make PGP key authentication more user-friendly #66
Comments
lafleurdeboum
changed the title
|
Thanks for the note! Have you tried the PGP option on indielogin.com? I don't remember if it's got the same usability problem you're describing here. indieauth.com is a different project and one that I'm eventually going to get rid of. |
|
Hello, I just tried indielogin.com and it seems more user-friendly to
me. I was able to unlock the "Verify" button by pasting the whole gpg
signing message, as returned by :
$ echo THE_PHRASE_TO_SIGN | gpg --clearsign
But the UI fails saying "There was a problem ! Please go back to the
application and try again". This error isn't very useful to me but
that's still one step forward !
Just to be very explicit, I did produce my public key with the gpg
command stated in the initial issue ; then I uploaded it to my site
under `lafleur.key.txt`, and linked it in the body of the index page as
such :
<a href="lafleur.key.txt" rel="pgpkey authn">PGP Key</a>
Feel free to ask for any other information indeed
Le vendredi 23 octobre 2020 à 14:22 -0700, Aaron Parecki a écrit :
… Thanks for the note! Have you tried the PGP option on indielogin.com?
I don't remember if it's got the same usability problem you're
describing here. indieauth.com is a different project and one that
I'm eventually going to get rid of.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I'm still having this problem with indielogin.com. I paste in the result of And the resultant page, in both firefox and chrome, after trying multiple times, says: Can anyone help? (indieauth.com works fine stragely...) |
|
I'm always using |
|
I’ve just tried using IndieLogin.com for the first time and also am getting stuck at:
I’m sure there is a problem but I have no idea what it is. |
|
Setup pgp authn on indieauth.com just fine. Here I'm just told "the session expired". |
|
Sorry, I'm having trouble getting things working with PGP keys so I'm just disabling it entirely for now. |
Hello
I followed instructions at https://indielogin.com/setup#pgp and succeeded in uploading my public key to my website and linking it (I had to export it with
gpg --export --armor --output key.txt lafleur@boum.org).Now I'm trying to authenticate at https://indieauth.com/ ; the page presents a very rewarding green button called GPG. When I click on it, a popup tells me to "sign this text with my private key".
So I tried
gpg --clearsign, pasting the text, hitting enter and then Ctrl-D, and got big block as follows :Alas, I was not able to log in, either pasting the whole block back in the popup, or pasting only the block between the
---BEGIN PGP SIGNATURE---and the---END PGP SIGNATURE---, or appending the same block after the text with the surrounding---BEGINand---END(the three more obvious ways I could think of).I think the popup should mention precisely what it's expecting. The site did succeed in guiding me until there quite nicely, but the PGP Verification popup is really under the level of accessibility that IndieAuth.com had achieved so far.
Hope this help in making the world a better place :-)
The text was updated successfully, but these errors were encountered: