Questions tagged [keybase]
11 questions
24
votes
1 answer
How can I verify Keybase's end-to-end encryption between me and a friend?
The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted. You've read all the code in the client, or someone you trust has…
Luc
- 31,973
- 8
- 71
- 135
13
votes
2 answers
What do the Keybase pgp import instructions actually do?
I've created a Keybase account and imported the "easy" identities (e.g. Twitter, Reddit). Now it's time to get my PGP key there.
I had expected instructions to PGP-sign a specific text from the Keybase (Windows) app and re-upload that signed data…
Jeroen
- 839
- 9
- 15
12
votes
1 answer
How does Keybase.io work?
I've recently found more interest in encryption and security concerning communication.
During my research I have found the website https://keybase.io/ . It seems like a storage for public keys but is apparently more than that.
So what exactly is…
Marv
- 1,023
- 1
- 7
- 8
8
votes
1 answer
Does using the client keep the Keybase server honest even if you also use the web interface?
According to Keybase's documentation:
[The] keybase clients in the wild play a crucial role in keeping the Keybase server honest. They check the integrity of user signature chains, and can find evidence of malicious rollback. They alert Alice when…
Ericson
- 81
- 1
5
votes
1 answer
What are the problems with uploading client-side encrypted keys to keybase.io?
I was just reading some articles about keybase.io:
http://www.makeuseof.com/tag/keybase-wants-bring-encryption-masses-heres/
http://blog.lizdenys.com/2014/03/31/refusing-to-verify-myself/
And I'm confused about this statement:
I really hope you…
Wayne Werner
- 1,755
- 3
- 15
- 20
4
votes
1 answer
Is there a secure way to host private PGP keys (is keybase's method secure?)
Keybase's decryption page says "you must host your private key in Keybase's encrypted key store." This really rubs me the wrong way. I was under the impression that your private key should not leave your device, ever (Keybase even lets you have one…
NH.
- 1,004
- 1
- 9
- 20
3
votes
0 answers
How are Keybase group chats encrypted?
Keybase co-founder Chris Coyne: "Our goal is end-to-end encryption with minimal friction". How does Keybase do this for Keybase group chats?
It relates to this question: Which protocols exist for end-to-end encrypted group chat?
I haven't found the…
the
- 1,841
- 2
- 16
- 33
2
votes
1 answer
Messages encryption and decryption using Keybase.io
Could you please describes to me the security benefits of encrypting and decrypting messages using Keybase.io.
Do you think that using such thing will be secure, where the encrypted message redirects through Keybase server to the reciever.
user3011084
- 529
- 1
- 3
- 8
1
vote
0 answers
Why is keybase/gui_config.json owned by root?
I have keybase running on my Linux Desktop (Ubuntu 19.04). Since a recent update, the file ~/.config/keybase/gui_config.json is owned by root which is quite irritating. One negative effect of this is that I cannot add the file to my backup. All the…
1
vote
0 answers
Can a user be revoked from Keybase?
We're considering using Keybase for sharing sensitive information across a distributed team.
However, one thing is not clear for me: what if someone leaves the company and his access to a directory needs to be revoked for all devices he has? Given…
MaDa
- 111
- 3
1
vote
1 answer
Why does Keybase sign hashes of previous proofs?
I (think) I understand roughly how Keybase works to establish verifiable connections between a user on Keybase and a set of other identities (e.g. Twitter, GitHub, etc.). One of the steps to accomplish this to sign and publicly post a proof of this…
orome
- 323
- 2
- 9