Keybase download file

And if anything about your target has changed since you last followed them, you'll get a meaningful error. Every computer you install Keybase on gets a device-specific key. This is a very big improvement over the old PGP model, where you had to move a private key around. When you install Keybase for the first time, you'll be asked to generate a paper key. It's a full-powered key, just like a device key.

You can have as many paper keys as you like. You should have at least 1, until Keybase releases a mobile app. The Keybase command-line client supports Tor. Of course anonymity is a fraught and subtle property.

This document explains how to protect your identity with Tor and other Keybase features. If you would like to tunnel the whole application through Tor, we recommend running it inside of a Tails VM. Furthermore our Tor support isn't audited, so it's possible that even in strict mode some identifying information might creep in. See the Tor project's documentation for more information on how to set up a local Tor proxy. If you are already running a keybase service in the background, simply adding --tor-mode to your commands will not work—for commands other than service , the flag is only effective when the service is not already running, so you will have to use either of the following methods:.

While this service is running, all keybase commands in other terminals will access our servers through the Tor network. Please note that at this point starting the Keybase GUI will shut down that service and restart it in default mode. All network traffic is now protected via Tor, so the server or network eavesdroppers can't discern your IP address, but the server can still see your login credentials.

This mode of operation is akin to Tor anonymity mode 3. It won't protect you from a Keybase server breach, but it will prevent your ISP or any other nefarious network snoopers from knowing you use Keybase. Note that not everything could be trusted in the above attempt to identify malgorithms. If you want a higher level of privacy, you can ask for strict Tor mode, which will withhold all user-identifying information from the server, akin to Tor anonymity mode 1.

For example, try this:. There's no manual signing process, no tar ing or gzip ing, no detached sigs. Instead, everything in this folder appears as plaintext files on everyone's computers. Or maybe you know me another way. In that case you can assert I've bi-directionally connected an identity to my keys.

These folder names also work:. In my folder you'll find some techie things, such as my SSH public keys, my Signal app fingerprint, and some software I've manually verified and want to distribute safely to friends.

What you put in your folder is up to you: the world will rejoice knowing they're seeing the exact same bits you're seeing, without any risk of server-side or man-in-the-middle evil.

You can see my plan. The site is also a work-in-progress. And here's a folder only you and I can read. You don't have to create this folder, it implicitly exists.

The Keybase servers do not have private keys that can read this data. Nor can they inject any public keys into this process, to trick you into encrypting for extra parties. Your and my key additions and removals are signed by us into a public merkle tree, which in turn is hashed into the Bitcoin block chain to prevent a forking attack. Here's a screenshot of my 7 device keys and 9 public identities, and how they're all related. As a reminder, Keybase is open source Go. And here's our crypto spec on the file mount, which we will gladly change and update as this project evolves.

Feedback desired! Your app will encrypt just for you and then awake and rekey in the background when that Twitter user joins and announces a key. We decided to work on Keybase full time when we realized this key-identity solution could actually lower the friction on sharing. If that person hasn't installed Keybase yet, your human work is still done. They can join and access the data within seconds, and your device will quietly handle the verification and rekeying, without ever trusting Keybase's servers.

As discussed in our blog post about device keys , until our phone app is ready, you'll be asked to make a paper key. This is a full-powered private key. It can be used to provision and even rekey. Carry it in your wallet if you want to provision new Keybase installs. You can make extras with keybase paperkey and revoke lost ones with keybase device [list remove].

The Keybase server does not know individual file names or subdirectory names. It could try to guess whether you're writing small files or 1 large file, but it would be a timing-based guess. When you follow someone on Keybase, you sign a portable summary of their identity, as you saw and verified it.

From then on, whenever you use their keybase username, everything in your follower statement must remain valid. This is far more secure than just asserting one identity. At the time of this document, there are very few people using this system. We're just getting started testing. Note that we could, hypothetically, lose your data at any time.

Or push a bug that makes you throw away your private keys. Ugh, burn.