 The Keybase logo | |
Type of site | Encryptedsocial media |
|---|---|
| Available in | English |
| Owner | Zoom Video Communications(2020) |
| Created by | Chris Coyne, Max Krohn, others |
| URL | keybase |
| Registration | Required for membership |
| Users | 407,163 (as of 2019-08-22)[citation needed] |
| Launched | February 14, 2014; 11 years ago (2014-02-14) |
| Written in | Go,JavaScript,Electron,React[1] |
Keybase is akey directory that mapssocial media identities to encryption keys (including, but not limited toPGP keys) in a publicly auditable manner.[2] Additionally it offers anend-to-end encrypted chat andcloud storage system,[3][4] called Keybase Chat and the Keybase Filesystem respectively. Files placed in the public portion of the filesystem are served from a public endpoint,[5] as well as locally from a filesystemunion-mounted by the Keybase client.[6]
Keybase supports publicly connectingTwitter,GitHub,Reddit, andHacker News identities, including websites and domains under one's control, to encryption keys. It also supportsBitcoin,Zcash,Stellar, and QRL wallet addresses.[5][3][7][8][9][10] Keybase has supportedCoinbase identities since initial public release, but ceased to do so on March 17, 2017, when Coinbase terminated public payment pages.[11] In general, Keybase allows any service with public identities to integrate with Keybase.[5][12]
On May 7, 2020, Keybase announced it had been acquired byZoom,[13] as part of Zoom's "plan to further strengthen the security of [its] video communications platform".[14] Since the acquisition, development has stopped, but the service has been kept functional.
Keybase allows users toprove a link between certain online identities (such as aTwitter orReddit account) and their encryption keys. Instead of using a system such asOAuth, identities are proven by posting a signed statement as the account a user wishes to prove ownership of. This makes identity proofs publicly verifiable – instead of having to trust that the service is being truthful, a user can find and check the relevant proof statements themselves, and the Keybase client does this automatically.
In addition to the web interface, Keybase offers a client application forWindows,[15][16]Mac,[15][16]Android,[17][16]iOS,[16] and most desktopLinux distributions,[16] written inGo with anElectron front end. The app offers additional features to the website, such as the end-to-end encrypted chat, teams feature, and the ability to add files to and access private files in their personal and team Keybase Filesystem storage. Each device running the client app is authorized by asignature made either by another device or the user'sPGP key. Each device also has a device-specific key to enable the user to establish their identity using any of their devices.[18]
Keybase Chat is an end-to-end encrypted chat built in to Keybase launched in February 2017. A distinguishing feature of Keybase Chat is that it allows Keybase users to send messages to someone using their online aliases (for example areddit account), even if they haven't signed up to Keybase yet.[3]
If the recipient (the online alias owner) has an account on Keybase, they will seamlessly receive the message. If the recipient doesn't have a Keybase account, and later signs up and proves the link between the online account and their devices, the sender's device willrekey the message for the recipient based on the public proof they posted, allowing them to read the message. Since the Keybase app checks the proof, it avoidstrust on first use.[19]
Keybase allows users to store up to 250 GB[20] of files in a cloud storage called the Keybase Filesystem for free. There are no storage upgrades available, but paid plans allowing for more data are planned.[21] The filesystem is divided into three parts: public files, private files, and team files. OnUnix-like machines, the filesystem ismounted to/keybase, and onMicrosoft Windows systems it is usually mounted to the K drive.[22] Currently, mobile versions of the Keybase client can only download files from kbfs, and can not mount it. However, they do support operations such as rekeying files as necessary. In October 2017 Keybase brought out end-to-end encryptedGit repositories.[23]
Public files are stored in/public/username, and are publicly visible. All files in the public filesystem are automaticallysigned by the client.[6] Only the user who the folder is named after can edit its contents, however, a folder may be named after a comma-separated list of users (e.g. a folder/public/foo,bar,three would be editable by the usersfoo,bar, andthree).[6]
Public files can be accessed by any user. Single user folders are displayed atkeybase/public/foo,bar,three) are only accessible through the mounted version of the system.
Private files are stored in/private/username, and are only visible tousername. Private folders, like public folders, can be named after more than one user (e.g. a folder/private/foo,bar,three would be readable and editable by the usersfoo,bar, andthree). Private files can also be read only for users after "#" (e.g. a folder/private/writer1,writer2,#reader1,reader2 would be readable and editable by the userswriter1 andwriter2 but only readable forreader1 andreader2).[6] Unlike public files, all private files are both encrypted and signed before being uploaded, making them end-to-end encrypted.[4]
Team files are stored in/team/teamname, and are publicly visible to team members. All files in the team filesystem are automaticallyencrypted and signed by the client.[6] Only users who are marked as writers can edit its contents, however, any readers can access the files stored there.[24]
In September 2017, Keybase launched Keybase Teams.[25] A team is described as "...anamed group of people."[26] Each team has a private folder in the Keybase filesystem, and a number of chat channels (similar toSlack). Teams can also be divided into "subteams" by placing a. in the team name. For example,wikipedia.projects would be a subteam ofwikipedia, whilewikipedia.projects.foobar would be a subteam ofwikipedia.projects (and therefore, also ofwikipedia).
Teams are largely administered by adding signatures to a chain. Each signature can add, remove, or change the membership of a user in a team, as well as when changes are made to subteams.
Each chain starts with a signature made by the team owner, with subsequent actions signed on by team admins or users.[27] This ensures that every action is made by an authorized user, and that actions can be verified by anyone in possession of the public key used.
