Signed Posts allows authors to sign posts, assuring content integrity. Signature verification proves post-signing alteration hasn’t occurred.
Features:
- In-browser verification: The signature verification is done on the client side (in the visitor’s browser).
- Methods: OpenPGP (ASCII-armored detached signature) and DID (did:key, did:web) using Ed25519 detached JWS (b64=false).
- Source of trust: For OpenPGP, the author specifies the URL of their public key in their profile. For DID, the author sets their DID (did:key or did:web). For did:web, the plugin fetches
https://<host>/.well-known/did.json. - Status block: An informative block is automatically added to the end of each signed article, showing the verification status (valid, invalid, or error).
- Author badge: The author name in posts is enhanced with an icon and KeyID/fingerprint text.
Source Code and Libraries
OpenPGP.js * Version: 6.2.2 * License: LGPL-3.0-or-later * Public Source Code: https://github.com/openpgpjs/openpgpjs
Web Crypto API * Used to verify Ed25519 signatures for DID.