Keybase homebrew11/13/2023 Pinentry-program /usr/local/bin/pinentry-mac So how can we we use Keybase and also make GnuPG friendly to other tools like Git? Setup Keybase □ Here Keybase can be a secure replacement for chat, file sharing and (unpublished) source code management tools. This is a context where institutions will typically provide you with bad tools and services, refrain you from using well-known tools, and the boundaries of who you work with are quite malleable since you work with people at other institutions and companies. There are many contexts where using Keybase makes sense, such as research groups in Universities. This is interesting as everything is encrypted. some crypto-currency thing which I don’t care about.Git repositories for yourself and teams,.private, group and public file sharing (e.g., folder me,other is shared between 2 users),.a nicely-done Slack-like chat for teams,.I believe that Keybase deserves a second wave of interest, because the modern Keybase is way more interesting than just mapping identities to encryption keys. Like many people I on-boarded when the service opened and it went viral on Twitter.īut then like many people I never really used it because, well, I’m not using GnuPG everyday anyway. You may even make the devilish (read: convenient) choice of having your keys stored on Keybase, or just attach existing GnuPG keys that you will still manage locally. Keybase provides a simplified workflow for common tasks including key management (e.g., fetching keys of your contacts), and it has GnuPG interoperability. ![]() Keybase also offered streamlined web and command line user interfaces for managing Keybase, following people and encrypting / decrypting content. This is a good idea, because from social networks and Keybase accounts linked to those social networks, you can build a trust network on Keybase. One can do so by posting Keybase-signed messages to these social networks and places. Keybase essentially introduced a modern way to build trust networks, because people can check that user123 on Keybase is also user123_coder on GitHub, user123 on Twitter, and that the user owns the domain. The Keybase service was introduced a few years back with the interesting idea of mapping social / public identities to encryption keys. You will likely do it with a few friends and colleagues once in a while, and… that will be it.Īnd of course people will loose their keys and they will not even have a revocation key □ Enter Keybase □ In practice no one but a few geeks or activists will want to do that seriously. So you can get to your friends or at so-called “key signing parties” and sign other people key to claim that you have verified that some public key does belong to the person it claims to be.īy doing so keys form trust networks, which helps recognizing plausibly authentic versus fake keys. The problem is that once you have a key pair then no one really knows if the identity claimed is real or not. Generating a key pair with GnuPG is not very difficult, and under 2 minutes you can have one and push it to some public key servers. This is especially important with opensource development where signing source and release artifacts is a plus, and often a necessity. We may also want to sign files for integrity checks. Still, GnuPG is useful because we may have files to encrypt so their content can only be read by ourselves and maybe a few people. Over 15 years I have had a few GnuPG-encrypted email communications with colleagues or friends, but it has always been a hindrance.Īlso while it did encrypt communication content, there is enough meta-data in plain text with email (title, recipients, etc) to make GnuPG email encryption a half-baked solution to a real problem. This tool has a horrible user interface, and I have never really found it useful for communications. I have a “love - hate - hate - love - hate - hate - hate” relation with GnuPG. There is a macOS bias in some of the commands which you can easily adapt to other Unix systems □ The GnuPG experience □ ![]() The configuration steps are adapted from Patrick Stadler’s instructions on GitHub. ![]() ![]() Until then all I used to sign were Git tags.Īs I wanted to find a better solution than just using plain GnuPG and its numerous practicability flaws, I gained renewed interest in Keybase, especially as it now provides more than just a streamlined experience with encryption tools. I wanted to ensure I could continue using GnuPG to sign opensource release materials, but also sign public Git commits. I recently decided to revoke a 10 years old GnuPG key pair that I was using across machines, and decided to start from a clean sheet. Time will tell if Keybase will remain actively developed and secured, but perhaps it will be better to just go back to plain GnuPG with the pains if you need a key pair.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |