This could prove useful as an option in settings to double verify that person is legit.

I think this is a great idea! Chitchatter would benefit from some sort of optional secure identity functionality. I'll have to think through how this might work so that it fits with Chitchatter's overall design goal of simplicity and being approachable.

Sounds good!

I've been thinking through how this might work. I'm envisioning a sort of "personal room" feature where one peer has host/admin privileges based on a locally-generated public/private room key pair.

We can use the Web Crypto API to generate public/private keys. Here's a POC for that: https://gist.github.com/jeremyckahn/66d54e4960bf42e3256f48004aab7ce6

And here's a rough idea of how the user flow might work to achieve this:

I'm realizing that this is only solving part of the problem. Specifically, it only verifies the host peer. The original request is to verify all peers. I still want to have "personal" rooms with host powers, but that would be separate functionality.

I'm going think further and iterate on this design to enable public/private key authentication for all peers.

I iterated on my previous design. Here's how I think peer verification can be achieved:

Here's a POC implementation of how to encrypt a string with a public key and decrypt it with a private key: https://gist.github.com/jeremyckahn/cbb6107e7de6c83b620960a19266055e

oooo interesting! This could work really well!

@dillfrescott I was able to get a start on building this functionality and streamed the development today, in case you’re curious: https://www.youtube.com/watch?v=5aiPZE3ABkM

Ooooo cool! Thats very interesting especially since I know next to nothing about how to code haha!

Also, I had to pause the sponsorship for a bit but i will re subscribe to you sometime in January! Sorry about that!

@dillfrescott no worries, I totally understand! Thanks for doing what you can. 🙂

@dillfrescott This is done and deployed! I chose not implement any sort of "login" functionality and just use automatically-generated public/private keys for peer verification. Let me know what you think!

Amazing work! But it was kind of the whole point to be able to verify occupants via an already trusted pgp key.

Your way may be better but I'm not sure what it really accomplishes in terms of validity of users.

Ohhh okay just loaded chitchatter and I see what you mean. This should work fine! Let me know what you think!

@dillfrescott Thanks for the feedback! That makes a lot of sense. To achieve what you're describing, we'd need to implement additional functionality to support importing preexisting private keys (from which the public keys would be derived and used). I'm open to doing that, but I question how comfortable users would be with it. Personally I wouldn't want to import a private key into any app unless that app was the only thing using it. The current design essentially does that automatically for users.

@dillfrescott considering the above, do you think it would be worth adding support for importing private keys or does the current design meet your needs?

I honestly think the current design fits my needs! After using it a bit it seems to check all the boxes!

@dillfrescott awesome! I’m glad you like it! 😁