144MB

I sign Floppy PNGs with the same private key associated with this npub.

My entire software repo is inside my banner PNG, which, at least currently on Primal blossom, is not modified. It can be extracted with this script:

Deno.writeFileSync("f.z",Deno.readFileSync("f.png").slice(41,-16))
new Deno.Command('pigz',{args:['-d','-f','-k','f.z']}).outputSync()
let extracted_data=Deno.readFileSync('f')
const data_length=parseInt(new TextDecoder().decode(extracted_data.slice(65,4120)).split('\n')[0])
const unfiltered=new Uint8Array(extracted_data.length)
let f=0,p=0,r=0
do{if(r==4140||f==0){f++;r=0;} else {unfiltered[p]=extracted_data[f];r++;f++;p++;}}while(f<extracted_data.length)
let site_text=(new TextDecoder().decode(unfiltered.slice(542340,542340+data_length)))
Deno.writeTextFileSync('site.txt',site_text)

Note that this should be verified. This particular image has a sha256 hash of: 138e86c494ddcc476df0d8e502d2d452daad249bd8c2519a5f25761741b04a8e

But, more importantly, I sign the data part of the PNG and use the top row to store the secp256k1 signature. This can be verified with this script:

import { sha256 } from "@noble/hashes/sha2";
import { schnorr } from "@noble/curves/secp256k1";
import * as pako from "pako";
try {
let f = 0, p = 0, r = 0;
const fpng_img = Deno.readFileSync(Deno.args[0]);
const pub = Deno.readTextFileSync(Deno.args[1]).trim();
const zdat = pako.inflate(fpng_img.slice(41, -16));
const u = new Uint8Array(zdat.length);
do {
if (r == 4140 || f == 0) {
f++;
r = 0;
} else {
u[p] = zdat[f];
r++;
f++;
p++;
}
} while (f < zdat.length);
const dl=parseInt(new TextDecoder().decode(zdat.slice(65,4140)).split('\n')[0])
console.log(schnorr.verify(
new Uint8Array(zdat.slice(1, 65)),
sha256(u.slice(542340, dl + 542340)),
pub,
));
} catch {
console.log("Usage: lverify [Floppy PNG] [144MB Hex Public Key]");
}

The extract script itself can be extracted from the Floppy PNG using the instructions on the header of the banner of the PNG in my profile banner. It is all so wonderfully self-referential, no?