I am using keybase.io to provide my public pgp-key.
Keybase offers some really appealing services. They show a timeline of your connected/trusted devices; creating a way to verify someones identity by checking the steps in the timeline.
You can also easily create an encrypted message to someone, or decrypt another. I am not entirely sure this is the safest thing to do in a browser, after installing Keybase you can just use all their features in their app (Mac or iOS) or by using terminal.
Installing their app on your pc/mac provides you with these cool features:
1) End-to-end encrypted chat with anyone using keybase, or a private/public group.
2) Private and public encrypted folders, every file you place inside is encrypted and automagically shared with only yourself or others that you’ve added to the folder.
When adding a strangers public folder a popup of their profile shows up.
You can then browse the public folder in finder. Meanwhile, there is no sync, the files are streamed on demand.
Keybase also mounts an end-to-end encrypted private folder.
The cool thing is, if you want to share an encrypted folder with a friend you can simply add stuff in your shared folder (which implicitly exists).
So the main features Keybase offers:
- Identity proofs (I am Taco Oldenburger and I am @tacoold on twitter)
- Follower statements (I am Taco and I just lookup at John’s identity)
- Key ownership (I am Taco and here is my public key)
- Revocations (I am Taco and I revoke what I said earlier)
This is called the sigchain.
Keybase makes a hashed list of these announcement, the merkel root is published on the bitcoin blockchain. So everytime you add an identity proof or there is a public follow statement, these are added to the blockchain. Importantly, also revocations are added!
Read more about the Keybase merkle tree.
There are more cool features like encrypted Git.
So go ahead and install keybase! Protect your online identity and use encryption to secure chats and files.
Show my public folder in your keybase folder
In this folder I’ve added public keys (signal and ssh), some profiles pictures and software that is verified by me that friends can safely use.
You can use Keybase in terminal to encrypt messages to me.
Keybase is fully usable in terminal. All commands.
Privacy and security is important, and pgp-keys offer an appealing layer of security. It enables you to encrypt and/or sign messages and files. However most pgp or gpg software is complicated and hard to use. Keybase makes using encryption very easy. And they’ve made a very clever service to proof who you are and who trusts your proofs.
Keybase does a lot of work behind the scenes to make sharing encrypted files and following trusted people easy. There is actually a lot going on when you are adding a friend to your keybase:
– requesting that user’s info from Keybase (keys + proofs)
– playing back the user’s signed announcements & revocations
– actually scraping tweets, posts, profiles, etc.
– verifying the assertion you made passes, cryptographically
– if everything pans out, downloading blocks
– making sure the blocks are signed, and reconstructing the folder
presenting as plain files
A nice podcast episode with Max Krohn, founder of Keybase on the Software Engineering Daily podcast.