![]() ![]() Those keys live in the user's signature chain A chat symmetric encryption key is 32 random bytes. The documentation doesn't mention any and I can't find it when looking around.įurther on, it explains the public keys are put into your signature chain:Īll Keybase devices publish a crypto_box public key and a crypto_sign public key when they're first provisioned. The weird thing is that there is no button to do either of this. Okay, so either we verify the symmetric key (identical on both phones), or we verify the public key (I should be able to display mine on my phone, and my friend will call up what their phone thinks my public key is, and that should match). How does this work with Keybase? Their documentation explains parts of it:Īlice and Bob share a symmetric encryption key, which they pass through the server by encrypting it to each of their devices' public encryption keys. If they match, you know (based on the open client code and the cryptography it uses) that there is no (wo)man in the middle. In Signal you check the safety number, in Wire you check the device fingerprints, and in Telegram you check the encryption key. It's pretty standard for E2EE software that the (client) code is open, the server sends you the encryption key, and you can check the encryption keys out of band. Since you can't host your own server, it has to be the Keybase, Inc's server that sends you the encryption key of your friend. But after loading the code onto your phone - installing the Keybase app - and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. You've read all the code in the client, or someone you trust has done so for you. ![]() Play with it, please, and let us know what features you want added.The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. If your biggest fear is hiding whom you're talking to, none of the apps mentioned on this page are safe unless you're coming in over Tor, with no info connected to your real identity, in a library or cafe, and wearing a disguise. It's better than PGP because of many modern crypto best practices, easier and safer key management, and easier and safer identity lookups. All of this is a requirement for performance and (upcoming) mobile notifications. Like with most chat apps, the Keybase servers will see who you're looking up.įor a given message, Keybase servers know who sent it, approximate size, who the recipients are, and an ID for the channel. More advanced blocking / reporting / nuking features will be available in an upcoming release. This version supports muting individual conversations, so you're not interrupted and can ignore conversations that you're not interested in. What block/muting features are available? When our mobile apps launch, your phone will be a great device for provisioning and chatting. Maybe even 3, if you start caring about your data in Keybase. So it's extra important to make sure you have at least 2 devices or paper keys. Keybase cannot read any of your encrypted data. If you lose all of your devices and paper keys, you will lose your data. ![]() But that would be publicly discoverable because of the new device name announced in your signature chain. If someone were to steal a device of yours that wasn't revoked, they could use it to read your data (of course), and therefore provision another new device. The old key is signing a statement about the new key, and the new key is countersigning. This isn't just two-factor auth with server trust. (a) type something on your first computer, or (b) enter a paper key. You'll see this policy in action when you install Keybase on a 2nd computer. This is verified by everyone you chat with. Key additions must be signed publicly into your signature chain by a currently active key,Īs determined by your signature chain. What's preventing Keybase from adding a device for me, that's really just owned by Keybase or nefarious shadow organization X? You can think of a PGP key as another part of a user's identity, and therefore one of the assertions you can make, like a Twitter address. You can, however, address someone by their PGP key! I've proven ownership of this PGP key, which your own client will verify: keybase chat send 'hi whoever owns 9701 6CB3' The basic idea here is that non-technical people won't get confused and do something irresponsible. You can read more about our key model here. People aren't so great at managing and moving PGP private keys around, so PGP keys are not included in our chat or filesystem. Even if you have a PGP key on your Keybase profile, these messages are only encrypted with your Keybase device + paper keys. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |