How to set up key-based identity in Mitra
Mitra implements a mechanism for migrating your connections from one server to another, which works even if your current server is offline. At the moment, this mechanism is only supported by Mitra. People who use different software won't be able to connect automatically to your new account, so the more of your contacts use #Mitra, the less connections you lose during migration. It's not very difficult for other developers to implement it though, and it's documented in FEP-7628 and FEP-c390.
For migration to work, two accounts must be linked to the same cryptographic key. To do that, you need to add a public key to your profile, then create a signature to prove the possession of the corresponding private key. You can think of this key as something that represents your primary identity and your fediverse accounts as temporary aliases. Mitra currently supports two signing tools: Minisign and Metamask.
Minisign
#Minisign is a command line tool. It might be difficult to use, but it is secure and doesn't violate your privacy.
1. Install Minisign. The tool is available in most Linux distros. For example, on Debian you can simply run apt install minisign
.
2. Generate a key pair: minisign -G
.
3. Go to your profile page, click on three dots to open the profile menu and select "Link minisign key".
4. Tell Minisign to export your public key:
minisign -R -f -p minisign.pub
Copy the text from minisign.pub
file and paste it into the form. Press "Generate message" button.
5. Run displayed commands to create a signature. The first one (starting with printf
) creates a file that needs to be signed. The second one
minisign -S -l -m message -x message.sig
creates a signature. Copy the text from message.sig
file and paste it into the form. Press "Submit".
Now, back up your social graph. Go to "Settings" and scroll down to the "Export" section. Download both follows and followers lists.
Metamask
#Metamask is a browser extension and a cryptocurrency wallet. It leaks the hash of your public key to third parties, has non-free license and has other shortcomings.
However, it is much easier to use than Minisign. If you have it installed, just go to your profile page, open dropdown menu and select "Link ethereum address". Follow the instructions and approve the signature request. Done!
Migration
If you need to migrate your connections, repeat the linking procedure with your new account. Then go to "Settings", find the "Experiments" section with "Import follows" and "Move followers" buttons, and upload your previously backed up lists. That's all.
In the future more identity verification methods will be added. For example, a client may generate a private key for you, and let you back it up as a passphrase. This is less secure, because you have to trust the server admin to not steal your private key, but it is much easier than using Minisign. Arguably, the tradeoff is acceptable.