PGP & Keybase: How To Secure Your Data Before It's Too Late.

10 days ago

How To Secure Data PGP GPG Keybase.png

What is PGP, GPG, and Open PGP?

GNU-Privacy-Guard-GPG.png

PGP

PGP stands for 'Pretty Good Privacy' and rightfully so, it's pretty darn good! It is used to encrypt messages and files on your computer to be sent to another user securely and privately. This can also be used to sign a file or message so that anyone who has the file can verify that it is from you.

PGP uses a combination of hashing, data compression, symmetric-key cryptography, and finally public-key cryptography. We have talked about hashing and cryptography in episode 009 of the podcast. This was before I started making blog posts on the same subjects.

The public keys are connected to a name or email address and in most cases both. You can find keys linked to address in online databases like the one at the MIT PGP Key Server. A user can verify that the key does belong to the stated used in what is called the web of trust. Keybase takes this web of trust one step further which we'll get into shortly.

Open PGP

Open PGP is the open source version of PGP. This was created by Philip Zimmermann, the same who created PGP. He made an open source version because he knew the impact that PGP could have on the world and an open standard version would only help the cryptographic community.

GPG

GPG stands for "GNU Privacy Guard" and is another open source version of PGP that complies with the GPL. Created by Werner Koch in 1999 to work with PGP and Open PGP. GPG follows the standards set in place by Open PGP and is often included by default on Linux operating systems.

What do you use?

There are many programs out there using the open source versions of PGP since PGP is actually owned by Symantec and can't be used without paying the said company. Windows, Mac OS, and Linux all have programs designed to make it a bit easier to use this encryption method. Command line versions are also available; I've only ever used the CLI version of GPG and they Keybase web app.

What is Keybase?

Keybase.png

Keybase is a PGP key directory at it's most basic level. What is really cool about Keybase though and what sets it apart from any other PGP key directory is the social media mapping. You can verify that you are the same person on each social media site. From Facebook to Twitter to Reddit and GitHub! You can even verify that you own a particular website and post your public keys to your Bitcoin and zCash wallets.

There is also a social media aspect to Keybase itself. You can choose to follow any particular profile and by doing so you are contributing to the Web Of Trust as be briefly mentioned above. By following an account on Keybase you are in a sense saying, "yes this person is who they say they are and I back this". Before Keybase we would need to meet face to face, show an ID, check that emails are correct, then go home and use our PGP/GPG keys to verify that the person claiming to be XYZ in the PGP database is indeed the person it says.

Keybase also has encrypted file storage that can be shared with any of your contacts within Keybase. This function is only available on the desktop computer app but will be coming to mobile in the future. Other cool features include PGP encrypted chat between you and another Keybase user or a group. They have also implemented teams feature recently that will act like Slack and now encrypted Git for all your top secret projects.

Here is what Keybase says on their homepage:

Keybase is a new and free security app for mobile phones and computers. For the geeks among us: it's open source and powered by public-key cryptography.

Keybase is for anyone. Imagine a Slack for the whole world, except end-to-end encrypted across all your devices. Or a Team Dropbox where the server can't leak your files or be hacked.

Using Keybase

We'll focus on the web app in this section. Once you head over to Keybase.io and get the app on mobile or computer you will be walked through the steps of setting up your account and will be assigned a PGP keypair. Then you will be able to login to the web app and do some cool stuff right in your browser.

Remember, always assume your computer is compromised and take steps to be safe out there <3

The following activities that you can do online can only be done if you do not export your keypair from Keybase and then delete them from Keybase. I have exported my keypair so I could use the same PGP identity on my mobile phone and with GPG on my desktop. I'm a nerd and like to keep my options open. If you are concerned about your keypair being leaked from the Keybase servers you should export and delete, just remember that the web functionality will be lost and you'll have to follow, unfollow, sign, verify, encrypt, and decrypt manually on your computer.

Here is the top header you will see after logging into Keybase:
Screenshot 2017-10-11 at 08.35.22.png

On the right-hand side, we see the profile image, clicking this will take you to your profile. There you will see all your social connections you made, your PGP fingerprint, who you follow and who follows you on Keybase. From this page, you can also export, delete, or get a new PGP keypair, as well as access your account settings.

The little lock next to the profile image takes to the encrypting page. If your keys are on Keybase you can encrypt messages (not files) by telling Keybase which user you want to encrypt the message for and whether or not you want to sign the message. Signing a message will let the person know that it is from you as you claim. This is all done by using your Keybase password you made using LastPass or diceware.

DO NOT USE THIS PASSWORD ANYWHERE ELSE!

Ok, good :D This needs to be unique so you have less of a change of someone gaining access to your keys and sending messages as you.

You can also decrypt any messages with Keybase that are encrypted with your public key. You can choose to sign and not encrypt as well. This will keep the message in plain text for anyone to read but they will be able to check the signature and be sure that you are indeed the person who sent the message. Also, you can verify any signed message that comes your way using the 'verify' button.

After the check mark (verify) you have a little power logo and that is to log out. Next, to that, you have the question mark and this is where you find all the documentation for using Keybase to the fullest.

Keybase Apps

KeybaseApp.png

Both of the apps, desktop/laptop and mobile, have a built-in encrypted chat in DM or team form. They also have the encrypted file sharing option, like a super secure dropbox or google drive. These are things that can not be done online so if you want to use the chat or file sharing feature of Keybase you need the application.

Oh, did I let you know it's open source and free!

Keybase Commandline

Screenshot 2017-10-11 at 08.48.23.png

In order to use the command line features you will have to download and install the application on your computer. I'm not sure why you can't just download the CLI but they chose to bundle them so that's what we get.

You can use Keybase from the command line to follow, unfollow, and do your normal PGP/GPG stuff. I've not used these features since I have the app itself downloaded onto my PC. The documentation covers it very well so you should not have trouble finding what you need if you wish to use Keybase via command line.

If you need an invite code for Keybase let me know in the comment section, I have a bunch and not enough people to give them out to.

Podcast Version
Video Version
Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending

Me gusta gracias resteem

Resteemed, great information. I want to explore more.

As a follower of @followforupvotes this post has been randomly selected and upvoted! Enjoy your upvote and have a great day!

·

awesome thanks!

hmm really helpful post dear @jrswab

·

Glad you found value! If you ever have any questions please feel free to ask!

Congratulations @jrswab! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of comments

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!

·

Aw Yes! Making moves XD

@jrswab
Nice post

·

Thank you!

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by jrswab from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

·

^ a great community too!

Very good post fri.I support for your everythings post good luck