4. Forgejo / Gitea / Codeberg proofs

The last button in the Key section allows automatically creating required claims for associating OpenPGP key with Keyoxide on Gitea-compatible forges (all derived software, e.g. Forgejo as used by Codeberg are automatically supported).

The workflow internally does three things:

  1. Creates a repository on the target instance having a description which contains key fingerprint.

  2. Creates and attaches notations to the key pointing at the target instance.

  3. (Optionally) uploads the key to keys.openpgp.org so that other users can see the proof.

The workflow window is partially filled in and requires checking the target instance address, as well as providing the username on that instance:

proof window

Clicking “Authorize” opens browser window with a small proxy web application which, after confirming the operation, will communicate with the target instance and create repository named “gitea_proof” (as required by Keyoxide):

proof authorize instance

At the same time the application will continously check if the proof has been setup and if the format is correct:

proof checking authorization

The status will be displayed after the authorization succeeds in the web browser:

proof created

This causes the application to change its state and enables the “Sign proof” button:

proof present

Signing proof will make modifications to the key and save it in a file:

proof added notations

Then, the “Upload” button will be enabled and it can be used to update the key to keys.openpgp.org:

proof uploaded

The application automatically detects if the key has not yet been verified on the server and asks the user to verify their e-mail by clicking a link in a new e-mail.