Posts

In this guide, we set up a new website on a Handshake domain and secure it with Stateless DANE. Caddy is the recommended way to set up such websites. Learn more about Handshake, DANE, and Stateless DANE. Install Caddy This post assumes Ubuntu; for other OS/distros, see Caddy’s official install docs. Install caddy with: curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install -y caddy Temporary note: until caddy v2....

First, A bit about DANE CAs Most websites out there are served securely over HTTPS. This is possible with the help of “trusted” entities called Certificate Authorities (CAs) that issue certificates to websites. And when you visit any of these websites, the browser checks if the website has a valid certificate issued by a CA it trusts. However, this requires everyone to trust CAs to always act responsibly and never be compromised in any way....

FxWallet is a wallet by DxPool for Android and iOS that’s not talked about enough. It’s a multi-currency self-custody wallet that supports a bunch of chains including Handshake. This post focuses on the Handshake part. Features Create and switch between multiple wallets (seed phrases) Participate in Handshake auctions A trustless marketplace for names Name monitoring (for auction and expiry) Process This post is based on this particular apk: App Version: 2....

Handshake has a tiny SPV resolver that can run on devices with low specs, such a Raspberry Pi Zero W. In this tutorial we will need just the RPi and a SD Card (min 4GB). We also need a SD Card reader (USB or native). Raspberry Pi OS First step is to install the OS in the SD card. Raspberry Pi has a utility called Raspberry Pi Imager that does all the work for us....

Posts in this series: Introduction (this one!) Part 1 - Set up DNS server Part 2 - Set up Web server Part 3 - Secure with DANE So you wanna build a snowman website on a Handshake domain. Any website (even a regular one on an ICANN domain) needs 3 things to function A domain name - hope you have one ready A DNS server - this is what tells browsers where to fetch content from A web server - someplace where content is stored or served from Let’s quickly go through what they are (feel free to skip if you’re familiar with DNS basics)....

Posts in this series: Introduction Part 1 - Set up DNS server (this one!) Part 2 - Set up Web server Part 3 - Secure with DANE Set up DNS server We’ll be using PowerDNS here. You can use bind9, knot, or any other authoritative server, but PowerDNS is the (personally) easiest to set up and use. Sebastian Rasor has a similar guide with nsd: https://www.sebastianrasor.com/blog/hosting-a-secure-website-on-the-handshake-protocol-using-dane Disable Stub Resolver First things first, Ubuntu comes with systemd’s stub resolver listening on port 53, which we’ll need to stop / free up....

Posts in this series: Introduction Part 1 - Set up DNS server Part 2 - Set up Web server (this one!) Part 3 - Secure with DANE Set up Web Server In this part, we’ll set up a simple nginx server that just serves a static website. You can also go with any other software like Apache httpd or lighttpd. Install nginx # Install nginx sudo apt install nginx -y # create a directory to place website sudo mkdir -p /var/www/smartface Add content Copy your website files into /var/www/smartface....

Posts in this series: Introduction Part 1 - Set up DNS server Part 2 - Set up Web server Part 3 - Secure with DANE (this one!) Secure with DANE If you’re following with the series, we have a website reachable with a Handshake domain, but it’s only over HTTP and not secure. With regular domains, one would request a Certificate Authority (CA) to sign our certificate and then use it on the web server....