Creation of identity proof GPG <-> ETH

[sebastinez]

Abstract

This issue is for the debate on the proof of ownership of GPG and ETH identities.
It'll eventually allow for the web app and other services to verify through a cryptographic proof, that a commit was indeed signed by the corresponding Person.
It's heavily based on radicle-dev/radicle-link#525 and radicle-dev/radicle-upstream#965

Update N°1: We moved to a two way signature to sign a message both ways and have a self contained proof, to be stored on any decentralized storage, eg. IPFS, or even on-chain.

Requirements

• The link must be verifiable with a cryptographic proof.
• Both directions should be verifiable: GPG -> Radicle and Radicle -> GPG
• The link and proof must be retrievable with just the GPG key fingerprint
• The GPG identity must be retrievable with just the Ethereum address.
• A command-line tool must be provided to create this link, and it should support the Ledger Nano S/X
• The proof should be published on IPFS or other decentralized storage
• The web client should integrate with this system and show the Radicle identities of project contributors who have signed their commits and linked their identities.

Attestation Flow

• The user has to have a GPG keypair, being it a subkey or the primary key, and a ETH keypair to sign a message.
• Using the GPG keypair we sign a message similar to "As the provable owner of this GPG fingerprint EB17....7EDF, this is my ETH address 0x1234...1233".
• On the other hand we take a string similar to "As the provable owner of the ETH address 0x1234...1233, this is my GPG fingerprint EB17....7EDF" and sign it with the ETH keypair.
• Finally we output a JSON object with both cryptographic signatures proving the ownership of both identities.

Verification Flow

• Using the public key one could verify that the GPG or the ETH signature in the JSON object pointed at to be sure that the identity is the provided one.

[sebastinez]

Will close this issue for now, since we are moving to SSH and other attestation flows