How to Set Up Your Online Identity on Keyoxide: A Simple Guide

Tags: #infosec #security

I have used Keyoxide for awhile now to verify my identity so I thought to throw together a step by step instructions in case someone wants to do it themselves.

What You’ll Need

  1. A way to create a PGP key (this is just a fancy term for a digital signature that’s unique to you).
  2. Some of your social media profiles or other online accounts you want to link together with this key.

Step 1: Install a Tool to Create Your PGP Key

To get started, you’ll need an app that can make a PGP key for you. Here are some good options: – Windows: Gpg4winmacOS: GPG SuiteLinux: Try running sudo apt install gnupg in your terminal if you don’t already have it.

Follow the instructions on the website for installing the app that matches your operating system. Once you’re set, you’re ready to make your key.

Step 2: Make Your Unique PGP Key

Your PGP key will be like your online signature that connects to all the profiles you want to share.

  1. Open the app you just installed and look for the option to make a new key.
  2. The app will ask you for some info:
    • Name: This is what people will see connected to your key. It can be your real name or something else you’d like to use.
    • Email: This will help identify your key, so choose one you’re comfortable linking to your online identity.
    • Passphrase: Make sure to pick a good one! This keeps your key secure.

Once you’re done, the app will generate a public key and a private key: – Public key: Safe to share! This is what other people will use to verify your identity. – Private key: Keep this secret—this is what proves the public key is really yours.

Step 3: Find Your Key’s Fingerprint

Your fingerprint is like a digital ID number for your key. It’s a unique mix of numbers and letters that helps Keyoxide identify you.

  1. Go back to the app, find your key, and look for the fingerprint (it’s usually a string of about 40 characters).
  2. Copy this somewhere handy because you’ll need it soon.

This is where you show that certain online accounts really belong to you. You’ll make a short “proof” message for each account, and then link it to your PGP key. Let’s start with an example for Twitter.

  1. Write a simple message like:

    This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key.

    Replace @YourTwitterHandle with your actual Twitter username.

  2. Sign this message with your PGP key to make it official.

    • Most apps will have a “Sign” button for messages. You just paste your proof message there and sign it.
    • If you’re on the command line, use: bash echo "This is an OpenPGP proof that connects my Twitter profile (@YourTwitterHandle) to my OpenPGP key." | gpg --clear-sign This will give you a signed message that you’ll post next.

  3. Post the signed message on Twitter as a tweet.

And that’s it! You’ve just linked your Twitter account to your PGP key.

Quick Tips for Other Accounts

Each site may need a different kind of post: – GitHub: Post your signed proof as a Gist. – Reddit: Post your signed proof as a comment or post. – Your own website: Just paste the signed message on a page you control.

Step 5: Make Your Key Public

To get everything working on Keyoxide, you’ll need to share your public key with a key server (like a phonebook for these keys). This way, Keyoxide can find your key and your proofs.

  1. In your PGP app, export your public key.
  2. Upload it to a key server (like keys.openpgp.org).
    • Most PGP apps have an option to upload it directly, or you can use the command: bash gpg --keyserver keys.openpgp.org --send-keys [YourFingerprint] Now, your public key (and the proofs you linked) are accessible on the web.

Step 6: Check Out Your Keyoxide Profile

Now comes the fun part—seeing it all come together!

  1. Go to Keyoxide.
  2. Type in your PGP key’s fingerprint and press enter.
  3. You should now see your Keyoxide profile, showing all the proofs you’ve linked. Anyone who visits can confirm these profiles belong to you!

Step 7: Share Your Keyoxide Profile

Your profile link on Keyoxide will look like this:

https://keyoxide.org/[YourFingerprint]

Share it anywhere you’d like people to know it’s really you!

That’s It!

Hopefully this helps. You can check out Keyoxide’s documentation for more details if you need to know more!

© Jonathan Snyder. All Rights Reserved. Fediverse