Messaging Use Keybase.
Nick Peers discovers a more user-friendly way to secure file sharing and instant messaging using public-key encryption.
Nick Peers is a busy man, so he wants a simple but secure way to chat.
Public-key cryptography has long been one of the most secure ways to identify yourself and ensure your conversations and data are kept private, but it’s not exactly user-friendly. Keybase aims to change all that by providing a convenient tool that makes it easy to identify yourself to others, plus chat and share files through a secure tunnel that employs end-to-end encryption.
Keybase won’t appeal to those who want to hide their true identity – as the ‘Hiding in Plain Sight’ box (opposite) reveals, a key part of it is advertising yourself to provide good faith that you’re who you claim to be. This is done by linking key accounts to your Keybase profile in such a way as to provide strong proofs of your identity. Once done, you can then use Keybase to identify with a high degree of confidence other friends and contacts, then communicate and share files in a secure way.
Keybase is still in alpha, but already has a finished feel to it – you can use it through your web browser, but there’s also clients for Linux, Mac and Windows (so no one has an excuse not to get signed up). The app is the most convenient and secure way to use Keybase, but there may still be times when you want to use the browser – for example, to send PGP-encrypted messages without having to use the command line. We’ll cover all this in this tutorial.
Get started
First, the good news: Keybase used to be invitation-only, but now anyone can sign up. Browse to https://keybase.io and click Join. Enter your email address, then enter a Keybase username, which is how others will identify you. You’re prompted to create a passphrase – minimum 12 characters, so now is a good time to try a secure password generator like Keepass if you haven’t already. Once done, click Activate!
You’re sent to your profile page, where you’ll see a button telling you further action is required, but first look out for the verification email. Click this to complete setup, then that’s it for your email address. Keybase doesn’t advertise your email or phone number; everything that proves who you are comes from other online sources that you choose to link.
Before that, start by filling in your bio – the more information about yourself you can provide, the better. Enter your full name, add a brief bio and provide your home location – all of these little proofs will help others validate you are who you say you are, and are displayed whenever anyone browses to https:/keybase.io/ username (where ‘username’ is the name you claimed when signing up).
Install the app
Before we go any further, let’s switch to using the Keybase app, rather than accessing it through your web browser. The following instructions are for 64-bit flavours of Ubuntu and other Debian-variants; visit https://keyba se.io/ dow nload and click Linux for instructions covering other distros.
Open a Terminal window and type the following: $ curl -O https:// prerelease.key base.io/ ke ybase_amd64.deb $ sudo dpkg -i keybase_ amd64.deb
Ignore any errors referring to missing ‘libappind icator1’, and carry on: $ sudo apt-get install -f $ run_keybase
You’ll see the Keybase service start in the Terminal window (once done, you can safely close it) and then Keybase itself launches for the first time – going forward, you’ll see its icon appear in the menu bar. A web page opens with a brief summary – close this once you’ve read it, then click the Keybase menu bar icon and choose Show Keybase, then click Log In to open the main window.
Click the Log In link at the bottom of the new window, then enter your username or email address, and click
Continue. Enter your passphrase and click Continue again. You’re prompted to set a public name for your computer – something such as Desktop or Laptop should suffice, or if you plan to run Keybase across multiple platforms, go for something more descriptive, such as Ubuntu Desktop.
Click Continue and you’re shown a ‘paper key’ that is described as allowing you to ‘perform important Keybase tasks in the future’ (one of those tasks will allow you to install
Keybase on another computer and link your account to it – see the Quick Tip opposite). As instructed, write it down somewhere safe or copy and paste it into a secure notes app, before ticking Yes, I Wrote This Down and clicking Done.
Prove your identity
Now you’re logged into the app, it’s time to build up your persona. Start by clicking Edit Profile to add your name, location and bio if you’ve not already done so, then click Save. Ignore the photo for now – that will come from your Twitter or GitHub account when you confirm one of them.
The next step is to build up a series of proofs that confirm you are who you say you are. This involves linking various accounts: Twitter, Reddit, Facebook, GitHub, Hacker News and one or more websites. Click one to get started – taking Twitter as an example, you’re prompted to enter your username, then copy and paste a tweet into your account. Keybase then looks for this in your timeline and – when it finds it – verifies your identity accordingly.
As an aside, when you connect your Twitter account, you receive email notifications each time someone you follow on Twitter joins Keybase and connects their account – if this proves too distracting, tgo to Settings > Notifications, where you can disable this and other notifications.
Other services work in a similar way – in the case of Facebook, just click the Make a Facebook Post link after supplying your username (go to your Facebook profile page if you don’t know this and look in the Address bar for www.facebook.com/ yo ur.na me.123). Make sure it’s Public.
