1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
Hello!
Are you a real IPv6 friend?
## Introduction
People like you and me don't want or need Facebook. However, we do
want to securely communicate with our friends. And chat with them. And
know when they are online. Let's solve this problem once-and-for-all
in a decentralised, sustainable and future proof way.
## Here come's the real IPv6 friend
Instead of using a single system or server, we use IPv6 to connect to
our friends directly. Because each of our friends is reachable by IPv6
if they are online (otherwise they would not be a real IPv6 friend),
we can easily verify if they are online. To find out who is online,
just connect to their computer!
## How it works
It's a bit geeky, but it works actually rather simple.
To become a real IPv6 friend, you need to do the following things:
- Generate a GPG key with a comment named RIF following the URL of
your computer
- Ensure that the URL points to the IPv6 address of your computer
- Setup a webserver on your computer
- Export your key and all real IPv6 friend keys to your webserver as
"rifkeys.txt
- For each of your friends, check whether they are online!
### Example: Generating a key with the right comment
In this example I choose to create an ECC based key that requires the
export option in gpg:
```
[1:24] line:~% gpg --expert --full-gen-key
gpg (GnuPG) 2.2.12; Copyright (C) 2018 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(9) ECC and ECC
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(13) Existing key
Your selection? 9
Please select which elliptic curve you want:
(1) Curve 25519
(3) NIST P-256
(4) NIST P-384
(5) NIST P-521
(6) Brainpool P-256
(7) Brainpool P-384
(8) Brainpool P-512
(9) secp256k1
Your selection? 1
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? c
Comment: RIF https://nico.ungleich.cloud
You selected this USER-ID:
"Nico Schottelius (RIF https://nico.ungleich.cloud) <ipv6@nico.ungleich.cloud>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 27541E11E73F288D marked as ultimately trusted
gpg: directory '/home/nico/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/home/nico/.gnupg/openpgp-revocs.d/B982A8BABC030C66DEF5984527541E11E73F288D.rev'
public and secret key created and signed.
pub ed25519 2019-09-09 [SC]
B982A8BABC030C66DEF5984527541E11E73F288D
uid Nico Schottelius (RIF https://nico.ungleich.cloud) <ipv6@nico.ungleich.cloud>
sub cv25519 2019-09-09 [E]
```
### Example: Setting up a webserver
On a Debian/Devuan based distro:
```
apt install nginx
sudo chown $(whoami) /var/www/html
```
### Exporting all keys
To make yourself accessible and expose who your real IPv6 friends are.
```
gpg -a --export RIF > /var/www/html/rifkeys
```
### Example: List your friends
```
[1:40] line:~% gpg --list-keys --with-colons | grep RIF | awk -F: '{ print $10 }' | sed 's/\\x3a/:/'
Nico Schottelius (RIF https://nico.ungleich.cloud) <ipv6@nico.ungleich.cloud>
Nico Schottelius (myself) (RIF https://nico2.ungleich.cloud) <nico@nico.ungleich.cloud>
```
### Example: Checking which friends are online
Use the included rif-checkfriends.sh script or iterate yourself over
above output.
```
```
## To be added
- advanced usage -> ipv6 email
### CLI ideas
- **rif prepare**: check webserver, keyring, etc.
- **rif online**: check who is online
|
