Discussion
Loading...

#Tag

  • About
  • Code of conduct
  • Privacy
  • Users
  • Instances
  • About Bonfire
Heiko
@hko@floss.social  ·  activity timestamp last month

Analogously, we can inspect a modern v6 OpenPGP certificate, which uses up-to-date formats from the very recent RFC 9580.

We'll make a fresh example v6 certificate to look at with the "rsop" tool:

$ rsop generate-key --profile rfc9580 "" | rsop extract-cert > alice_v6.cert

And then look into it with:

$ rpgp status alice_v6.cert

🧵 3/5

A terminal session that shows the following commands and output:

$ rsop generate-key --profile rfc9580 "<alice@example.org>" | rsop extract-cert > alice_v6.cert

$ rpgp status alice_v6.cert
🔐 Ed25519 v6 82d496f62a2419443eb2b9be73159edd0fbdddaf9860db2cdb1164ad16ce918e
  ⏱️ Created 2025-08-24 22:16:36 UTC
  ✅ Active (no expiration)
  🏴 Key flags: Certify, Sign

  🔑 X25519 v6 513694cc5bb335f0d5c991defbd94ddc7e6e4ce3025b0d489cf67301ec9d3093
    ⏱️ Created 2025-08-24 22:16:36 UTC
    ✅ Active (no expiration)
    🏴 Key flags: Encrypt

  🪪 ID "<alice@example.org>" (primary)
    ✅ Active (no expiration)
A terminal session that shows the following commands and output: $ rsop generate-key --profile rfc9580 "<alice@example.org>" | rsop extract-cert > alice_v6.cert $ rpgp status alice_v6.cert 🔐 Ed25519 v6 82d496f62a2419443eb2b9be73159edd0fbdddaf9860db2cdb1164ad16ce918e ⏱️ Created 2025-08-24 22:16:36 UTC ✅ Active (no expiration) 🏴 Key flags: Certify, Sign 🔑 X25519 v6 513694cc5bb335f0d5c991defbd94ddc7e6e4ce3025b0d489cf67301ec9d3093 ⏱️ Created 2025-08-24 22:16:36 UTC ✅ Active (no expiration) 🏴 Key flags: Encrypt 🪪 ID "<alice@example.org>" (primary) ✅ Active (no expiration)
A terminal session that shows the following commands and output: $ rsop generate-key --profile rfc9580 "<alice@example.org>" | rsop extract-cert > alice_v6.cert $ rpgp status alice_v6.cert 🔐 Ed25519 v6 82d496f62a2419443eb2b9be73159edd0fbdddaf9860db2cdb1164ad16ce918e ⏱️ Created 2025-08-24 22:16:36 UTC ✅ Active (no expiration) 🏴 Key flags: Certify, Sign 🔑 X25519 v6 513694cc5bb335f0d5c991defbd94ddc7e6e4ce3025b0d489cf67301ec9d3093 ⏱️ Created 2025-08-24 22:16:36 UTC ✅ Active (no expiration) 🏴 Key flags: Encrypt 🪪 ID "<alice@example.org>" (primary) ✅ Active (no expiration)
Heiko
@hko@floss.social replied  ·  activity timestamp last month

We can also ask the "rpgp" CLI tool to emit the same certificate status information in #JSON format:

$ rpgp status --json alice_v6.cert

Please be aware that the rpgp JSON output format is in a very early stage, and may be subject to change!

(At some point I will commit to not changing the JSON format on a whim, but that point is not right now.)

🧵 4/5

A terminal session that shows the following command and output:

$ rpgp status --json alice_v6.cert
{
  "primary": {
    "fingerprint": "9a47c697b8dfa657ad8d2bc31df18da8924a281f2f589600352f7bac05f61a81",
    "version": 6,
    "created": "2025-08-24T22:26:06Z",
    "algorithm": "Ed25519",
    "status": {
      "valid": {}
    },
    "key_flags": [
      "Certify",
      "Sign"
    ]
  },
  "subkeys": [
    {
      "fingerprint": "7e1a88fc27cfbb94ab1e088f32bfc3551bc88b4044a02f8ff685a0b14ad8ff9c",
      "version": 6,
      "created": "2025-08-24T22:26:06Z",
      "algorithm": "X25519",
      "status": {
        "valid": {}
      },
      "key_flags": [
        "Encrypt"
      ]
    }
  ],
  "user_ids": [
    {
      "id": "<alice@example.org>",
      "primary": true,
      "status": {
        "valid": {}
      }
    }
  ]
}
A terminal session that shows the following command and output: $ rpgp status --json alice_v6.cert { "primary": { "fingerprint": "9a47c697b8dfa657ad8d2bc31df18da8924a281f2f589600352f7bac05f61a81", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "Ed25519", "status": { "valid": {} }, "key_flags": [ "Certify", "Sign" ] }, "subkeys": [ { "fingerprint": "7e1a88fc27cfbb94ab1e088f32bfc3551bc88b4044a02f8ff685a0b14ad8ff9c", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "X25519", "status": { "valid": {} }, "key_flags": [ "Encrypt" ] } ], "user_ids": [ { "id": "<alice@example.org>", "primary": true, "status": { "valid": {} } } ] }
A terminal session that shows the following command and output: $ rpgp status --json alice_v6.cert { "primary": { "fingerprint": "9a47c697b8dfa657ad8d2bc31df18da8924a281f2f589600352f7bac05f61a81", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "Ed25519", "status": { "valid": {} }, "key_flags": [ "Certify", "Sign" ] }, "subkeys": [ { "fingerprint": "7e1a88fc27cfbb94ab1e088f32bfc3551bc88b4044a02f8ff685a0b14ad8ff9c", "version": 6, "created": "2025-08-24T22:26:06Z", "algorithm": "X25519", "status": { "valid": {} }, "key_flags": [ "Encrypt" ] } ], "user_ids": [ { "id": "<alice@example.org>", "primary": true, "status": { "valid": {} } } ] }
  • Copy link
  • Flag this comment
  • Block
Thib
@thibaultamartin@mamot.fr  ·  activity timestamp 2 months ago

A colleague just recommended fx, the TUI to explore json.

