I found out something quite interesting over the last weekend, keybase.io. Basically, it builds another layer of trust on our social media accounts + lets you easily encrypt, decrypt and share messages within a tried-and-tested encryption standard. It was operated by invitation only for quite some time but it is now being made available in public. They have their keybase app where you can download depending on your OS. I have tried Mac version, it works quite nicely and I think they made it pretty easy for me to communicate in the form of encrypting/decrypting stuff.
You can trust that it is actually
me you are communicating, not some sort of
impersonator as long as I am holding my private key by myself. Unless you can hack through my key which is 2128 bit key which has like 23000 bit public key, good luck hacking it! . It uses encryption program called PGP, which is an asymmetric scheme that uses a pair of keys for encryption.
I would first go to their website and signup, here is my invitation for you to be able to join. Then you can identify yourself through their method of recognition of your social medias. They have a very nice step-by-step guide on how to make social media recognized as yours. For example, I proved my Github by posting a gist keybase.md in my GitHub. There was an easy guide on how to do this from keybase.io website. Another example like my blog, I had to create a keybase.txt. It is varied depending on what kind of social media to identify as you. Here is my keybase.io profile page. As you can see, I have already proven myself for a couple of social medias of mine.
I am on a Mac device. After you downloaded their app, you will able to run all these command line keybase commands. They provide a quick and easy encryption/decryption method through their
keybase commands. These commands work fairly well and easy. I haven’t tried
keybase with another user since I am yet to find another person who uses keybase. I would love to connect with you. After you join keybase, you will be able to follow me by clicking the
follow link on my profile page. Also, along with their
keybase commands, they provide a nice and easy user interface to send an encrypted message as well as signing option to prove yourself. When you are in their messaging page, you can type in recipient like
stalkcalvin which would send me a secured message.
Keybase started this recently. Basically, after your installation of keybase app, you are able to locate your user’s directory, and share files. Every file you write in /keybase/public/stalkcalvin is signed and shared by the user
stalkcalvin which is me. You can go to their website and find other people’s id and start sharing files as well. The idea is pretty cool and you can also run private shares between users. I am pretty sure you won’t be able to store any huge file but it’s great for communicating small text files or any data to be communicated encrypted. For more details, refer to this doc.
Obviously, keybase.io is not an ultimate solution to the encrypted messaging. However, I think it makes encrypted communication between users easier. You can store your public keys anywhere but remember, you must keep the private key safe at all times and you must not share it with anyone. The idea of how these communication works is quite simple. For example, if you want to encrypt a message to Bob, you encrypt it using Bob’s public key, and Bob decrypts it using his private key. Now when Bob wants to send you a message, he encrypts it using your public key, and you can decrypt it with your private key, pretty cool and easy concept eh? My public key is also on OpenPGP SKS keyserver. SKS keyserver started quite a while ago. It pretty much means you should be able to load my public PGP key using this command,
gpg --output doc.gpg --encrypt --recipient firstname.lastname@example.org doc.txt. This will search my public key in SKS keyserver like this and you will be able to encrypt the message and I will be able to decrypt with my private key. Anyway, this whole step is quite the hassle. I mean a lot of crypto experts have given up with using PGP as its complicated to make a proper use of what they had to do. I think this entire or at least quite majority of hassle is made comfortable with keybase.io. I would like to take the opportunity to note the difference with PGP vs GPG, I would research in google for further differences. In a nutshell, PGP is a paid version vs GnuPG is a complete and free implementation which uses OpenPGP standard as defined by RFC4880. Anyway, I think you see my point now. I would love to communicate with you via keybase.io. Let’s connect!