@bender@twtxt.net Y U Relpy @twtxt.net@twtxt.net?

@prologic@twtxt.net Agreed! But clients can hallucinate and generate wrong hashes aka Lies 🤣 Also, If you chheck your own twt on twtxt.net, it looks like a root twt instead of a replay.

@aelaraji@aelaraji.com hashes don’t lie 🤣

@andros@twtxt.andros.dev Here’s that twtxt-el test replay to my last twt! let’s see how it goes.

@andros@twtxt.andros.dev hmmm… pretty strange, isn’t it? replaying to threads worked perfectly, I’ve only had that problem trying to replay to a twt that was part of a thread.

As an example, this one is a Fork-Replay from Jenny. My next twt will be a replay to this exact twt but from twtxt-el as a test.
Then I’will file an issue if it doesn’t behave the way it’s supposed to. Cheers!

@prologic@twtxt.net Are you sure? xD … it was supposed to be a replay to another twt, but the twt hash is wrong (I think).

Heute waren das Ziehkind und ich zwei Stunden lang auf drei Spielplätzen und quer durch die Stadt unterwegs. Ein riesiger Spaß!
Vorab habe ich im hiesigen Spielzeugladen ein Konvolut von Klemmbausteinen erstanden, welche wohl zu einer Polizeistation gehörten!?

Image

@bender@twtxt.net Don’t panic. I’ve just been testing my implementation. The great advantage of Twtxt is it’s openness, I think. So DM spamming would contradict to this feature I like. ❤

@xuu@txt.sour.is Hahaha, this is great! :‘-D

@lyse@lyse.isobeef.org The best part is: “I found four skyrocket sticks in premium quality.” 🎇 One can never has enough skyroket sticks!

@bender@twtxt.net Oh dear!

@sorenpeter@darch.dk @kirch.sdf.org@kirch.sdf.org

@falsifian@www.falsifian.org That’s cool, dedicated parking for snow. :-) There are also some rather large icicles. Thanks for sharing this photo! <3

@sorenpeter@darch.dk @emile.space@emile.space

@prologic@twtxt.net I’ll have you know it took me minutes of time to get the mouse suspended like that by that rats nest!

@prologic@twtxt.net Not too shabby.

@andros@twtxt.andros.dev Here is everything written down I know to this stuff: https://github.com/upputter/testing-twtxt-dm/blob/main/README.md

@arne@uplegger.eu Amazing!!! 😋

@eapl.me@eapl.me @andros@twtxt.andros.dev Eureka! It works! https://github.com/upputter/testing-twtxt-dm
PBKDF2_KEY_SIZE = 48 was the turning point! My dirty little crypt.class.php can en- and decrypt, accoridng to the OpenSSL standard and options used in https://twtxt.dev/exts/direct-message.html

I really like the concept of “twt”. It’s the perfect blend of txt and twtxt. An abbreviated form. Even though it’s the name given to posts, I personally find it very nice.
#twtxt

@eapl_en@eapl.me Your notes are amazing! I’m going to save them for when I do my implementation. Great job!

Image

@aelaraji@aelaraji.com Works 👌

@andros@twtxt.andros.dev is it me or twtxt-el generates a wrong twt hash when I use the [ ↳ Reply to twt ] button?

@prologic@twtxt.net huh.. i added sour.is and img.sour.is to my whitelist but its not showing inline for me

@prologic@twtxt.net Those aren’t actually serving anything public-facing. I’ve thought about it, but for now I’m sticking with VPSs, partly because I don’t relish the risk of weeks of downtime if something goes wrong while I’m travelling.

@prologic@twtxt.net Here’s mine.

Image

Edit #issuecomment-18968

@eapl.me@eapl.me @andros@twtxt.andros.dev here’s another variant as per eapl’s suggestion (#issuecomment-18968)[https://git.mills.io/yarnsocial/twtxt.dev/issues/9#issuecomment-18968]

Image

@bender@twtxt.net Hmmm, does that mean it’s not that popular in the US? 🤔

I hope not, @bender@twtxt.net! I haven’t checked, but I’d reckon it to be at most a single digit MiB number. How wrong am I?

@off_grid_living@twtxt.net No right click thing, but in the terminal:

convert -strip -quality 70 -resize 300x original.jpg resized.jpg

“original.jpg” being the filename of the input file and “resized.jpg” the filename of the output. You can play around with the width, “300x” means 300 pixels wide and the height is determined automatically to still remain in the same ratio. The quality is how much to compress it. The closer to 0 the value gets, the worse the result, but also smaller in file size. More towards 100 and the quality improves together with a larger file size.

You have to install the package “imagemagick” for this to work, I believe.

@off_grid_living@twtxt.net Oh, I’m ready for my retirement, too. :-D Still have some decades to go, unfortunately.

