brain tags Je Maintiendrai

Signed comments

Sometimes I post comments on my own pages, usually in reaction to other comments. I usually use only my first name ‘Jeroen’ to post these comments, but everybody is free to use any name he/she wishes, including my first name. After all, I am not the only Jeroen in the world.

But how do you know that it was really me who posted the comment? From now on all my comments are PGP signed, so you can verify them with my public key. This way you know for sure that the poster of the message is the same guy as the one who created this site.

Of course you are free to sign your own comments as well.

You can see the fully signed message by clicking on the key below.

Since you seem to be a fan of sematically-correct markup, you might be interested in the new version

http://www.srijith.net/codes/openpgpcomment/

of the OpenPGPComment plugin, which gets rid of the ugly hard-coded link glommed onto the end of the comment (separated by some <br />s), and provides instead, a MovableType template tag, <MTIfPGPSigned>...</MTIfPGPSigned>, which you can use to put the link in a more reasonable place (like after the commenter's name).

And you might want to add yourself to Srijith's list

http://www.srijith.net/trinetre/archives/2004/04/06.shtml#000658

of sites accepting PGP-signed comments.

Whoops! I got distracted by the fact that you don't allow markup (hyperlinks) in your comments, and forgot to sign mine.

Silly me.

I do use the latest version of the openpgpcomments plugin. It might be that this did not show, since I haven't rebuilt my archives after installing it.
I will do that as soon as I have the server-side verification process running.

Hi!

Back from the Netherlands? Had a good holiday?

This is fun, getting comments on your code and PGP-signing from Jacques Distler. Read him sometimes, but he is an important person in many aspects, much like Zeldman!

Good luck!

I have added your site to the list.

Note that my email to comments at jeroensangers dot com bounced with "550 unknown user" error.

"I do use the latest version of the openpgpcomments plugin. It might be that this did not show, since I haven't rebuilt my archives after installing it."

Mmm. Yes. I noticed that after adding my own comment. Sorry.

"I will do that as soon as I have the server-side verification process running."

Best of luck with Crypt::OpenPGP.

Don't worry, you couldn't know that I already upgraded.

I do have Crypt::OpenPGP installed, but it still doesn't work. I don't remember the exact error, but it had to do with the rights on the files. I just need to find some time to find it out...

Srijith: I fixed my comments mailbox. Thanks for mentioning this.

"I do have Crypt::OpenPGP installed, but it still doesn't work. I don'¡t remember the exact error, but it had to do with the rights on the files. I just need to find some time to find it out�"

You are, then, "in like Flynn."

There are two files of relevance: an OpenPGP keyring file, and a Berkeley DB database file (containing KeyID/website URL pairs). Both files need to be readable and _writable_ by the CGI process.

Since you're not supposed to create the Berkeley DB database file by hand, you may need to create a writable _directory_ in which the CGI process can create the database file.

Unfortunately all files have the right access. Srijith told me that the error is probably caused by an old version of the OpenPGP module. The error message I receive is:

Can't locate object method "key_id" via package "Crypt::OpenPGP::Plaintext" at plugins/OpenPGPComment.pl line 259.

Server side verification seems to work alright now.

The only problem I have is that some comments won't be shown in the PGP view; an empty comment is shown instead.