=== 0Cert ===
Contributors: dimaulianov
Tags: security, encryption, ssl, certificate, identity, cryptography, browser, privacy
Requires at least: 5.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: MIT
License URI: https://opensource.org/licenses/MIT

Add 0Cert identity-based encryption verification to your WordPress site. Zero certificates. Zero renewals.

== Description ==

0Cert replaces traditional SSL certificate authorities with Certificateless Public Key Cryptography (CL-PKC). Instead of trusting one of 150 certificate authorities, your domain name IS your cryptographic identity.

This plugin adds 0Cert protection to any WordPress site in minutes — no server configuration required.

**What it does:**

* Adds `X-0Cert-*` verification headers to all pages
* Serves the `/.well-known/0cert` endpoint that 0 Browser checks automatically
* Verifies your keys against the Key Generation Center (KGC) on setup
* Shows your 0Cert status in the WordPress admin

**What visitors see:**

Users of 0 Browser (iOS) see a green **0Cert Verified** badge when visiting your site instead of the standard SSL lock icon. Your site's identity is cryptographically bound to your domain — not just promised by a certificate authority.

**How it works:**

1. You register your domain at [app.0cert.io](https://app.0cert.io) or in the 0 Browser iOS app
2. A Key Generation Center issues a partial key for your domain
3. You generate your own user secret locally (never shared with anyone)
4. The two combine into a full private key — even the KGC cannot decrypt your traffic
5. Install this plugin, paste your keys, save — done

**Zero configuration required:**

* No server-level changes needed
* No DNS certificate records to manage
* No annual renewals
* Works on any WordPress hosting

**Open source:**

The full protocol, KGC server, iOS browser, and this plugin are all open source at [github.com/0cert](https://github.com/0cert).

== Installation ==

1. Upload the `0cert` folder to `/wp-content/plugins/`
2. Activate the plugin through the Plugins menu in WordPress
3. Go to **Settings -> 0Cert**
4. Get your keys from [app.0cert.io](https://app.0cert.io) or the 0 Browser iOS app
5. Paste your Full Private Key and User Secret, click **Save and Verify**
6. Add a DNS TXT record: `TXT @ ibc-kgc=https://kgc.0cert.io`

== Frequently Asked Questions ==

= Do I need to change anything on my server? =

No. The plugin handles everything through WordPress hooks — no .htaccess changes, no server configuration, no root access required.

= What are the Full Private Key and User Secret? =

These are generated when you register your domain at app.0cert.io or in the 0 Browser iOS app. They are cryptographic keys unique to your domain. The User Secret never leaves your device during generation — even the KGC never sees it. Store them securely.

= Can the KGC decrypt my traffic? =

No. This is a structural property of the CL-PKC protocol. The KGC only issues a partial key. Your full private key is assembled by combining the partial key with your locally generated user secret. Without your user secret, nobody — including the KGC — can reconstruct your full key.

= What if I want to run my own KGC? =

You can self-host the KGC server — see [github.com/0cert/kgc-server](https://github.com/0cert/kgc-server). Enter your KGC URL in the plugin settings under KGC Server.

= Does this replace SSL/HTTPS? =

No — 0Cert runs alongside standard SSL. HTTPS handles transport encryption as normal. 0Cert adds identity verification on top, so that 0 Browser users can see your site's identity is cryptographically bound to your domain rather than vouched for by a certificate authority.

= Will this slow down my site? =

No. The KGC verification only happens when you save your settings, not on every page load. The headers and verification endpoint add negligible overhead.

== Screenshots ==

1. Settings page — enter your keys and verify with the KGC
2. Verified status — 0Cert active on your site
3. 0 Browser showing the verified badge on a 0Cert-protected WordPress site

== Changelog ==

= 1.0.0 =
* Initial release
* KGC verification on settings save
* X-0Cert-* headers on all responses
* /.well-known/0cert verification endpoint
* WordPress admin settings page with status indicator

== Upgrade Notice ==

= 1.0.0 =
Initial release.
