Keybase

Keybase allows users to prove a link between certain online identities (such as a Twitter or Reddit account) and their encryption keys. Instead of using a system such as OAuth, identities are proven by posting a signed statement as the account a user wishes to prove ownership of. This makes identity proofs publicly verifiable – instead of having to trust that the service is being truthful, a user can find and check the relevant proof statements themselves, and the Keybase client does this automatically.

In addition to the web interface, Keybase offers a client application for Windows,{{Cite news|url=http://www.macworld.com/article/3168585/encryption/keybase-offers-encrypted-chat-where-you-control-all-the-pieces.html|title=Keybase offers encrypted chat where you control all the pieces|last=Fleishman|first=Glenn|date=Feb 15, 2017|work=Macworld|access-date=June 8, 2017}}{{Cite news|url=https://nakedsecurity.sophos.com/2017/05/31/keybase-adds-end-to-end-encryption-to-messages-on-the-web/|title=Keybase adds end-to-end encryption to messages on the web|last=Dunn|first=John E|date=May 31, 2017|work=Naked Security|access-date=June 8, 2017}} Mac, Android,{{Cite news|url=https://androidcommunity.com/keybase-encrypted-chat-now-available-on-android-20170512/|title=Keybase encrypted chat now available on Android|last=Hoff|first=John|date=May 12, 2017|work=androidcommunity.com|access-date=June 8, 2017}} iOS, and most desktop Linux distributions, written in Go with an Electron front end. The app offers additional features to the website, such as the end-to-end encrypted chat, teams feature, and the ability to add files to and access private files in their personal and team Keybase Filesystem storage. Each device running the client app is authorized by a signature made either by another device or the user's PGP key. Each device is also given a per-device NaCl (pronounced "salt") key to perform cryptographic operations.{{citation needed|date=December 2024}}

Keybase Chat is an end-to-end encrypted chat built in to Keybase launched in February 2017. A distinguishing feature of Keybase Chat is that it allows Keybase users to send messages to someone using their online aliases (for example a reddit account), even if they haven't signed up to Keybase yet.

If the recipient (the online alias owner) has an account on Keybase, they will seamlessly receive the message. If the recipient doesn't have a Keybase account, and later signs up and proves the link between the online account and their devices, the sender's device will rekey the message for the recipient based on the public proof they posted, allowing them to read the message. Since the Keybase app checks the proof, it avoids trust on first use.{{Cite web|url=https://keybase.io/blog/keybase-chat|title=Introducing Keybase Chat|website=The Keybase Blog|publisher=Keybase, Inc|access-date=February 12, 2018}}

File:Meekwire_Keybase_-_James_Gordon_Meek.png

Keybase allows users to store up to 250 GB{{Cite web|url=https://keybase.io/images/blog/teams/teams-splash-announcement.png|title=FYI - we changed the default KBFS plan to 250GB instead of just 10GB. Very few people are hitting the limit so it's less work to let them go past it than deal with UX around upgrading right now.|website=Keybase (via Wayback Machine)|archive-url=https://web.archive.org/web/20171222221055/https://keybase.io/images/blog/teams/teams-splash-announcement.png|access-date=June 11, 2018|archive-date=2017-12-22}} of files in a cloud storage called the Keybase Filesystem for free. There are no storage upgrades available, but paid plans allowing for more data are planned.{{Cite web|url=https://keybase.io/docs/kbfs|title=Keybase|website=keybase.io|access-date=2019-02-10}} The filesystem is divided into three parts: public files, private files, and team files. On Unix-like machines, the filesystem is mounted to /keybase, and on Microsoft Windows systems it is usually mounted to the K drive.{{Cite web|url=https://keybase.io/docs/kbfs|title=Introducing the Keybase filesystem|website=Keybase|access-date=2017-09-26}} Currently, mobile versions of the Keybase client can only download files from kbfs, and can not mount it. However, they do support operations such as rekeying files as necessary. In October 2017 Keybase brought out end-to-end encrypted Git repositories.{{Cite web|url=https://keybase.io/blog/encrypted-git-for-everyone|title=Keybase launches encrypted git|website=The Keybase Blog|publisher=Keybase, Inc|access-date=June 11, 2018}}

Public files are stored in /public/username, and are publicly visible. All files in the public filesystem are automatically signed by the client. Only the user who the folder is named after can edit its contents, however, a folder may be named after a comma-separated list of users (e.g. a folder /public/foo,bar,three would be editable by the users foo, bar, and three).

Public files can be accessed by any user. Single user folders are displayed at {{URL|https://keybase.pub/}} and are also accessible by opening the directory in the mounted version of the filesystem. Multi user folders (such as /public/foo,bar,three) are only accessible through the mounted version of the system.

Private files are stored in /private/username, and are only visible to username. Private folders, like public folders, can be named after more than one user (e.g. a folder /private/foo,bar,three would be readable and editable by the users foo, bar, and three). Private files can also be read only for users after "#" (e.g. a folder /private/writer1,writer2,#reader1,reader2 would be readable and editable by the users writer1 and writer2 but only readable for reader1 and reader2). Unlike public files, all private files are both encrypted and signed before being uploaded, making them end-to-end encrypted.

Team files are stored in /team/teamname, and are publicly visible to team members. All files in the team filesystem are automatically encrypted and signed by the client. Only users who are marked as writers can edit its contents, however, any readers can access the files stored there.{{Cite web|url=https://keybase.io/docs/kbfs/understanding_kbfs|title=KBFS - Understanding KBFS {{!}} Keybase Docs|website=keybase.io|access-date=2019-06-09}}

In September 2017, Keybase launched Keybase Teams.{{Cite news|url=http://fortune.com/2017/09/18/slack-okcupid-sparknotes-encryption-keybase-chat-app/|title=First They Made OkCupid and SparkNotes. Now They're Taking on Slack|last=Hackett|first=Robert|date=18 September 2017|work=Fortune Tech|access-date=21 September 2017}} A team is described as "...a named group of people."{{Cite web|url=https://keybase.io/docs/command_line/teams_alpha|title=Teams for Keybase|website=Keybase.io|access-date=September 21, 2017|archive-date=October 27, 2018|archive-url=https://web.archive.org/web/20181027143249/https://keybase.io/docs/command_line/teams_alpha|url-status=dead}} Each team has a private folder in the Keybase filesystem, and a number of chat channels (similar to Slack). Teams can also be divided into "subteams" by placing a . in the team name. For example, wikipedia.projects would be a subteam of wikipedia, while wikipedia.projects.foobar would be a subteam of wikipedia.projects (and therefore, also of wikipedia).

Teams are largely administered by adding signatures to a chain. Each signature can add, remove, or change the membership of a user in a team, as well as when changes are made to subteams.

Each chain starts with a signature made by the team owner, with subsequent actions signed on by team admins or users.{{Cite web|url=https://keybase.io/docs/teams/details|title=Teams: Naming, Merkle Tree Integration, And Signature Chains|website=Keybase|access-date=2017-09-26}} This ensures that every action is made by an authorized user, and that actions can be verified by anyone in possession of the public key used.

{{Reflist}}

{{Commons}}

• {{Official website}}
• {{GitHub|keybase}}

Category:Key management

Category:OpenPGP

Category:Free software programmed in Go

Category:Tor onion services

Category:Internet properties established in 2014

Category:2020 mergers and acquisitions