Verifying profiles
Verifying an OpenPGP profile
Fingerprint identifier
OpenPGP profiles are typically identified by a cryptographic key's fingerprint. The fingerprint — as the name suggests — uniquely identifies the key. Here's an example of a fingerprint:
3637202523e7c1309ab79e99ef2dc5827b445f4b
Go to the keyoxide.org/3637202523e7c1309ab79e99ef2dc5827b445f4b page. The website will automatically find the public key for you and start the identity verification process.
Email address identifier
A different identifier is the email address associated with the OpenPGP key.
Go to the keyoxide.org/hkp/test@doip.rocks page. The website will automatically find the public key for you and start the identity claims verification process.
An email address identifier can also be used to obtain a public key not via keyservers but the so-called Web Key Directory protocol, used to fetch public keys directly from private domains.
Go to the keyoxide.org/test@doip.rocks page. The website will automatically find the public key for you and start the identity verification process.
Keyoxide URLs specify how the website should fetch the key: keyoxide.org/hkp/…
will use keyservers, keyoxide.org/wkd/…
will use the WKD protocol. If no protocol is specified, a keyserver will be used for fingerprints. For email addresses, it will first try the WKD protocol and fall back to the keyserver.
Verifying a signature profile
Here's what a signature profile looks like:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hey there! Here's a signature profile with proofs related to the DOIP project (https://doip.rocks).
Verify this profile at https://keyoxide.org/sig
proof=dns:doip.rocks
proof=https://fosstodon.org/@keyoxide
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEENjcgJSPnwTCat56Z7y3FgntEX0sFAl/7L0MQHHRlc3RAZG9p
cC5yb2NrcwAKCRDvLcWCe0RfS3iYC/0QQqz2lzSNrkApdIN9OJFfd/sP2qeGr/uH
98YHa+ucwBxer6yrAaTYYuBJg1uyzdxQhqF2jWno7FwN4crnj15AN5XGemjpmqat
py9wG6vCVjC81q/BWMIMZ7RJ/m8F8Kz556xHiU8KbqLNDqFVcT35/PhJsw71XVCI
N3HgrgD7CY/vIsZ3WIH7mne3q9O7X4TJQtFoZZ/l9lKj7qk3LrSFnL6q+JxUr2Im
xfYZKaSz6lmLf+vfPc59JuQtV1z0HSNDQkpKEjmLeIlc+ZNAdSQRjkfi+UDK7eKV
KGOlkcslroJO6rT3ruqx9L3hHtrM8dKQFgtRSaofB51HCyhNzmipbBHnLnKQrcf6
o8nn9OkP7F9NfbBE6xYIUCkgnv1lQbzeXsLLVuEKMW8bvZOmI7jTcthqnwzEIHj/
G4p+zPGgO+6Pzuhn47fxH+QZ0KPA8o2vx0DvOkZT6HEqG+EqpIoC/a7wD68n789c
K2NLCVb9oIGarPfhIdPV3QbrA5eXRRQ=
=QyNy
-----END PGP SIGNATURE-----
Go to the keyoxide.org/sig page, copy and paste the signature in the field and press the button to view the Keyoxide profile and verify its associated identity claims.