@off_grid_living@twtxt.net You could try starting it in the terminal in order to spot errors. Just open the GNOME Terminal or something like that and then type in “kolourpaint” and hit Enter.

@bender@twtxt.net Lol! :-D

here is my progress so far: https://github.com/eapl-gemugami/twtxt-direct-message-php
The encryption part seems to work, if I decrypt it the message with OpenSSL.
I think it can help you for some key parts not well explained in OpenSSL documentation.

@andros@twtxt.andros.dev reading your spec I wrote a few notes here: https://github.com/eapl-gemugami/twtxt-direct-message-php/blob/main/direct_message_spec.md

@arne@uplegger.eu I haven’t check your repo yet, although you are using sodium, right?

@arne@uplegger.eu Here are the results of the german jury:

Known salt (B64): Tb9oj07UhwU= (8)
Known key (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
Known iv (B64): l/PvkDjOKMFZe73KptrvWw== (16)
Shared Key (B64): ql8zvN03p6kroSwNrcKbxk4zSBQFkgQZEumvqVIDMAE=
** DECRYPT **
Encrypted Message: ...
Decoded Salt (B64): Tb9oj07UhwU= (8)
PBKDF2 KEY (B64): MII0yj+MC0mHNx254Voar80bi9P7jmocs0+x+inaxBE=
iv (B64): JanbU1jI30lb6yfjq/adjA== (16)
Decrypted Message: 

😭

@eapl.me@eapl.me Here is what I’ve got so far: https://github.com/upputter/testing-twtxt-dm

There is a “00_well_known_message.enc” file, which I have the encryption paremters for (https://github.com/upputter/testing-twtxt-dm/blob/9fdf3be6aa8fe810a4cb275375dbb3d4a2a958ee/wellknown_test.php#L28).

According to my finding, I assume, that the saltsize in openssl is “8” and the PBKDF2 algo is “sha256”.

@andros@twtxt.andros.dev Could you share (perhaps in the extension document) the private key for alice?

I want to compare that I can read the encrypted message both from OpenSSL CLI and from the PHP OpenSSL library, following the spec.

@arne@uplegger.eu With the OpenSSL option -p one can get an output of salt, key and iv. My stupid PHP-code can get everything right from the encrypted data (from OpenSSL) - except the iv! Damn “evpKDF” 😔

@prologic@twtxt.net I’ve been there yesterday w/o success.

@arne@uplegger.eu I think you want to use the sodium_crypto functions/modules for PHP 🤔🤔

@arne@uplegger.eu Hi! I love that you’re implementing it! Maybe, when we’re both done, we could test the clients by communicating both.
I don’t think I’m going to be able to help you much, my knowledge of OpenSSL and PHP is not as high as I’d like it to be.
Maybe the OpenSSL version uses SHA-1 by default in PHP. Or that the IV is derived together with the key (not generated separately). But I’m not able to answer your questions, sorry.
I’m invoking the commands directly, without any libraries in between. Maybe that would help you?

@arne@uplegger.eu Well, just for my understanding. The command:
echo "Lorem ipsum" | openssl enc -aes-256-cbc -pbkdf2 -iter 100000 -out message.enc -pass file:shared_key.bin
will take the input string from echo to openssl. It then will

1. use the content of shared_key.bin as password
   
2. use PBKDF2 with an iteration of 100000 to generate a encryption key from the given password (shared_key.bin)
   
3. use the PBKDF2 generated key for an aes-256-cbc encryption
   

The final result is encrypted data with the prepended salt (which was generated by runtime), e.g.: Salted__q�;��-�T���"h%��5�� ....

With a dummy script I now can generate a valide shared key within PHP ‘openssl_pkey_derive()’ - identical to OpenSSL.
I also can en-/decrypt salted data within my script, but not with OpenSSL. There are several parameters of PBKDF2 unknown to me.

Question:

1. Is the salt, used by aes-256-cbc and PBKDF2 the same, prepended in the encrypted data?
   
2. Witch algorithm/cipher is used within PBKDF2: sha1, sha256, …?
   
3. What is the desired key length of PBKDF2 (https://www.php.net/manual/en/function.openssl-pbkdf2.php)?
   

To be continued …

oh cool @lyse@lyse.isobeef.org !! and thanks, got rid of that empty line. ATM I’m using twtxt very much in an experimental way, only manual editing or writing my tools. curious to see how it will evolve. #meta #twtxt

Image

Love my new shed, getting ready to retire

@lyse@lyse.isobeef.org call the @ call the @yarn_police@twtxt.net! 😂

@arne@uplegger.eu

Image

@andros@twtxt.andros.dev I have really tried to get behind it. For an implementation for my TwtxtReader (PHP) I simply lack the knowledge of the standard-openssl parameters.
All my solution approaches require “nonce” or “initialization vector” on one or the other side. In addition, the “magic numbers” (“Salted__”) were not consistent in my tests.