[tech] Signing Gemini capsules

nervuri nervuri at disroot.org
Mon Mar 22 11:28:31 GMT 2021

On Sun, Mar 07, 2021, Francesco Camuffo wrote:
>I made a very basic proof-of-concept program [1] to check the signify
>signature of a resource.
>[1] https://git.sr.ht/~fmac/gemisign


This made my day when you posted it.  I finally got around to trying it
out (compiling gmni+BearSSL was a pain), tested it and found that it
works well, once all the pieces are in place.  Thanks for taking the
initial steps!  And sorry for replying so late.

My recommendation is to merge key.pub, SHA256SUMS and SHA256SUMS.sig
into a single file, to reduce the number of network requests.  I
considered concatenating them within a plaintext file (using a separator
like "~~~"), but then I discovered signify's -z option, which signs a
gzip archive and embeds the signature in the gzip header.  GPG can do
something similar - see `gpgtar`.

Using an archive in this way has several benefits:

* compression (which actually matters if you have a big SHA256SUMS file
with long, repeating paths)
* an elegant way to bundle as many files as we need; for instance, we
could add `key-sources` later on
* no separate signature file(s)

I suggest `.well-known/signature-bundle` as the standard location for
the signed archive.  It's important for this file *not* to have an
extension, because the archive format might change later on, as software

I wrote an implementation in POSIX Shell:


I'm using it to sign gemini://rawtext.club/~nervuri/ and
https://nervuri.net/.  Remember, none of this is strictly

Verification is not yet implemented, but can be done manually - see the

I intend to put all of this in a spec, after finishing the

If you sign your capsules, please let me know.  I'd like to make a
public list of signed capsules/websites/gopherholes and their keys.

P.S.  I learned recently that there are established ways to publish PGP
keys, both under .well-known and as DNS records, see:


More information about the Gemini mailing list