How GitHub Led Me to a Better Version of Keybase
I’VE HAD A KEYBASE.IO ACCOUNT for a couple years now. Even though I’ve never had the need to send encrypted messages to anyone, I’ve still kept my account current. As a writer, you never know whether someone will drop the next scoop in your lap. But, if I
It took me over a year to check out some of Keybase’s features. Imagine my surprise when I was tooling around on the Keybase website and started reading about something called the Keybase filesystem. Sounds neat. But it was nowhere to be found in the version that came in my distro’s official repository. Curious, I tried the version available on GitHub.
It turns out that the KBFS is a mountpoint (using Fuse) located at “/keybase” on your system. Files stored in subfolders of that path are automatically encrypted and/or signed for the recipients. A path such as “/keybase/public/alexcampbell” signs files and makes them available to anyone on the Internet. Saving a file to “/keybase/private/alexcampbell” encrypts the file so that only I can read it. Finally, saving a file to “/keybase/private/alexcampbell,bob” encrypts the file so only Bob and I can read it, and automatically shares it with Bob. I said it was neat.
If you’re not familiar with Keybase.io, it’s a service that’s built to solve one of the problems that’s plagued PGP: Authentication and establishing trust in someone’s identity is hard. There’s no real name enforcement when you create a PGP key. If you want to use the name Barack Obama and the email barackobama@whitehouse.gov, nothing stops you.
That doesn’t sound so bad, but keyservers—the traditional repositories of public keys—don’t enforce identities either. The only thing you can use to identify a unique key is its fingerprint. In a way, a keyserver is a place where anyone can jump up and claim “I’m Spartacus!” Unless the poor Roman soldier has a copy of the true Spartacus’s fingerprint handy, there’s no reliable way to tell these jokers from the real McCoy.
Keybase fixes this problem by allowing users to offer up their public key as well as authenticated links to social media accounts, GitHub accounts, and personal websites. It’s like shouting “I’m Spartacus!” while holding up a birth certificate and driver’s license.
The Keybase filesystem is cloud storage in disguise. But it encrypts your files client-side (on your PC) before uploading them. As long as you keep your private keys to yourself, no one can read the files. There’s no sync model, so you can only access the filesystem when online. If you really need sync capability, you can use rsync.
I like the fact that crypto is getting easier. Signal makes crypto as easy as pie for text messaging. However, sending files via Signal is less than ideal on desktop. Keybase makes sharing encrypted files a snap on top of its simplification of PGP.
Keybase offers 10GB of free storage for its filesystem; Google Drive’s free tier is 15GB. On top of that, files you share with others don’t count against your friends’ quota. That means if you share photos of your trip to the Everglades with your uncle Jim, he won’t curse your name for eating up all his storage space with blurry photos of what you claim are alligators.
If there’s a lesson to take away from all this (besides the fact that free encrypted file storage is kind of awesome), it’s that there’s often more to software packages than meets the eye. Updating your system gives you the latest patches to keep your system secure. But if you look beyond the repo, sometimes you can find something awesome that you never knew existed.
The Keybase service is like shouting “I’m Spartacus!” while holding up a birth certificate and driver’s license.