Encrypt your messages with keybase

For a long time those who told us to encyrpt our communication were ridiculed. Nearly no one saw any reason to encrypt and for most of the people the technology was too difficult to use.

Actually there is no more excuse not to encrypt your communication. Even if the secret service isn't co-reading, the algorythms of your e-mail-provider will do. They scan your mails to show related ads. And what about other communication channels?

Hello Keybase!

Keybase isn't that new service anymore, but it wants to make encryption and validation of accounts easier. You can use it directly on their website, or use a commandline tool or event their API. Keybase.

Registration

At the moment the registration is invite only (I'll tell you how you can get an invite below). After registration you can create a keypair or upload an existing key.

Installation

If you don't want to use the website, you can install the commandline tool. I won't tell you how to do so, because it's very well documented on the Keybase website.

Verify your identity

After installation and setup, you can start verifing your identities (accounts). This may be your website, your twitter or github account. Several services are supported.

At this point I assume you installed the commandline tools (cli). You can do all this on the website, too, but this way it's easier to explain.

If you didn't do already, log in to you account:

keybase login

You will be prompted to enter username and password. After doing so, you can start.

Using an easy command, you can verify the identity of a twitter user (in case she/he is registered, too). You can do this by typing:

keybase id twitter://mauricehh

You will then get a list of all identities verified by this user.

To enable others to check your identitity, you should start verifing your accounts, for example your twitter account:

keybase prove twitter

You will then have to tweet a certain text, which will be used as verification.

You can verify other accounts the same. The complete list of supported services can be found here.

Encrypt messages

The most classic application is the encryption of a text, in an e-mail for example. So let's assume you want to send me an encrypted message:

keybase encrypt mauricerenck -m 'Alles klar bei dir?'

As a result, you'll get an encrypted messages you can send to me by mail or however else. I can decrypt the message and make it readable:

keybase decrypt geheime_nachricht.asc

The great thing ist, even if you don't know my keybase name, you can use the username of one of my verified account. You could use my username on twitter for encryption:

keybase encrypt twitter://mauricehh -m 'Streng geheime Nachricht'

Tracking

You can track certain users. You kind of follow them. Tracking is
Du kannst bestimmte Benutzer auch tracken. Du folgst ihnen damit quasi. Tracking is nothing more than a vote of confidence.

You keybase client always assumes it can trust nobody, not even its own keybase server! So, it will always try to verify the receiver of your messages. At first using the key, then using her/his verified accounts. How this works in detail, is documented here.

If you track a person, their identity will be trusted generally and doesn't have to be verified every single time. To make this save, your own key comes to action (see link above for more details).

No reinvention of the wheel

Keybase didn't reinvent the wheel. The whole thing is based own the well known GPG and works the same way. But Keybase makes the usage so damn simple. Everyone can use it.

The great thing, even if you friend doesn't have an account, he can send you encrypted messages using a form on your profile page! She/he can even verify the identity of files!

What you could do now

If you (don't) like this post, you can comment, write about it elsewhere, or share it. If you want to read more posts like this, you can follow me via RSS or ActivityPub, or you can view similar posts.