Hacker News new | ask | show | jobs
by forgotmypw16 2242 days ago
The private key is stored in localStorage, but this is not the user's "real" private key which they might use for email, but a temporary device key, which can then be vouched either by admin or by user.
1 comments
GTP 2242 days ago
I'm not understanding how this works, then. Are you using the user's private key to somehow derive temporary device keys?
link
forgotmypw16 2242 days ago
Generate a PGP key using in-browser JS. Use that key submitted posts.

Then, later, sign either the file hashes or the public key itself using actual secure PGP. This is optional.

I'm not claiming any level of security, this is all mostly UI prototyping.

link
GTP 2240 days ago
Sorry, what do you mean by "Use that key submitted posts"?
link