[tech] Integrity checks for Gemini pages
ew.gemini at nassur.net
Wed May 19 08:40:16 BST 2021
Almaember <almaember at disroot.org> writes:
> Hello, everybody!
> I know that there is no way in Gemini right now to check the integrity
> of pages. However, it would be nice for this to possible.
Integrity in the sense of "the file remained unchanged in
transit"? TLS should take care of that. In the sense "the file
is the one that the original author intented it to be"?
There are at least two attempts to deal with this:
If you dare to check my capsule at
There are two links to openbsd-signify and NetSigil.
When I publish a post, my Makefile takes care to create
corresponding sha256 checksums. They are concatenated into one
file, which is then signed using my gpg key. That's one option.
The same information is packaged differently to
.well-known/signature-bundle. This file is created using
There are a few threads on the mailing list, too ...
Also see my first post about experimenting with this:
There are two parts to this, as I see it.
Create the checksums/signature in some agreed upon format.
Everyone editing a capsule has to do this. While a bit tedious,
it still can be done manually on the shell (unix type
Upon user request browsers have to check these agreed upon
locations, download the signed file, possibly download the
public key, cache these things properly and then do the
verification. I am not aware that any gemini browsers have
picked this up. But of course, I would be pleased to be proven
Hope this helps,
Keep it simple!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 861 bytes
Desc: not available
More information about the Gemini