[tech] Geminipg: using Gnupg to sign Gemini pages and directories

nervuri nervuri at disroot.org
Wed Feb 24 19:59:52 GMT 2021

I really like what you're trying to achieve, but maybe we can find a
solution than doesn't involve all those extra files / network requests.

Why not use a single SHA256SUMS file for all files on the capsule?  We
could put it in .well-known and sign it.  To generate it, we only need
a simple script that runs sha256sum recursively.  We end up with:


A proof-of-concept client can also be a relatively simple shell script:

./verify.sh gemini://capsule.org/~user/file

It would first download the 3 well-known files, check the signature of
SHA256SUMS and keep it locally, along with the key.  Then it can verify
any file on gemini://capsule.org/~user/ without making additional
network requests.  On hash mismatch, it would check if SHA256SUMS
changed on the server.  It would apply TOFU on key.pub.  It could output
gemtext to stdout, to be piped into a client that renders it nicely.

Note that in this example, .well-known is under ~user, not directly
under capsule.org.  This is to account for multi-user systems
(pubnixes/tilde communities).

The 3 files can be merged into one, because why not?  So this system
involves one extra network request every once in a while, which makes
the client stand out fingerprinting-wise.  This slight privacy trade-off
is something to keep in mind when you use this feature - maybe only use
it sparingly, when you need the extra security.

That's it, in short.  It would work the same way on gemini, gopher and
the web.  I'll probably code this if nobody does it before me.

I also want to explore the idea of a signed "key-sources" file
containing links to the public key from multiple sources, for
cross-checking in case the key changes.  Not sure how this would work
exactly, I need to give it more thought.

Instead of GPG, I recommend OpenBSD's signify [1], which gives us nice
and short Ed25519 keys and signatures.  It's also available on GNU/Linux
(in Debian, `apt install signify-openbsd`).

There is already a good solution for page signing on the web [2], made
by the developer of EteSync (great guy).  The problem of included files
is solved by subresource integrity [3].

[1] https://man.openbsd.org/signify
[2] https://stosb.com/blog/signed-web-pages/
[3] https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

> Several signatures for one file

I don't think multiple signatures are worth the added complexity.  But
I'm curious if you have arguments to the contrary.

More information about the Gemini mailing list