MT PGP comments plugin

Remember the PGP-signing I added to my comments system a while back? Srijith has created a Movable Type plugin that adds PGP comments to Movable Type weblogs. He's using Ben Trott's Crypt::OpenPGP to parse the PGP signatures. Update: He used the module as a guide for parsing PGP signatures—it's not required to run the plugin.

Srijith also adds a very clever bit of functionality by showing how you can include the URL of your public key within your PGP signature itself. This doesn't solve the web of trust/signing issues, but it makes it much easier to at least verify the signature you're looking at. This distributed method of securing identity is about small pieces loosely joined (so to speak), and the pieces are loosely joining.

Here's a page he has devoted to the plugin: PGPComments.


oh, and check out the PGP-signed version of this comment to see my key URL as part of my signature. I'm using PGP 8 for Windows.
Heh. I guess not.

(my last message was "Does this work with non-clearsigned messages too?")

And what happens if the GPG sig fails?

heh, nope. You'd have to have the keys of every potential reader first. (I deleted the PGP-encrypted comment.)
Nothing happens right now if the signature is invalid. It's up to the reader to test for validity.
Just to clarify - I am not using Crypt::OpenPGP perl module in the plugin. I just used a couple of lines in that module's code to do the parsing in my plugin.

Wanted to clarify it because installing Crypt::OpenPGP is a daunting task and some potential users might be put off if they need to install the module to get the plugin working.
Ahh, I misunderstood. Thanks for the clarification. I have updated my post.
But the next version of Srijith's plugin *will* (optionally) use Crypt::OpenPGP for some really slick automated comment-verification.

I have two posts and discussing the protocol involved, and where you can see it in action.

Search Results

No emoji found