I'm pleased to announce the immediate availability of a reference implementation for the Public Key Directory server. This software implements the Key Transparency specification I've been working on since last year, and is an important stepping stone towards secure end-to-end encryption for the Fediverse. You can find the software publicly available on GitHub: PHP Server…

Soatok is a blog or publication authored by Soatok Dhole, a security researcher and privacy advocate. Readers can explore articles covering topics such as cryptography, privacy-enhancing technologies, and digital rights. Additionally, they can learn about cybersecurity threats, encryption protocols, and strategies for protecting online privacy.

Dhole Moments

A reference implementation for a Public Key Directory server is now available, implementing a Key Transparency specification designed to enable secure end-to-end encryption for the Fediverse. The system uses an immutable transparency log to publish public keys, allowing users to verify they're communicating with the intended recipient. The PHP-based server and client SDK are open source but still in v0.1.0 (not production-ready). The project aims to solve key management challenges that have prevented E2EE adoption in ActivityPub-based platforms like Mastodon, where direct messages are currently visible to instance administrators. Future work includes writing SDKs in multiple languages, creating a FASP specification, and eventually implementing full E2EE for Fediverse communications.

Announcing Key Transparency for the Fediverse