404 Tech Support

Keybase embraces social networks for cryptography

Public key encryption is based on two keys, a public key and a private key. To send someone an encrypted message, you must find the recipient’s public key which would allow them to decrypt the message with their private key, something only they know. Keybase aims to help PKI by taking advantage of social networks, places where people are already pushing their identities. By tying social networks and identity together with Keybase, you can easily find a person’s public key and verify that they are the intended recipient by seeing their presences on Twitter, Reddit, Coinbase, Github, their own websites, and more.

Keybase is not reinventing cryptography and public key warehouses have existed before but Keybase seems to be taking a fresh look at PKI and embracing social networks to provide identity verification. You can confirm your Twitter account with a simple tweet, websites with a DNS record, and others. You then have a profile on Keybase where others can find your identity and public key.

 

With the Keybase website, you can encrypt, decrypt, sign, or verify messages. Some of those functions require signing in, of course. You can also “follow” individuals that you communicate with frequently to verify their identity so Keybase can track them for you.

You can take the GPG-encrypted message and send it to the recipient in any form of communication you prefer, knowing that its contents will be secure and only someone with the recipient’s private key will be able to decrypt the message. By signing it, the recipient will also be able to verify that you truly sent it by decrypting the message with your public key.

In addition to the website, Keybase is also a command line operation. You can do all of the functionality through the command line or the website.

Keybase is free and currently in beta with invites pending. You can learn more or request an invite at https://keybase.io/