Understanding Keyoxide

Identity proof formats

The different formats

Identity proofs, the things that verify identity claims, can come in different forms. When adding new identity claims, always consult the documentation on this site for that specific service provider as some of them may not support all the different proof formats.


The simplest format is the URI:

# Example:

Just add your key's fingerprint in URI form directly where needed.

Here is how to obtain the FINGERPRINT_URI.

Hashed URI

It is possible to hash the FINGERPRINT_URI to conceal the fingerprint:

Compute a hash

# Example:
# is the concealed equivalent to:

Supported hashing algorithms: argon2 and bcrypt.

Here is how to obtain the FINGERPRINT_URI.

Hashing the FINGERPRINT_URI is useful to prevent people to track a proof encountered in the wild back to its profile. Beware this is not an infallible method: if people already know your profile, they could expose the link between the proof and the profile.

More information available in the Hashing identity proofs blog post.


Use the Message format to add some context:

[Verifying my cryptographic key: FINGERPRINT_URI]

Here is how to obtain the FINGERPRINT_URI.

The message itself is not part of the verification, only the FINGERPRINT_URI matters. So feel free to change the message or translate it in a different language.

Profile URL

Use the URL to your Keyoxide profile page as the proof:

Here is how to obtain the FINGERPRINT. The URL may be part of a sentence.

You may also use an Alias URL, which is simply a URL that directly redirects to a Keyoxide profile page. Be sure to use a 301 HTTP redirect and add the Access-Control-Allow-Origin: * header.

If you use a different Keyoxide instance, replace with the instance's domain.

Content licensed under CC BY-NC-SA 4.0.
Last updated: 2022-09-28 15:50 UTC