A bit more user friendly than jq, but also on some aspects more powerful? Worth exploring!

https://fx.wtf/

#json #tui #terminal

  • Copy link
  • Flag this post
  • Block
just small circles 🕊
just small circles 🕊 boosted
Oblomov
@oblomov@sociale.network  ·  activity timestamp 2 months ago

(Fun fact: had #ActivityPub been designed around an #XML representation of linked data instead of #JSON, most of the #Fediverse could be presented on the web via #XSLT, without requiring #JavaScript, directly from the source objects.)

  • Copy link
  • Flag this post
  • Block
Oblomov
@oblomov@sociale.network  ·  activity timestamp 2 months ago

(Fun fact: had #ActivityPub been designed around an #XML representation of linked data instead of #JSON, most of the #Fediverse could be presented on the web via #XSLT, without requiring #JavaScript, directly from the source objects.)

  • Copy link
  • Flag this post
  • Block
Stéphane Bortzmeyer
@bortzmeyer@mastodon.gougere.fr  ·  activity timestamp 2 months ago

Side discussion at #IETF123. Is there an equivalent of #CSS for #JSON (to control the presentation of the JSON you send)? Any ideas?

  • Copy link
  • Flag this post
  • Block
Gytis Repečka
@gytisrepecka@social.gyt.is  ·  activity timestamp 3 months ago

This meme is so good it has to be shared widely: {" jason_statham "}

#json #statham #meme

Photo of Jason Statham with his face framed between symbols {" on left and "} on right, with text below "JSON Statham"
Photo of Jason Statham with his face framed between symbols {" on left and "} on right, with text below "JSON Statham"
Photo of Jason Statham with his face framed between symbols {" on left and "} on right, with text below "JSON Statham"
  • Copy link
  • Flag this post
  • Block
Felix Palmen :freebsd: :c64:
@zirias@mastodon.bsd.cafe  ·  activity timestamp 5 months ago

Seems a first step is almost done, adding #JSON support to my #poser lib. This could be the foundation for #JWT support in #swad. 😎

Need to do more thorough testing I guess, but at least the two example documents from #rfc8259 work fine ... the test tool does a full #deserialization / #serialization roundtrip (with specific internal representations of the data types supported by JSON).

edit: Look at the "Longitude" value of the second object in the second example 😏 I only noticed myself right now, but of course that's the desired behavior.

Testing JSON serialization in poser with the examples provided by RFC 8259
Testing JSON serialization in poser with the examples provided by RFC 8259
Testing JSON serialization in poser with the examples provided by RFC 8259
Felix Palmen :freebsd: :c64:
@zirias@mastodon.bsd.cafe replied  ·  activity timestamp 4 months ago

First step towards implementing #JWT in #swad done, just committed a good 1000 LOC and now my #poser lib can do #JSON 😎
https://github.com/Zirias/poser/commit/7f1772e85c869d544f8a12099ed6545e163dc163

  • Copy link
  • Flag this comment
  • Block
Felix Palmen :freebsd: :c64:
@zirias@mastodon.bsd.cafe  ·  activity timestamp 5 months ago

Hopefully, there will be another release of #swad soon!

Looking at my test results again, performance should be okay at least for moderately busy sites ... the 1000 requests per second I observed included actual logins, and I didn't even test whether it would also handle more (it probably would), the only issue was with resolving remote names (with that, around 30% of these requests failed because the thread pool was clogged with jobs all waiting for some DNS response), and the recommendation would be: just disable that feature if your site is a busy one.

But I'm really unhappy with RAM usage going up so much. Almost 100MiB resident set after seeing 1000 unique clients all attempting a login is a lot after all.

So, I'll try to move swad to a session-less design. It can't be fully stateless, a rate limiter will be needed, but maybe I can optimize a bit on that.

But the sessions could be replaced. They're currently used for two things:

* Store actual auth information. This could be stored in signed JWTs (json web tokens) on the client instead. I'm already starting to add JSON support to my poser lib 😉

* Store the random challenge for the #anubis-like proof-of-work checker. Could do the same as anubis here: Derive the challenge from request metadata instead, including a timestamp.

Will be quite some work, but could be doable.

Felix Palmen :freebsd: :c64:
@zirias@mastodon.bsd.cafe replied  ·  activity timestamp 5 months ago

Seems a first step is almost done, adding #JSON support to my #poser lib. This could be the foundation for #JWT support in #swad. 😎

Need to do more thorough testing I guess, but at least the two example documents from #rfc8259 work fine ... the test tool does a full #deserialization / #serialization roundtrip (with specific internal representations of the data types supported by JSON).

edit: Look at the "Longitude" value of the second object in the second example 😏 I only noticed myself right now, but of course that's the desired behavior.

Testing JSON serialization in poser with the examples provided by RFC 8259
Testing JSON serialization in poser with the examples provided by RFC 8259
Testing JSON serialization in poser with the examples provided by RFC 8259
  • Copy link
  • Flag this comment
  • Block
Log in

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances
Bonfire social · 1.0.0-rc.3.1 no JS en
Automatic federation enabled
  • Explore
  • About
  • Members
  • Code of Conduct
Home
Login