Exploring Keybase

Keybase

I installed Keybase a while back but haven’t time to play around with it much since then. I setup my account, added some other accounts and created a solid identity. This weekend there was a little time, and I had a job for Keybase so it was time to work out what it could do and read up on some of the features. I made some notes as well, here they are.

Introduction

The Keybase home page introduces itself as “a security app for phones and computers”. Think of it as “Slack for the whole world”, they suggest. But it is so much more than that really. Yes, it is a security app but it ain’t gonna replace Slack anytime soon. In their original mission statement, back in 2015, they described Keybase as “bring[ing] public key crypto to everyone” and in a sense it is a wrapper around what the old bearded fellows may have called GPG/PGP cryptography. (You can even use existing GPG keys if you wish). Public key cryptography is about 40 years old now, and yet it is still frustratingly difficult to use. Keybase is an attempt to remove the friction from this experience.

Keybase is an app that will run on your computer, phone and tablet that will encrypt all communications using your private keys and allow others to verify your identity before, and while, communicating. There is a chat facility and there is file sharing, individually and for teams. By tying your Keybase account with your twitter/github/reddit/hn accounts, you can build up a reasonably solid proof of identity. In this new internet world, our identity is online and, to a certain extent, who we are is who we are on Twitter/Facebook or whatever. Instead of creating a Web of Trust through face-to-face key signing parties we use our existing social network accounts to do that for us.

It’s the file sharing that is particularly useful, the ability to put a file in to my public, private or team folder, send the link to others and know that only those with the right ‘keys’ will be able to view or modify the file.

Security

Keybase stores the public signatures for it’s users on it’s server. This includes not just the user’s public key but also the connections to their other social accounts. All these signatures and any changes to them are stored on a signature chain. The server tracks these signature chains with a global Merkle tree. With every change of the Merkle tree, the server signs and publishes this root. (These chains are (partially) cached on the various clients and, at a later stage, other servers which gives a decentralized chain of signatures.)

I’ve skipped a lot of the more technical details here, but basically the server has a global Merkle tree structure, the root of which is published on the Bitcoin blockchain. To sum up, making unauthorised changes to the data is close to impossible.

The Keybase Security pages have a wealth of more detail. A fascinating read if you’re a security geek!

Also, there was an announcement earlier that Keybase may switch to using the Stellar blockchain rather than Bitcoin, but so far no further details.

Chat

Yes, you can have direct chat with other users. This works pretty much as you’d expect (and is encrypted naturally). There is the added feature – exploding messages! These are messages that will ‘explode’ after a certain amount of time. Fun, and maybe useful, I’m not sure.

KBFS

Keybase provides a file system! I find this one of the more interesting facilities and it’s now by far the easiest way to share files amongst the team, or with friends who have Keybase installed. Copy or move the file into /keybase/team/wallabys and it is available to the others. And it’s encrypted. And 250Gb is free for each account.

It’s this ability to mount the keybase file system into my computers file system that is so useful. In fact, it took me a while to realize that there was a mount point in the file system. And, that when I logged out of Keybase, all files and folders disappeared until I logged in again.

Accessing these folders can also be done over the internet obviously, in fact, my public folder can be viewed at /keybase/public/jalalski/ and /keybase/public/jalal@github/, keybase taking care of the mapping for me. It also means that visiting https://keybase.pub/jalalski/ will you bring you to my public folder.

Interestingly, other users public folders can be accessed on my file system as well. For example, to view Chris Coyne’s plan.txt, just access it in the file system: cat /keybase/public/chris/plan.txt. This will work for everyones public folders.

Suppose we want to share a confidential file though? (Assume your username is freddie) I can create a folder called /keybase/private/freddie,jalalski and the contents will be signed with my keys and yours, allowing us both access (and only us). If I only know your twitter handle, I can create the folder /keybase/private/freddie@twitter,jalalski instead. Note that Keybase servers do not need our private keys to do this, it is all handled with the public keys.

Teams

If you are familiar with Slack, you are familiar with how team conversations are done. Keybase works similarly, but with the key difference that Teams are encrypted and have their own encrypted file space in the KBFS. There can also be sub-teams.

Team membership can be at different levels: reader, writer, admin and owner. These function as you’d expect and can be assigned when a person is invited.

Git repositories, encrypted

I’m not sure what these are useful for yet… except to provide a free alternative to GitHub. There is a limit of 100Gb per user and per team.

Who pays?

With any project like this, one of the key questions I ask is: who is paying? If there is no obvious business plan, then like any other project offered for free, they are probably selling data. Your data. So I’m quite happy to see that Keybase had raised $10.8M from AndreesenHorowitz, albeit three and half years ago and recently made a deal with the Stellar Development Foundation, although I can’t find any details on that.

There is also mention that users and companies that require more disk storage will have a paid option.

I’d be really interested in what other sources of income they are planning, otherwise it is a leap of faith at present to put too much energy in to the Keybase project.

Useful tips and commands

run_keybase will restart client and server services. Useful if you’ve done a manual upgrade or if there are some mysterious hangups (‘Cannot connect to server’ being one of them).

keybase status shows the status, keybase ctl start and keybase ctl stop will start and stop the keybase process.

All the functionality of the GUI client is available from the command line, including chats and file sharing.

Have fun with Keybase, I certainly hope that it makes encryption more common place and usable.

– End of doc –