key-examples: Difference between revisions
(→Real-World Examples: add Institutions section and ICANN) |
(→key on its own page: plain text file) |
||
Line 168: | Line 168: | ||
=== key on its own page === | === key on its own page === | ||
Separate page for a key, rather than inside or a part of a profile or contact information. | Separate page for a key, rather than inside or a part of a profile or contact information. | ||
==== armored OpenPGP | ==== armored OpenPGP in HTML ==== | ||
Example URL: [http://futureboy.us/pgp.html PGP Public Key for Alan Eliasen] | Example URL: [http://futureboy.us/pgp.html PGP Public Key for Alan Eliasen] | ||
<source lang=html4strict> | <source lang=html4strict> | ||
Line 219: | Line 219: | ||
* raw key in a PRE block | * raw key in a PRE block | ||
==== plain text file ==== | |||
Example URL: http://www.w3.org/People/Bos/bert-pubkey.txt | |||
<source lang=plaintext> | |||
-----BEGIN PGP PUBLIC KEY BLOCK----- | |||
Version: GnuPG v1.0.7 (GNU/Linux) | |||
mQGhBDppjAcRBAC7yYqRN+qeCgf20PoQYTtHO9ro/kHEADEpQPjlGRyrsQ/wttnm | |||
... | |||
=yaAL | |||
-----END PGP PUBLIC KEY BLOCK----- | |||
</source> | |||
* no markup | |||
* just the BEGIN PGP and Version header and base64 key text | |||
* linked from the parent directory - http://www.w3.org/People/Bos/ - with link text "GPG key" | |||
==== short name of example ==== | ==== short name of example ==== |
Revision as of 22:38, 1 November 2012
<entry-title>key examples</entry-title>
This page documents existing real world publishing examples of public keys in the hope of analyzing them to see if / how to better fit existing publishing practices of public keys, either with hCard's 'key' property, or possibly other solutions.
Related: provide input to W3C Crypto API Issue 14: Representation of raw key material
The Problem
A user wants to share their public key on the web. What's the best way to do this? To answer that question, this page researches existing publishing practies to see if there are patterns or exemplary examples, or if we can use them to figure out a recommended way to publish public keys on web pages.
Use Cases
meeting someone and sending private messages
Two people meet and exchange their personal URLs in the hopes of communicating later, and encrypting said communications.
- two people meet
- they exchange personal URLs
- each (perhaps later) browses the others' URL on their device
- the page clearly has contact information (e.g. an hCard) and a visible public key on it
- they bookmark each others URLs
- they go to their messaging web app and create a new message, using their bookmarks for the URLs / to address
- the web app retrieves the public key from the URL and uses it to encrypt the message before sending it.
- each receives a message from the other and is able to use their messaging web app to decrypt and read it.
Real-World Examples
Real world publishing examples of public keys on public web pages.
personal home page
Matthias Ries
Example URL: Matthias Ries
Note: the page has an hCard of the individual, but no 'key' property. However, inside that hCard, there is the following:
<div class="signature">
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
mQGiBEl2HAgRBAC9IZGQE3NRWFoXV7CcVRbo7xMe+nGPRMTOocA0pcv9N67R6CAZ
...
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</div>
Ellipsis added.
- inside a <pre> inside a <div> with class name "signature
If the author used the class name "key" instead of (or in addition to) the class name "signature", then it would be recognized as a plain text 'key' property value in his hCard.
Ben Tremblay
Example URL: http://bentrem.net/
Note: the page has three hCards for the individual, but no 'key' property. Just after the last hCard, there is the following:
<center>
<div class="scrollbox" style="height: 7.5em;">
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.4 (MingW32)
<font size="-6">
mQGiBESzvlsRBACzsDol94Pua0ggzSsLa35K9pQoPJHWg2YgpNp5wWC9/oruQaNF
...
