#Tag · bonfire.cafe

Analogously, we can inspect a modern v6 OpenPGP certificate, which uses up-to-date formats from the very recent RFC 9580.

We'll make a fresh example v6 certificate to look at with the "rsop" tool:

$ rsop generate-key --profile rfc9580 "" | rsop extract-cert > alice_v6.cert

And then look into it with:

$ rpgp status alice_v6.cert

🧵 3/5

Heiko

@hko@floss.social replied · last month

We can also ask the "rpgp" CLI tool to emit the same certificate status information in #JSON format:

$ rpgp status --json alice_v6.cert

Please be aware that the rpgp JSON output format is in a very early stage, and may be subject to change!

(At some point I will commit to not changing the JSON format on a whim, but that point is not right now.)

🧵 4/5

A terminal session that shows the following command and output:

$ rpgp status --json alice_v6.cert
{
"primary": {
"fingerprint": "9a47c697b8dfa657ad8d2bc31df18da8924a281f2f589600352f7bac05f61a81",
"version": 6,
"created": "2025-08-24T22:26:06Z",
"algorithm": "Ed25519",
"status": {
"valid": {}
},
"key_flags": [
"Certify",
"Sign"
]
},
"subkeys": [
{
"fingerprint": "7e1a88fc27cfbb94ab1e088f32bfc3551bc88b4044a02f8ff685a0b14ad8ff9c",
"version": 6,
"created": "2025-08-24T22:26:06Z",
"algorithm": "X25519",
"status": {
"valid": {}
},
"key_flags": [
"Encrypt"
]
}
],
"user_ids": [
{
"id": "<alice@example.org>",
"primary": true,
"status": {
"valid": {}
}
}
]
} — A terminal session that shows the following command and output: $ rpgp status --json alice_v6.cert { "primary": { "fingerprint": "9a47c697b8dfa657ad8d2bc31df18da8924a281f2f589600352f7bac05f61a81", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "Ed25519", "status": { "valid": {} }, "key_flags": [ "Certify", "Sign" ] }, "subkeys": [ { "fingerprint": "7e1a88fc27cfbb94ab1e088f32bfc3551bc88b4044a02f8ff685a0b14ad8ff9c", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "X25519", "status": { "valid": {} }, "key_flags": [ "Encrypt" ] } ], "user_ids": [ { "id": "<alice@example.org>", "primary": true, "status": { "valid": {} } } ] }

Thib

@thibaultamartin@mamot.fr · 2 months ago

A colleague just recommended fx, the TUI to explore json.

A bit more user friendly than jq, but also on some aspects more powerful? Worth exploring!

https://fx.wtf/

#json #tui #terminal

just small circles 🕊 boosted

Oblomov

@oblomov@sociale.network · 2 months ago

(Fun fact: had #ActivityPub been designed around an #XML representation of linked data instead of #JSON, most of the #Fediverse could be presented on the web via #XSLT, without requiring #JavaScript, directly from the source objects.)

Oblomov

@oblomov@sociale.network · 2 months ago

Stéphane Bortzmeyer

@bortzmeyer@mastodon.gougere.fr · 2 months ago

Side discussion at #IETF123. Is there an equivalent of #CSS for #JSON (to control the presentation of the JSON you send)? Any ideas?

Gytis Repečka

@gytisrepecka@social.gyt.is · 3 months ago

This meme is so good it has to be shared widely: {" "}

#json #statham #meme

Photo of Jason Statham with his face framed between symbols {" on left and "} on right, with text below "JSON Statham"

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe · 5 months ago

Seems a first step is almost done, adding #JSON support to my #poser lib. This could be the foundation for #JWT support in #swad. 😎

Need to do more thorough testing I guess, but at least the two example documents from #rfc8259 work fine ... the test tool does a full #deserialization / #serialization roundtrip (with specific internal representations of the data types supported by JSON).

edit: Look at the "Longitude" value of the second object in the second example 😏 I only noticed myself right now, but of course that's the desired behavior.

Testing JSON serialization in poser with the examples provided by RFC 8259

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe replied · 4 months ago

First step towards implementing #JWT in #swad done, just committed a good 1000 LOC and now my #poser lib can do #JSON 😎
https://github.com/Zirias/poser/commit/7f1772e85c869d544f8a12099ed6545e163dc163

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe · 5 months ago

Hopefully, there will be another release of #swad soon!

Looking at my test results again, performance should be okay at least for moderately busy sites ... the 1000 requests per second I observed included actual logins, and I didn't even test whether it would also handle more (it probably would), the only issue was with resolving remote names (with that, around 30% of these requests failed because the thread pool was clogged with jobs all waiting for some DNS response), and the recommendation would be: just disable that feature if your site is a busy one.

But I'm really unhappy with RAM usage going up so much. Almost 100MiB resident set after seeing 1000 unique clients all attempting a login is a lot after all.

So, I'll try to move swad to a session-less design. It can't be fully stateless, a rate limiter will be needed, but maybe I can optimize a bit on that.

But the sessions could be replaced. They're currently used for two things:

* Store actual auth information. This could be stored in signed JWTs (json web tokens) on the client instead. I'm already starting to add JSON support to my poser lib 😉

* Store the random challenge for the #anubis-like proof-of-work checker. Could do the same as anubis here: Derive the challenge from request metadata instead, including a timestamp.

Will be quite some work, but could be doable.

Felix Palmen :freebsd: :c64:

@zirias@mastodon.bsd.cafe replied · 5 months ago

Seems a first step is almost done, adding #JSON support to my #poser lib. This could be the foundation for #JWT support in #swad. 😎

edit: Look at the "Longitude" value of the second object in the second example 😏 I only noticed myself right now, but of course that's the desired behavior.