There’s a fairly new social network—so to speak—on the scene these days. It’s called Keybase, and that is exactly what the main idea of the network is: A common base for (public) cryptography keys. In this two-part series, we’ll first look at public-key cryptography and then look at why Keybase is such a great idea.


Public-key Cryptography

Cryptographic algorithms are often split into two categories: Asymmetric and symmetric cryptography. In asymmetric cryptography, you have a public key for encrypting a plaintext into a ciphertext, and a private key to decrypt. In symmetric cryptography, the key used to encrypt and decrypt is the same.

One of the advantages of public-key cryptography is that the public keys can be distributed freely. This allows a number of parties to encrypt messages for a recipient without any of them being able to read each other’s messages. It also means that key management becomes easier, with less chance of a compromised key.


Keybase and Public-key Cryptography

Keybase is a web-based frontend to GPG, the GNU implementation of PGP. It offers two pairs of operations. The first is for writing secret texts, and the second is for writing tamper-proof texts with a verified author.

Encryption and Decryption

The word cryptography comes from Greek and means “hidden text” or “secret text”, and this is the most obvious use case. This is what you will use when you write a message that you want to be unreadable to anyone but the recipient. If you have someone’s public key, you can encrypt a message that only they can decrypt and read.

Pick Recipient

Keybase makes this easy. First, select encrypt and pick a recipient on Keybase:

As you can see, the recipient picker shows you their names on the sites and accounts they have verified. More about that shortly, but that means that you can easily recognize someone even though they have a different username than you are familiar with. The search matches on all of the sites.

Write Your Message

Time to bring out the secrets!

You can choose to sign your message. We’ll talk more about signing in a moment. You might not always want to sign your message—sometimes deniability can be desirable.

Note

You can set yourself as the recipient of a message. This means that only you can decrypt it later, and is a secure way of storing notes for yourself.

When encrypted, you can either copy the ciphertext and send it to the recipient, or you can edit it and re-encrypt if you need to make any changes.

The ciphertext looks like this:

-----BEGIN PGP MESSAGE-----
Version: Keybase OpenPGP v2.0.8
Comment: https://keybase.io/crypto

wcBMA39peCOFXxFrAQf/QQoKvqzPUMa39wBCZKewQmmMx1O8okJIVQCgFiEsACaC
PmUckGsJAVkdMckfySDTIp3BkMX6llPKEVPLqBeTPRnlY5YWJLVzZTNIXzvrc9Dr
+LVtSzPQQ1Tl6IBilh5lHpTQ0aIOxRr11yPxo8yDJi8BtPcksFccjAnkSPXHVZdy
aqijVV+9PpBZdvbwJWvfowFxUFBWvLNbyYrlTkghX5hY8lWUtgNwqpTR6ic2lCvA
I+am6Bt8qxJ2bnVtQXmU1WHBKfP//DCyL5SWgZjKHKNqJoQBCwqGp6oES8zkuaOz
PfwRMsFFBliwgm8nioUZqT22dZN+NUZEh5LInSscVMHATAN/aXgjhV8RawEH/R9w
LcV4EyI/TDW+r5ziuK/SwN0B778nIBgH3h9wjK1H6JK3vg6SZ3I00qgOxU4IpfcF
9YxeztcGLgbAA/IFh6qC6vg4NptDdtOnAT9lGkR8f6mC2PVB1gw6N4dvomfv0yEw
YvQ+yyiDK7kDUlxmeJ8Xev9rM65Dj52f7mQlrnPwwv1zgoAJzomW8cYYsXdDhWK4
fF9O+AQtIFNERbRClqy77j7qcX2yPeX3P6G1QrJJGQ5UijudWCGaqxAT9HmdUcA7
PCvhLMxD3RMGov3H0wuZBNCly72qxkpyLOIz5X6/t/Ib/sgr9vDlBK4/0maffjTo
de4Cqz7cPfvSFfoAEkw35bHqDVgNOCdVJAGPiwSlXA0s/5SVuhHRQgA/HW7V1Ogh
KiPkZAyorEKzHmTxJHEWb18WQFoEkeoTW6AXxnuREh8GzGpjIEunoZNEo3YrOpTh
+Z1lJGI8tvnGO72LYM+t6sEXcZ2WkQOxEZip0VSMEOFOHzT46jgGsRaZUeyAFREj
EjyjlQd5HsevgGDWIXFQkqlBVtYggj1lP3ET4n+mnBGLutOtXqbJt0dcwdYbeRuc
1SC57U0oSGgVJYecUT1OAHEeh2Y9hyEP1l09DaS33ApGMn+2zGMiqOm4gzpimfgF
1b1WAhrf5Xuh9YUn+0VZ1Lq/1Al0PtnW1x2FfEbQw3/WVt8UFuDYW6v3sBbN11tG
cQWmiQg+Z/92LG8ZWiS/Jw/VlcBKmoq8/f90DBoipEZK5qQ3sTmLqObDEgBa9cnv
CpstU73lV301JFhrUQr/5u+dMfCcyT7Qo4Fo1q2hdcwjuVRqTvykCV+ezRVCs8/b
8jhD2p78RBVbV+3ZYC1/a9JSMuPfBn8f9IaNjdNn0g9aSrqFyjQSGPiRJ6pUiA==
=RznU
-----END PGP MESSAGE-----

Decrypt

Decrypting a message works the same way as encrypting it. A nice feature on Keybase is that it will automatically verify a signed message for you.


Digital Signing and Verification

Public-key encryption can also be used to verify the authenticity of a message. Using a public key, you can verify that a message was written by someone in the possession of a given private key, and that the message is unaltered. You can use this to give a public statement that others can verify was written by you. Unlike encryption, the resulting text is still readable by anyone.

To illustrate, we input this signed text.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I am the system administrator. My voice is my passport. Verify me.
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.8
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJVVP0uAAoJEC0vcXWOE5OST9sIAI3Na866Jb/yH7Acx1jDrqBH
bsQv8J21NNHHQfjXRA7fqxhoJCNjLRnMbnn4M97CsTzjgGoBhmn64mwTyrQpybYx
EYso+gorZeCgOF2T2e78UC4dDCL2ywZMtgWT/PCnSJYy8j06MtdVKcxLwx9+vZjH
QhVL6nFPN6dyhOzatplBSoilr3LEL9Nh5HV6CSDhgBYpWFkCzV2fxa09QMIy4MX5
gLr5CmUcm9yG8m2VVfOWdArx5o5a6NxSnKHjdnowmIRamLlCX0tLJ9Yf/rVJCsFQ
3f8RRi3sPdY+FJDpLZ3C73L0epCM+kuIpEw4oifj0dLUHjCf9C+fd7oqsEOdVmU=
=XK7E
-----END PGP SIGNATURE-----

Keybase responds:

If you’re wondering how this works, the following xkcd explains the algorithm behind it:

<p class="image-caption"> “If you want to be extra safe, check that there’s a big block of jumbled characters at the bottom.” </p>


In Conclusion

Keybase provides a web-based interface to PGP, and allows you to easily encrypt, decrypt, sign and verify messages. In the next post, we’ll take a closer look at why Keybase is so important.


Disclaimer

Cryptography is a very complex field. I am just an amateur. Some things I write may be extreme simplifications; other things may simply be wrong. Please let me know if you find any errors or omissions.