I'm writing this because I found the documentation to be a little confusing, the process turns out to be not so bad. So this is an attempt to clarify some of the things I was having problems with. Hopefully it doesn't make matters worse.
My system (why is this important, it will become clear below). My machine is an AMD Ryzen 5 5625U, with 8gb ram, and 512gb SSD running Linux Mint 21 (Mate). The machine in itself isn't that important, thou if you need to generate a new key pair it might take a few minutes on a older (slower) machine. The important part is I use Linux (Mint is based off Ubuntu so Debian based, this is important because GPG comes preinstalled.)
So if you have Windows - you'll most likely need to install GPG which is beyond the scope of this posting. https://gnupg.org/download/ ** Be sure to check the download signature.
*** I think the commands will all be the same no mater which version of GPG you are using.
To start with the documentation is using the command line (CLI), don't worry if you aren't familiar with the CLI, everything you'll be doing is pretty easy. PS in Linux the command line is called Terminal.
The other thing to note is I'm using a signature proof, which are marked as being experimental feature.
I'll be using the documentation found at: https://docs.keyoxide.org
1) The first thing you need to generate a key pair - this step can be skipped if you already have one (Goto step 2). The keyoxide docs are pretty good for this step, and I don't think I can add anything. But you will want to make a note of your fingerprint (The public fingerprint, NOT the private fingerprint)
https://docs.keyoxide.org/using-cryptography/openpgp-gnupg/
2) You need to upload your public key to the keys.openpgp.org keyserver. And again the above URL walks you though that pretty well. The only thing I can add here is even if you already have a key pair you'll probably want to make sure it's on the openpgp.org keyserver because unfortunately it's a bit hit or miss if a keyserver shares with other keyservers.
** I didn't use the WKD server option. There is also some other information on this page that tells how to sign a document, and how to verify a signature. All is good to know if you are not familiar with GPG/PGP.
3) Next We need to create a signature file that will become part of the proof for Mastodon - this is where I started to have some confusion so I'll try my best to make it a bit easier. https://docs.keyoxide.org/signature-profiles/overview/
a) Using GnuPG (GPG) we need to create a profile file, this is just a text file that we will sign with the key pair we just created. The most important thing is using the correct syntax for the PROOF line. (This same file if I understand correctly can be used to provide proofs for other sites that Keyoxide supports. We are currently interested in Mastodon, so let's just start there. Other service providers can be found on the left side of the website at the bottom of the documentation)
b) Create a file that looks like this:
Hey There Here's a signature profile with proof I am @kd8bxp@mastodon.radioverify this profile at https://keyoxide.org/sigproof=https://mastodon.radio/@kd8bxp
Change my username to your own of course, it wouldn't do much good to try to verify you are me. Save the file with a name somewhere that you can find it. Next we are going to sign this file.
c) It's simple, you just need to use the command: gpg -u EMAIL_ADDRESS --clear-sign FILENAME
Where EMAIL_ADDRESS is the email address you used when you created your key pair, and FILENAME is the name of the file you just created. This will create another file with the .asc file extension, it's clear text. This will be the file that you will share with others that will end up becoming the proof after they verify the signature of the file. I decided to share this with a github gist. https://gist.github.com/kd8bxp/bfd9d9b1379cfc42e96d0c1e0dbe55ea
* There is no clear way that you should share the file, email it, github, a link to it in a post? The person you share it will need to goto the https://keyoxide.org/sig site and copy and paste it there to verify you are your.
** IF you add or change this file, you will need to sign it again, and upload the new file (or share the new file making sure you also delete the old file).
*** If you move from this instance of mastodon to another, you'll want to delete the current line and replace it with your new username/instance - and remember to sign it again, ect.
We are almost done....
4) Adding a link to your fingerprint (created above) to mastodon.radio https://docs.keyoxide.org/service-providers/mastodon/ (This is the step that I got the most confused about - turns out the simplest way (URL) is easy, thou I wonder if I shouldn't be hashing the URI which I didn't understand how to do at all if I'm honest here)
a) log in to your Mastodon instance (mastodon.radio) click on Edit profile
b) You will need to add a line to your Profile metadata
