Skip to main content; Accessibility mode;

Manual_advanced

Advanced Manual

Introduction

Please enjoy this manual, and report any inaccuracies or potential for improvement. It helps if you use #meta tag.

These Features May Be Confusing At First

  • Your profile key lives on your device, not on this website or server.
  • This means that you own your profile, not this website or server.
  • This entire forum can be exported, migrated, cloned, and forked, without restriction.
  • Your profile stays on your device, and you can use it between any other forums.
  • Using the same profile on multiple devices and/or backing it up requires copying and pasting of a large blob of text.
  • "JavaScript Enabled", meaning JS is not required. Accessible with any browser. Yes, really, try Mosaic 1.0.

Expert Mode Overview

To send message:
* Write message in text file
* Submit it (e.g. using curl) to /post.html

To create profile:
* Use gpg --gen-key to generate key
* Export your public key using --gpg --armor --export
* Submit (e.g. using curl) to /post.html.

To post using profile:
* Use gpg --clearsign to sign your text file
* Submit to /post.html.

* Refer to Manual for token syntax.

Terminology and Notation

epoch time

Most timestamps are currently in epoch time. This is the number of seconds since the beginning of the Unix Epoch, and is (for the foreseeable future) a 10-digit number, beginning with 15. Example: 1557587720.

item

An item is one "something" that has been added to the message board. Items are the most basic elements, on which everything else is built.

Everything that happens on the message board is an item. For example, a text that someone has posted is an item, and so is a user profile, a vote, a reply, etc.

Items are stored as plain text files (.txt), one of the most common and supported file formats, so that they can be easily inspected.

Items are identified with a 40-digit "hash", which looks like this: 6b50a8112fde3a6276cb0c5b9cd8c949bc1625d0. Sometimes you may see it shortened, like this: 6b50a811..

(more to come)

How to use GPG

Summary for Experts

Creating a profile: Generate a PGP key, post public key.

Posting stuff as your profile: sign with GPG, paste into textbox.

More descriptive version

You will need to generate a key and then sign your messages. Piece of cake.

Writing As Yourself

To write something under your new profile, you will need to sign your text.

First, write the text that you want to post. Once you have finished writing it, save it to a .txt file.

Look for the command to "Sign" (not encrypt) your text in your GPG software.

Some software has no such option. In this case, you should use the "Encrypt" command, but ensure that the "To:" field is blank.

You should end up with a big block of text that begins with "-----BEGIN PGP SIGNED MESSAGE-----"

Copy this entire block of text, including the ----- part, and submit it via the Write page.

That's it!

Uploading Your Public Key

Look for the option to export your public key in your software.

You should end up with a block of text that starts with "-----BEGIN PGP PUBLIC KEY BLOCK-----".

Copy the whole thing, including the ----- part, and submit it via the Write page.

You have now aliased your name to your key fingerprint.

Signing With Command-Line GPG

Check GPG Version

gpg --version

If you don't have GnuPG installed, go here: https://www.opengpg.org/

Generate Key Pair

gpg --gen-key

Export Public Key

gpg --armor --export

Sign Message in Text File

gpg --clearsign example.txt

Sign Message After Typing It

gpg --clearsign

Start typing your message. When you're finished, press Enter, then ^D (Ctrl+D).

Other Resources

Tokens Reference.

If you have questions, please ask them using Write page.

Server Key

The Server key is set by first generating or importing the whole key into the server's keychain.

The Server key is used for signing (and in the process also timestamping) various events that happen on the server.

This ensures that the items were not posted by a random.

The following actions are currently server-signed:

Admin user changes. Server-signed notice is posted.

Version changed. Server-signed "changelog" is posted, which includes the comment from the current version's commit, as well as all the previous commits that came before it, up to the most recent commit included in a changelog.

Client fingerprint and timestamp for items that are posted where the user requests this.

Admin Stuff

There is planned support in the near future for roles, multiple admins, etc. in the near future.

That said, this software currently supports two roles: Admin, and Server. Both are optional.

Admin User

The Admin key is set by putting the admin's public key, ASCII-armored, into hike/admin.key.

This user currently holds the following special powers:

Vouch

The vouch token can only be used by the admin.

Remove

The remove tag, when applied by the admin user, will cause an item to be removed at the nearest opportunity.

All of the tokens in the removed item are undone at the next rebuild.

#config

The #config token can always be applied by the admin.

Settings under the config/admin/ directory can only be set by the admin user.

How to use GPG

Read This First

GnuPG
https://www.gnupg.org/

Read the GnuPG home page to familiarize yourself.

Android

OpenKeychain
https://www.openkeychain.org/about/

Apple iOS, iPhone, iPad

PGP Everywhere
http://pgpeverywhere.com/

Apple macOS

GPG Suite
https://gpgtools.org/

Microsoft Windows

Gpg4Win
https://www.gpg4win.org/

More Options

OpenPGP Software
https://www.openpgp.org/software/

Creating Your Profile, AKA Key Pair

You can post your messages anonymously. Anonymous posting is very easy. Why even bother creating a profile?

Benefits and Explanation of Account System

  • All your posts will appear on your author page.
  • You can sign your posts with your name.
  • You can edit or delete your posts later.
  • You will get a colorful avatar that will appear with all your posts.

You will need to create a key pair. Look for this option in your software and use it. (More detailed guides to come.)

GPG is traditionally used for email, but you do not have to provide your address for this forum. In fact, we recommend that you either leave the field blank. Otherwise, your email address will be accessible by anyone, including spambots.

The key pair is stored on your device. If it is important to you, keep it safe, and back it up.


Top