitLab, you simply create a new repository gitlab_proof with openpgp4fpr:FINGERPRINT in the description, and then add the matching notation to your gpg key. For my own memory, this involves the following steps:
gpg --edit-key FINGERPRINTnotationproof@ariadne.id=https://gitlab.example.com/USERNAME/gitlab_proofsavegpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
Similarly, for Mastodon (ActivityPub), you can either add a metadata tag for PGP with your fingerprint, or for Keyoxide with your profile URL. I chose the latter option, and then followed the same steps as above to publish the notation, except for the proof line which needed to be:
proof@ariadne.id=https://INSTANCE.ORG/@USERNAME
Finally, for DNS, the steps are slightly different to get the proof set up, but not all that difficult. Once again, I went to my DNS records on Hover, but this time created a TXT record with the hostname www and the content openpgp4fpr:FINGERPRINT. Then, follow the same sequence as above, but replace the proof line with:
proof@ariadne.id=dns:DOMAIN?type=TXT
This propagated almost instantly and is now verifiable on my Keyoxide profile along with my other proofs. Deleting a claim is similarly easy. To do so, follow these steps:
gpg --edit-key FINGERPRINTnotation-proof@ariadne.id=dns:yourdomain.org?type=TXTsavegpg --keyserver hkps://keys.openpgp.org --send-keys FINGERPRINT
In case it’s hard to tell, simply preface the proof with a - (minus) sign, and then save and publish, and the proof will be removed from both key and profile.
Third, and finally, I got IndieAuth set up. All that needed to be done here was to upload a copy of my public PGP key to my site, and then add a link in the header of my default Jekyll layout pointing to the key. This looks like the following:
<link rel="me" rel="pgpkey" href="/publickey.asc">
I originally didn’t include the rel="me" and testing worked fine on IndieLogin. However, login did not work on IndieWebify.Me so I added the additional rel="me" attribute to the link. This also didn’t work, and nor, with further testing, did IndieAuth.com. It seems this is at least in part due to the deprecation due to naming confusion of the IndieAuth site, and IndieLogin is the new current service. For more on web sign-in in general, see the wiki page.
On IndieLogin, I was immediately prompted with a string to sign using my PGP key. I tried signing a file INPUT.txt with Kleopatra, but even deselecting the option to encrypt, no matter the file extension, the output was a garbled binary file. I couldn’t find a work around, so I just did it the old fashioned way in the command line:
gpg --clearsign -o SIGNED.txt INPUT.txt
I copied the complete output from the resulting text file, pasted it into the challenge field on IndieLogin, and successfully validated that web sign-in is working on my site. My IndieWeb journey has begun!