</font>
-----END PGP PUBLIC KEY BLOCK-----
</pre>
</div></center>
- inside a <pre>
- BEGIN PGP header and Version are directly in the pre tag
- actual base64 key text is inside a nested <font> tag
profile page
Example(s) of a public key published on a profile page with other information, e.g. in a personal page at an institution or on a social network or other content hosting service.
Wells College
Example URL: http://eclipse.wells.edu/badams/contact/
Note: The page has an hCard of the individual with a 'key' property!
<div id="hcard-Bryant-E-Adams" class="vcard">
<a class="url fn n" href="http://eclipse.wells.edu/badams"> <span class="given-name">Bryant</span>
<span class="additional-name">E</span>
<span class="family-name">Adams</span>
</a>
...
<h2>GPG/GnuGP Public Key</h2> (<a href="../resources/badams_0F87773F.asc" rel="self">download</a>) <h3>For email sent to/from <a href=“mailto:badams.gpg+0x20”>bad ams.gpg+0x20 (at) gmail (dot com)</a></h3>
<pre><tt>
<span class="key">
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
mQENBE4sjPMBCAC0ublKPnsdwD9B71bygmwVxn3hX6zw4H2Qlc6wPc0/OepjqVyq
...
-----END PGP PUBLIC KEY BLOCK-----
</span>
</tt></pre>
</div>
Ellipses added.
- profile info in hCard
- link to downloadable .asc public key with
rel="self"
- entire visible public key including BEGIN PGP header inside a <pre><tt><span class="key">
claimID
Example URL: claimID : Brandon B
Note: ClaimID has hcard-supporting-user-profiles and thus the page has an hCard of the individual, but no 'key' property.
Note 2: Page has an abusive invisible content div (with visibility:hidden; position:absolute) aimed at crawlers (id="crawler_text"), presumably search engines in particular, since it abuses h1 tags:
<div id="crawler_text" style="visibility:hidden; position:absolute;">
<h1>Brandon B</h1> <h1>Caedis, Caedis_Hax, CaedisHax, Cædis_Hax, Daedalus, DaedalusXero, Dædalus</h1> <h1>Texas</h1> <h2>"There are no coincidences, only the illusion of coincidence"
The information below may be used to verify my signatures and encrypt communications to me.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbn...</h2>
<h3>ClaimID is a simple way to manage your online identity. This is the claimID page of
Brandon B.
</h3>
</div>
Ellipsis in original.
And here's the complete and visible PGP PUBLIC KEY BLOCK:
<p>
The information below may be used to verify my signatures and encrypt communications to me.
<p>
<p>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.6 (GNU/Linux)
<p>
mQGiBEgIJGYRBAC54vZVXjK5l4VRSiUC6XGMgEOjEFgWvruVr/PXBk0hbnZ47D8j
...
-----END PGP PUBLIC KEY BLOCK-----</span></div>
<div style="text-align:center;">
Ellipsis added.
Note: the </span></div> at the end are markup errors, and the <div style="text-align:center;"> auto-closes the p tag around the actual PGP public key block.
It's not clear if the markup around the public key is added by the site, or was added by the user entering information in to a generic notes/info field, or if the p tags in particular were added by the site to represent blank lines entered by the user.
- BEGIN PGP PUBLIC KEY BLOCK and Version header is in its own paragraph tag from the actual base64 test.
- end of key is implied by an invalid close span tag.
key on its own page
Separate page for a key, rather than inside or a part of a profile or contact information.
armored OpenPGP in HTML
Example URL: PGP Public Key for Alan Eliasen
<H2>Public Key</H2>
<PRE>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQGiBD0ZXm4RBADS59M4Dy4aOBUA59mKkNg+bWqeKenYs+zTk7O8QKfqgKxLBNya
...
-----END PGP PUBLIC KEY BLOCK-----
</PRE>
<P>
This is also available in a <A HREF="pgp.txt">plaintext file</A>.
</P>
<H2>Importing My Key</H2>
<P>
The simplest way from an e-mail client (like Enigmail) is to simply e-mail
<A HREF="pgp.txt">the plaintext version of my key</A> to your own e-mail
address and choose the option like "Import PGP Key." My key is also
available from <A HREF="http://pgp.mit.edu/">pgp.mit.edu</A>
(interactively.)
