Skip to content

Gemini

Jump to bottom Edit New page
Niko Carpenter edited this page Feb 17, 2022 · 3 revisions

Add Gemini Support to edbrowse

Currently, edbrowse doesn't support Gemini out of the box, but with a plugin, it is possible to browse Geminispace. This plugin requires Python 3, and the ignition library, which can be installed via pip:

pip3 install ignition-gemini

First, you will need to download ebgmni.py and ebgmni.sh, and put them into a directory. I dumped them into ~/.config/edbrowse/plugins/, and this is what the rest of this guide assumes you did. Next, copy the following plugin block into your edbrowse configuration:

plugin {
    type = */*
    desc = Gemini
    protocol = gemini
    program = ~/.config/edbrowse/plugins/ebgmni.sh %i
    outtype = h
}

Refresh your config and try browsing to gemini.circumlunar.space.

Client Certificate

Some Gemini sites require you to provide a client certificate, either for authentication, or to act as a sort of cookie. To set this up, you will first need to generate one with openssl. Change to the directory where you extracted the plugin files (~/.config/edbrowse/plugins/ in my case, and run the following command:

openssl req -x509 -newkey rsa:4096 -keyout ebgmni-client.key -out ebgmni-client.crt -days 3653 -sha256 -nodes

You can leave the various fields blank when prompted, though you will want to provide a common name, as some sites will identify you by this. The resulting certificate will expire in 10 years.

Finally, add these functions to your edbrowse config to enable and disable the client certificate. For a bit of privacy, you might want to turn it on with <gmniccon only when you need it, and then turn it off with <gmniccoff afterwards:

function:gmniccon {
    db0
    !touch ~/.config/edbrowse/plugins/ebgmni-client-cert-enabled
}

function:gmniccoff {
    db0
    !rm -f ~/.config/edbrowse/plugins/ebgmni-client-cert-enabled
}

Trust-on-first-use

Rather than relying on certificate authorities, Gemini relies on a trust-on-first-use (TOFU) model to authenticate servers. When edbrowse connects to a gemini server for the first time, the server will be trusted, but its server fingerprint will be added to ~/.ebgmni_known_hosts. If the server's certificate fingerprint changes for any reason, edbrowse will not connect to it. Currently, you cannot see the fingerprint of the server you've just visited, except by opening up this file and looking for it manually.

Add a custom footer
Add a custom sidebar
Clone this wiki locally