synliner.blogg.se - Keybase app

#Keybase app software
#Keybase app code

The message is encrypted with the session key, but only a recipient with an associated private key can retrieve the session key and then decrypt the message.Ī user’s Keybase profile includes all the proofs associated with their identity. To encrypt a message to one or more people with PGP, you obtain their public keys, and an algorithm encrypts a strong session key-one that can both encrypt and decrypt-with each public key. The other is private, and you must protect it at all costs. One key is public (hence “public-key cryptography”) and can be distributed freely. Knowing one doesn’t help you in any way determine the other. It’s effectively how SSL/TLS works for Web and email encrypted sessions.Ī PGP key comprises a public/private key pair, in which fiendishly complicated math allows the creation of two intertwined keys. PGP combines the power of public-key cryptography with simpler symmetrical encryption for speed. Keybase centers around a PGP-style key, a format that dates back over 20 years.

#Keybase app software

Desktop software introduced a year ago helps a lot. The secret sauce is binding it together into a graphically pleasing and user-comprehensible format, even for those people who have zero interest in or knowledge of the underlying details.

#Keybase app code

The firm’s code is open source, allowing validation, and they rely on open-source software for some of the fundamental parts of what they do. push-secret Push an encrypted copy of the secret key to the server.Written about Keybase before, because I admire the combination of approaches they’re taking to provide a simplified strong identity. i, -infile Specify an infile (stdin by default). To also automatically push/sync your secret to keybase (so you can then use it on other linked devices) you can use -push-secret: ⇒ keybase pgp import -help So to export your secret keys, and import them into your local keybase keyring: gpg -armor -export-secret-keys MYSECRETKEYID | keybase pgp import` This is normally not very useful and is a security risk since private keys are left unprotected. This is the same as the command export, but private keys are exported instead of public keys. Just came across this issue myself, and found that the correct args to use aren't shown in the standard gpg -help text: ⇒ gpg -help | grep exportīut you can see the (very limited) help text for it here:Įxport-secret-keys - export secret keys export-secret-keys name. I can speculate to the answers myself, but since it's important stuff I'd rather ask, to be sure. Any other specific risks or things I should be aware of? I want to make very sure my PGP private key remains my own.Does option 2 mean you need to have your private key in a file at your current location? Is the file typically protected with your passphrase?.

Does either option 1 or 2 give permanent access for the Keybase app to my PGP private key? Or is it just one time to sign a proof that the public key is mine?.

#import from stdin and send the public half to KeybaseĪt first, I thought that they were 3 instructions to be followed in order, but then I realized they were 3 different main things you could do.Ĭan someone explain in basic terms (I know the basics of PGP and public/private key pairs) what the first two options entail behind the scenes?

Instead, what I find is this: # import a key from gpg's key chain I had expected instructions to PGP-sign a specific text from the Keybase (Windows) app and re-upload that signed data (base64 or some such). I've created a Keybase account and imported the "easy" identities (e.g.