I'd like to introduce a new #foss project: Open PGP Signature Verification or OPSV.
This eliminates the need to rely on #keybase verify function and, therefore, keybase at all.
Website: https://opsv.foss.guru/
Code on @codeberg: https://codeberg.org/yarmo/opsv
Public stats by #plausible: https://plausible.io/opsv.foss.guru
Time to #DeleteKeybase once and for all
@yarmo Why does it allow only clear-signed messages? π€
@kravietz as opposed to detached signatures? I've yet to implement it, it's a minor tweak, just gotta do it.
Or did you mean something else?
@yarmo But this doesn't (gpg --armor --sign) but this is just the same signature, just with the plaintext signed message embedded inside
-----BEGIN PGP MESSAGE-----
owGbwMvMwCVmtF7e8sg75k+Mp7mTGOJef/hcklpcwtVRysIgxsUgK6bIkl+dvXPl
NqPQOCnmgzDFrExAlV8YuDgFYCKurAz/zF6LH1nDe+vk+mVn73LdD5PSkT3+ZMsz
qU9qPPLT0uQdTzP8L1u4re2G9bojezsZZVb9bdw4e73DyfvNV6zu3JNdO80+lAsA
=+VXF
-----END PGP MESSAGE-----
Error: No cleartext signed message.
@kravietz Fixed it! Both types of inputs are supported and correctly verified! I guess I need to extract the embedded message now!
@kravietz is it even possible to extract the text? Does it need a private key to decrypt the message first?
No, this PGP MESSAGE is just a wrapper for OpenPGP packets and in this case the packets only contain signed (but not encrypted) content.
@kravietz "Error: Error during parsing. This message / key probably does not conform to a valid OpenPGP format." π€
Correct, it was! π That's great service and I'm definitely including into my standard "tools for regular humans" pack π
@kravietz it can now also detect userId and keyId making it a truly one-click service (no input of public key needed). Of course, in the case of keyId alone, the website urges you to find another of verifying the keyId or fingerprint to confirm authenticity of signer.
@kravietz thanks! I bet there's an option somewhere to enable that, will look into!