From 0d106ec6215b3efd6820aecc01c78a06260de41d Mon Sep 17 00:00:00 2001 From: Caleb Callaway Date: Sun, 20 Dec 2020 13:50:17 -0800 Subject: [PATCH] blog: Qui --- content/blog/distributed-authenticity-for-web3.md | 2 +- content/blog/qui.md | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 content/blog/qui.md diff --git a/content/blog/distributed-authenticity-for-web3.md b/content/blog/distributed-authenticity-for-web3.md index 048ffd4..afb1644 100644 --- a/content/blog/distributed-authenticity-for-web3.md +++ b/content/blog/distributed-authenticity-for-web3.md @@ -21,4 +21,4 @@ Serially signing many files with GnuPG is not fast, but modern CPUs have many th Armed with this knowledge, I wrote [a Python script](https://github.com/cqcallaw/www/blob/94f0dbb84fa3908acdd698d7b67071bf4f2a723b/sign.py) that generates good PGP signatures across every file on the website while fully utilizing all 16 of my CPU's threads. The result can be seen on [brainvitamins.eth](http://www.brainvitamins.eth). For any given file, a corresponding `.sig` file should exist that can be verified using [my public key](/pubkey.asc). -Next step: building a browser extension to automatically verify signatures and trust pubkeys as required. +Next step: [building a browser extension to automatically verify signatures and trust pubkeys as required](/blog/qui). diff --git a/content/blog/qui.md b/content/blog/qui.md new file mode 100644 index 0000000..2ad5e71 --- /dev/null +++ b/content/blog/qui.md @@ -0,0 +1,10 @@ +--- +title: "Qui" +date: 2020-12-20T13:03:50-08:00 +draft: false +tags: ['web3', 'dweb', 'security'] +--- + +The browser extension I [discussed previously](/blog/distributed-authenticity-for-web3) is now accessible at [on GitHub](https://github.com/cqcallaw/qui). The extension won't (intentionally) leak private data, but constructive criticism and user feedback is welcome. + +[Handling signatures in IPLD](https://blog.ceramic.network/how-to-store-signed-and-encrypted-data-on-ipfs/) looks like a better long-term solution, but the use of PGP should be an effective stopgap while standards emerge.