</P>
Ellipsis added.
- raw key in a PRE block
- link to plain text version of key
- (human) discovery for an email client
- alternative key server for key (human search required at destination)
PGP PUBLIC KEY BLOCK
Example URL: Folsom's Public Key
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
mQGiBDheqqARBAD//2FUIkCc9ITtszMh70nFmTOj/YWWi3Kk4aumxuAhgGeEwAFX
...
-----END PGP PUBLIC KEY BLOCK-----
</pre>
Ellipsis added.
- raw key in a PRE block
plain text file
Example URL: http://www.w3.org/People/Bos/bert-pubkey.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)
mQGhBDppjAcRBAC7yYqRN+qeCgf20PoQYTtHO9ro/kHEADEpQPjlGRyrsQ/wttnm
...
=yaAL
-----END PGP PUBLIC KEY BLOCK-----
- no markup
- just the BEGIN PGP and Version header and base64 key text
- linked from the parent directory - http://www.w3.org/People/Bos/ - with link text "GPG key"
short name of example
Linked full name of example
<div>
raw, unescaped markup of example
</div>
Analysis of implied schema of example.
Institutions
Sites/pages of institutions which include multiple keys on a single page.
ICAAN
Example URL: http://www.icann.org/en/contact/pgp-keys
<div class="field field-name-body field-type-text-with-summary field-label-hidden clearfix">
<div class="field-items">
<div class="field-item even" property="content:encoded"><p><a name="MehmetAkcin" id="MehmetAkcin"></a><strong>Mehmet Akcin</strong></p>
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v2.0.10 (Darwin)
</p><p class="keys">mQINBEmlow4BEACag9QwKzm7RL5ULqew0XJbAipwy32Xb2RPVgbDVGqIsVzFCXD9<br />
ykGnwYm+CcyBj9Z1cGzQovRZU9cni0yf7YYciM6TTmjqROz3WWuxIseuLphEtNu2<br />
...
=KgTO<br />
-----END PGP PUBLIC KEY BLOCK-----</p>
...
<p><a name="KentCrispin" id="KentCrispin"></a><strong>Kent Crispin (Office Key) <kent@icann.org>:</strong></p>
<pre>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.4 (GNU/Linux)
mQELBEE2SKkBCADMmf+17NnaXzYtSKvYNUjSKFGbKF50Utds2BK+AjUzFIORpJdU
...
=EsaL
-----END PGP PUBLIC KEY BLOCK-----
</pre>
<p><strong><a name="dnssec-public" id="dnssec-public"></a><abbr title="DNS Security Extensions">DNSSEC</abbr> Public PGP Key</strong></p>
<p class="keys">-----BEGIN PGP PUBLIC KEY BLOCK-----<br />
Version: GnuPG v1.4.5 (GNU/Linux)</p>
<p class="keys">mQGiBEdQucgRBACuD4uIRQ9Or2yKfGZtqxSd7/yp20VoZaNafP85OlJfOs9yjgdN<br />
v8kSd3+2lBXGwJxgOzkssbgZ14O1U3au494WicvR0gF7cLRZBeqpdZetpm7gl5n2<br />
...
=nIe5<br />
-----END PGP PUBLIC KEY BLOCK-----</p>
Ellipses added.
- named anchor, full name
- BEGIN PGP and Version header marked up with <p class="keys">...</p>.
- separately, base64 key text marked up with <p class="keys">...</p> and lines terminated with <br />.
- some full names parenthetically include email afterwards
- some keys including header and base64 key text are marked up together inside a <pre> element
Common Practices
(template boilerplate)
- Summary of common patterns discovered
- common implied schema
Existing Practices
(template boilerplate) Other attempts to solve The Problem
- *-formats page
Brainstorming
(template boilerplate) Link to related pages as they become available
- *-brainstorming page
- proposal page
- microformat spec page