If you want to prove your website, you can either host a text file on the web, or place a Keybase proof in your DNS records. If you go down the latter route, log into your domain name provider and look in the advanced section of your domain’s DNS settings for TXT entries, where you insert the proof. Don’t panic when you get an ‘unreachable’ error – keep checking and it should be confirmed within 24 hours.
Reload your profile when prompted and you’ll see your identity is now verified. You can view your proof (or revoke it if necessary) simply by clicking the tick mark next to the identity in question. The more proofs you create, the more solid your identity is to other people – and anyone who is following you receives an email notification for each proof you provide as you add it; you receive emails as people you follow add proofs to their account in turn.
For maximum security, be sure to click the Add a PGP Key link – you can import an existing key, such as one you’re using for email, or have Keybase create one for you. If creating from scratch, include all email addresses you plan to use for PGP encrypted email going forward.
Build up contacts
You can now start to look out for friends and other contacts through Keybase. You can send out a number of invites to others, or they can find you first and appear in your Followers list. If they find you first, click their name and review their proofs, then click Follow to follow them back. You can also browse their list of followers (as well as those they’re following) to locate other contacts, or you can use the Search icon.
As an aside, following someone is the equivalent of endorsing their identity, adding further proof to their claim to be who they say they are.
Selecting Search enables you to search for contacts using not just their Keybase name, but also by Twitter, Facebook, GitHub, Reddit or Hacker News handle. If they have a Keybase profile, this is highlighted; if not, you can start a conversation or set up a shared folder with them, then send them an invitation link. Once they’ve signed up for
Keybase and linked that account, the conversation and folder become visible to them.
You’ll also see options to open folders or start a chat – more on that in a moment. The Search tool is also handy if you want to set up a group chat or create a shared group folder, too – you simply keep searching for the people you want to connect with, then click to add them to the list of names. From here, chatting with people is easy – the stepby-step guide reveals everything you can do.
Share files
If you want to share files with others, Keybase provides a cryptographically secure file mount. There are two options on offer: private, for sharing only with selected individuals, and public, a shared folder that anyone can access.
You can set up private shared folders one of two ways: via the Search tool, in which case select your contact and click Open Private Folder. A new folder is created under ./keybase/private using the following syntax: your name, their name. Drag files into here, and they’ re encrypted and transferred to a corresponding folder that’s created on your contact’s computer, where they’re decrypted. Everything’s done invisibly behind the scenes.
You can also access your private folders by clicking the folders icon in the main window, or by reopening the Keybase status window from the menu bar – from here you can create a new private folder from scratch, manually inputting the name of the contact you’d like to share it with.
The public folder option is interesting – it’s obviously not designed to provide a secure means of transferring files between people, but instead it gives Keybase users the guarantee that files you choose to share with them haven’t been tampered with in any way – there is no server-side or man-in-the-middle hijack possible.
Public folders aren’t automatically synchronised to other people’s computers; instead, the files are streamed on demand. You can access your shared folder via the Folders icon by switching to the Public/ tab. Click your own name to open your own Public folder (it’s located under ./keybase/ public/yourname). Any files copied in here are available to anyone who chooses to connect to your public folder. Other people’s public folders can be accessed in the same way you connect to private folders – via the Search tab (click Open Public Folder) or by opening the status bar icon, switching to the Public/ tab, then typing in their name. If you choose the latter option, you can create group public shares, too, again using the your name, their name syntax.
PGP messaging
If you add a PGP key, you can send PGP-encrypted messages through your browser, via the command line ( keybase pgp encrypt ) or a supported app, such as GPG.
To do this using your web browser, log into Keybase at www.keybase.io and then select the person from your Following or Followers list, or use the search tool to find them on Keybase If there’s a PGP Encrypt option, click it.
From here, simply type the message you wish to send, then click the Encrypt button and it’s sent to them encrypted. You’ll also see buttons for decrypting, signing and verifying messages using PGP, but not all of these options work in your browser unless you opted to host your private key in Keybase’s encrypted store when you created or imported it. If you didn’t, you have decrypt and sign messages from the command line: $ keybase pgp decrypt -m “message text” $ keybase pgp sign -m “message text”
You can also import Keybase keys to GPG (or any other PGP applications) easily to allow you to read and send messages from there. If you’re using GPG, you can do this using the Keybase app: $ keybase follow username $ keybase pgp pull username
And finally…
Although Keybase is relatively straightforward to use, there may come a time when you want to simply press the reset button and start again from scratch, or you may lose access to all your private keys. Whatever you do, don’t delete your account; instead, go to https://keybase.io/username – ‘username’ is your Keybase username obviously – and click the Settings button. Select Reset Your Keys & Start From Scratch, enter your account passphrase and click Reset Account. This removes your keys – along with all your proofs and devices – enabling you to start again from scratch.