Lynne Teaches Tech: What’s Keybase?

keybase is a website that allows you to prove that a given account or website is owned by you. to explain how this works, we’ll need to briefly cover public key cryptography.

there are many ways to encrypt a file. one such way involves using a password to encrypt the file, which can then be decrypted using the same password. this is known as a symmetrical method, because the way it’s encrypted is the same as the way it’s decrypted – using a password. the underlying methods of encryption and decryption may be different, but the password remains the same. how these algorithms work is outside the scope of this post – i might make a future post about encryption.

public key encryption is asymmetrical. this means the way you encrypt it is different from the way you decrypt it. a password protected file can be opened by anyone who knows the password, but a file encrypted using this method can only be decrypted by the person you’re sending it to (unless their private key has been stolen). if you encrypt a file using someone’s public key, the only way to decrypt it is with their private key. since i’m the only one with access to my private key, i’m the only person who can decrypt any files that are encrypted using my public key.

my private key can also be used to “sign” a file or message to prove that i said it. anyone can verify that i was the one who signed it by using my public key. comparing the signature to any other public key won’t return a match, and changing even one letter of the text will mean that the signature no longer works.

as the signing process can be used to guarantee that i said something, this means that i can use it to prove that i own, say, a particular facebook account. i could make a post saying “this is lynne” with my signature attached, and anyone could verify it using my public key. this is where keybase comes in.

the process of signing a post is rather technical, and everyone who wants to verify it will need to know where to get your public key. there are “keyservers” that contain people’s public keys, but the average person won’t know that, or what the long, jumbled mess of characters at the end of a message even means. keybase does this for you. after you create an account, it generates a public and private key for you to use. you don’t even need to access these, it’s all managed automatically. you can then verify that you own a given twitter, reddit, mastodon, etc. account by following the steps they provide to you. you just need to make a single post, which keybase will check for, compare against your public key, verify that it’s you, and add to your profile. users can also download your public key and verify it themselves.

support for mastodon was only added recently and isn’t quite complete yet, but it’s ready to use and works well. this is why you might have noticed a lot of people talking about it recently. support for keybase is new in mastodon 2.8.

keybase can also be used to prove that you own a given website, again by making a public, signed statement. i’ve proven that i own lynnesbian.space with a statement here: https://lynnesbian.space/keybase.txt

it also provides a UI to more easily verify someone’s signed message, without having to find and download their public key yourself.

keybase is built on existing and tested standards and technologies, and everything that it does can also be done yourself by hand. it just exists to make this kind of thing more accessible to the general public.

i’ve proven my ownership of this mastodon account (@lynnesbian), and you can verify that by checking my keybase page: https://keybase.io/lynnesbian/

keybase also offers encrypted chat and file storage, but it’s main feature is that you can easily verify and confirm that you are who you say you are. so if you see a website claiming to be owned by me, and you don’t see it in my keybase profile, you should be suspicious!

view original post