MT PGP comments plugin

Remember the PGP-signing I added to my comments system a while back? Srijith has created a Movable Type plugin that adds PGP comments to Movable Type weblogs. He's using Ben Trott's Crypt::OpenPGP to parse the PGP signatures. Update: He used the module as a guide for parsing PGP signatures—it's not required to run the plugin.

Srijith also adds a very clever bit of functionality by showing how you can include the URL of your public key within your PGP signature itself. This doesn't solve the web of trust/signing issues, but it makes it much easier to at least verify the signature you're looking at. This distributed method of securing identity is about small pieces loosely joined (so to speak), and the pieces are loosely joining.

Here's a page he has devoted to the plugin: PGPComments.
« Previous post / Next post »

Comments

oh, and check out the PGP-signed version of this comment to see my key URL as part of my signature. I'm using PGP 8 for Windows.
by pb on Feb 23rd, 2004 at 1:01 pm
Heh. I guess not.

(my last message was "Does this work with non-clearsigned messages too?")

Rod.
by Rod on Feb 23rd, 2004 at 2:54 pm
And what happens if the GPG sig fails?

Rod.
by Rod on Feb 23rd, 2004 at 2:57 pm
heh, nope. You'd have to have the keys of every potential reader first. (I deleted the PGP-encrypted comment.)
by pb on Feb 23rd, 2004 at 2:57 pm
Nothing happens right now if the signature is invalid. It's up to the reader to test for validity.
by pb on Feb 23rd, 2004 at 2:58 pm
Just to clarify - I am not using Crypt::OpenPGP perl module in the plugin. I just used a couple of lines in that module's code to do the parsing in my plugin.

Wanted to clarify it because installing Crypt::OpenPGP is a daunting task and some potential users might be put off if they need to install the module to get the plugin working.
by Srijith on Feb 23rd, 2004 at 10:27 pm
Ahh, I misunderstood. Thanks for the clarification. I have updated my post.
by pb on Feb 24th, 2004 at 9:33 am
But the next version of Srijith's plugin *will* (optionally) use Crypt::OpenPGP for some really slick automated comment-verification.

I have two posts http://golem.ph.utexas.edu/~distler/blog/archives/000320.html and http://golem.ph.utexas.edu/~distler/blog/archives/000321.html discussing the protocol involved, and where you can see it in action.
by Jacques Distler on Mar 5th, 2004 at 10:54 am
Hi! You're reading a single post on a weblog by Paul Bausch where I share recommended links, my photos, and occasional thoughts.
×

Search Results

No emoji found