Navi

The blog for navi.land

We installed a blog and a keyserver

We spun up an instance of WriteFreely to serve as a blog at blog.navi.land. Don't expect a ton of posts or for us to maintain this religiously. We'll post shit here when we change things on the backend or if the server catches fire.

Hagrid and keys.navi.land

We are now self-hosting Hagrid, the verifying OpenPGP keyserver written in Rust. It's the same code running on keys.openpgp.org and it's living at keys.navi.land now.

To make this actually usable, we hacked together a management page at https://navi.land/user/keys.php. This page bridges your mailbox with the local Hagrid instance (running on port 8090).

Functionality

  • Generate Keys: Click a button and get a Curve25519 key pair. We encrypt the private key with AES-256-GCM and shove it in the database. The public key goes to the keyserver.
  • Import/Export: You can upload your own keys or download the ones we generated to use in local clients like Thunderbird.
  • Verification: The “Resend Verification Email” button forces the keyserver to send you a link. Clicking that link proves you own the email, verifying your key on the public directory.

End-to-End Encryption Settings

We added a few toggles to the dashboard. Use them or don't.

  • Encrypt Incoming Mail: Incoming plaintext gets encrypted with your public key before it hits the disk. This protects your data at rest. Warning: If you lose your private key, your email is gone forever. We cannot help you recover it.
  • Publish Key (WKD): This pushes your key to the Web Key Directory. It allows other providers to auto-discover your key and send you encrypted mail without a manual handshake.
  • Enable Public Key Discovery: We attempt to find public keys for your recipients automatically.

Trust Issues

If you are paranoid, do not use our key generator. Do not let us store your private key. Manage your own keys locally on your own machine using GPG or a desktop client, and only upload the public key to us.

Actually, if you really don't trust us, go buy some hardware and host your own email server. We don't care. We offer this service for convenience, but the only way to be 100% sure we aren't looking at your data is to keep your data off our servers entirely.