I've recently found more interest in encryption and security concerning communication.
During my research I have found the website https://keybase.io/ . It seems like a storage for public keys but is apparently more than that.
So what exactly is Keybase.io and how does it work/how do I work with it?
Keybase.io provides a directory service that allows looking up public keys for accounts on other services that don't themselves support PGP, and whose account types are not recognized as UIDs on PGP.
For example, if I want to know the PGP key for a certain Twitter account, I can ask the keybase directory, which will respond with a text record that contains a phrase indicating this is a keybind, a Twitter handle and a key ID, as well as a link to a tweet that contains a signature over this data.
This is similar to the way UIDs are attached to PGP keys -- the master key signs a specially formatted message that contains the UID to be bound to the key. The main differences are that the binding is stored externally to the key (because there is no standard for Twitter handle UIDs), and that the signature is stored inside Twitter to provide verification that the owner of the Twitter account is really the key holder (where normal UIDs are signed by others).
This way, I can send a message to a Twitter user through an encrypted channel, although there is no integration into the Twitter service itself.
Because they allow direct messages of up to 10.000 characters, sending a PGP encrypted message through Twitter is certainly possible.
This is only good for sending messages to "the owner of an account" though, as no further verification is done. It could theoretically be attacked through Twitter itself altering the tweet so it matches an attacker's key, although the signature contained in the tweet is public, so it could be archived by third parties and manipulation thus detected.
The same goes for Github and the other services handled by Keybase.
