I’ve been fooling around with this for the last couple of days; you can find me at keybase.io/timbray. I think it might be pointing a useful way forward on private-by-default communication and, for what it does, it gets a lot of things right.
The problem · We’d like to be confident that the messages we send across the net — email, chat, SMS, whatever — are secure. When we say “secure” we mean some combination of “nobody can read them but the person who’s supposed to” and “the person reading them can be sure who sent them.”
In principle, this should be easy because of Public-key cryptography, which has been around for a while, is reliable enough to power basically 100% of the financial transactions that cross the net, and for which there’s excellent open-source software that anyone can use for free.
Getting crypto in place for mail and other messages has been tough, for a few reasons. First, how do you find someone else’s key reliably, where by “reliably” I mean not just find it, but believe that it’s really theirs?
Second, most messages these days live in the cloud (Gmail, Facebook, Twitter, whatever) and the cloud owners like to have them unencrypted to help them advertise better. So they’re probably not really all that motivated to help make messages secure.
Now, I know that secure email is possible, and that https connections to Facebook and Google and Hotmail are helpful, but right now today, most messaging isn’t very secure.
Keybase · Keybase.io does a few simple things:
Keeps a directory of keys that you can look up by a simple name. Since I’m an early adopter I got “timbray”, but in practice your email address would work fine.
Lets you prove that the owner of a key also owns a particular Twitter handle and Github account. In practice, since I tend to believe that the people I know are associated with certain Twitter/Github accounts, I’m inclined to believe that the keys really belong to them.
Lets you encrypt messages so they can only be read by one particular person, lets you sign them to prove that they could only have come from you, and the inverse; decrypt and signature-check.
Does all this in a simple web page that’s easy to use, or in a geek-friendly command-line interface.
So, the idea is that if there’s a message you want to send, and you want it to be a secret, you visit keybase.io, paste your text in, encrypt it for the person you’re sending it to, sign it, and then copy/paste it into an email or chat or Facebook message or whatever. The person at the other end copy/pastes it into keybase.io and reverses the process and hey-presto, you’ve just practiced secure communication!
Here are a couple of screenshots showing how I’d encrypt a message to my wife, who’s known as laurendw on Keybase.
Yeah, it would be better if this were already built into every messaging program that everyone uses, and you got it by pressing a button; or better still, if everything were always encrypted.
But in the interim, while this may be a little klunky, it’s awfully simple and easy to understand; and it works with anything that can be used to send a chunk of text from anywhere to anywhere. So I’m pretty impressed.
In greater depth · Here are a few more technical reasons why I like what I see at Keybase; probably not accessible to non-geeks, sorry.
There’s the ability to “track” another user, which does all the crypto checking and signs the result, so in future you can do a quick check whether anything’s changed. This speeds things up and removes a few threat models.
There’s also a command-line client, which should be very comforting for the paranoid. Perhaps the most worrying threat model is that someone shows up at Keybase’s office and, using either malicious technology, a National Security letter, or white-hot thumbscrews, arranges to compromise their software; the first time you type your passphrase into that compromised software, your security is a smoking cavity. But if you use the command-line client, the adversary has to compromise your own computer to get at you.
The actual cryptography software is all GPG and Scrypt; what Keybase offers is pipefitting and a directory and some utilities. So the crypto part ought to be believably secure.
It’s all open-source and there on Github. Very comforting.
There’s also a REST API, which at first glance looks very sensible to me. I’m fighting the temptation to start building an Android client. Such a thing could be pretty useful in combination with Android’s Intent-based sharing architecture; you could post an intent filter to receive pretty well any message, encrypt it, and then fire off another intent and let the person holding the phone email it or Facebook it or whatever.
In principle, once the API is locked down, anyone could implement a Keybase-style directory — for example to serve a particular community of trust — and messaging tools could be taught how to work with any old instance.
The people who built this are the ones who built OkCupid, which suggests that their technical chops may well be up to the task.
A worry · You can also store your private key, encrypted with your passphrase, in the Keybase directory. This makes certain things easier and quicker, but it makes that one particular threat model, where a bad person compromises the software, even scarier, because they have your private key the first time you type your passphrase into the compromised software. I’m going to try running without the stored private key (which it seems requires deleting my current key and refreshing it); I’ll report back.
Trade-offs · [Update:] Yep, if you delete your stored private key, it means you have to use the command-line client rather than the web interface. Which is way less civilian-friendly. This is a very, very interesting trade-off. I’m thinking Keybase is going to have to publish something about their legal and political defensive measures.
[Another update:] If you’re using the command-line keybase tool on OS X, you can store your passphrase in the Mac keychain, so any commands that need your passphrase Just Work. So for people who are handy with the command line, it’s actually more convenient then the Web form, which requires you to type in the passphrase, or paste it from your password manager.