=== 0Cert === Contributors: dimaulianov Tags: security, encryption, ssl, certificate, identity, cryptography, browser, privacy Requires at least: 5.0 Tested up to: 7.0 Requires PHP: 7.4 Stable tag: 1.0.0 License: MIT License URI: https://opensource.org/licenses/MIT Add 0Cert identity-based encryption verification to your WordPress site. Zero certificates. Zero renewals. == Description == 0Cert replaces traditional SSL certificate authorities with Certificateless Public Key Cryptography (CL-PKC). Instead of trusting one of 150 certificate authorities, your domain name IS your cryptographic identity. This plugin adds 0Cert protection to any WordPress site in minutes — no server configuration required. **What it does:** * Adds `X-0Cert-*` verification headers to all pages * Serves the `/.well-known/0cert` endpoint that 0 Browser checks automatically * Verifies your keys against the Key Generation Center (KGC) on setup * Shows your 0Cert status in the WordPress admin **What visitors see:** Users of 0 Browser (iOS) see a green **0Cert Verified** badge when visiting your site instead of the standard SSL lock icon. Your site's identity is cryptographically bound to your domain — not just promised by a certificate authority. **How it works:** 1. You register your domain at [app.0cert.io](https://app.0cert.io) or in the 0 Browser iOS app 2. A Key Generation Center issues a partial key for your domain 3. You generate your own user secret locally (never shared with anyone) 4. The two combine into a full private key — even the KGC cannot decrypt your traffic 5. Install this plugin, paste your keys, save — done **Zero configuration required:** * No server-level changes needed * No DNS certificate records to manage * No annual renewals * Works on any WordPress hosting **Open source:** The full protocol, KGC server, iOS browser, and this plugin are all open source at [github.com/0cert](https://github.com/0cert). == Installation == 1. Upload the `0cert` folder to `/wp-content/plugins/` 2. Activate the plugin through the Plugins menu in WordPress 3. Go to **Settings -> 0Cert** 4. Get your keys from [app.0cert.io](https://app.0cert.io) or the 0 Browser iOS app 5. Paste your Full Private Key and User Secret, click **Save and Verify** 6. Add a DNS TXT record: `TXT @ ibc-kgc=https://kgc.0cert.io` == Frequently Asked Questions == = Do I need to change anything on my server? = No. The plugin handles everything through WordPress hooks — no .htaccess changes, no server configuration, no root access required. = What are the Full Private Key and User Secret? = These are generated when you register your domain at app.0cert.io or in the 0 Browser iOS app. They are cryptographic keys unique to your domain. The User Secret never leaves your device during generation — even the KGC never sees it. Store them securely. = Can the KGC decrypt my traffic? = No. This is a structural property of the CL-PKC protocol. The KGC only issues a partial key. Your full private key is assembled by combining the partial key with your locally generated user secret. Without your user secret, nobody — including the KGC — can reconstruct your full key. = What if I want to run my own KGC? = You can self-host the KGC server — see [github.com/0cert/kgc-server](https://github.com/0cert/kgc-server). Enter your KGC URL in the plugin settings under KGC Server. = Does this replace SSL/HTTPS? = No — 0Cert runs alongside standard SSL. HTTPS handles transport encryption as normal. 0Cert adds identity verification on top, so that 0 Browser users can see your site's identity is cryptographically bound to your domain rather than vouched for by a certificate authority. = Will this slow down my site? = No. The KGC verification only happens when you save your settings, not on every page load. The headers and verification endpoint add negligible overhead. == Screenshots == 1. Settings page — enter your keys and verify with the KGC 2. Verified status — 0Cert active on your site 3. 0 Browser showing the verified badge on a 0Cert-protected WordPress site == Changelog == = 1.0.0 = * Initial release * KGC verification on settings save * X-0Cert-* headers on all responses * /.well-known/0cert verification endpoint * WordPress admin settings page with status indicator == Upgrade Notice == = 1.0.0 = Initial release.