Freedom, anonymity, privacy, & security, are the most important part of our lives, and this is especially true today as we move faster into the digital world. We need to secure our online communications to prevent anyone from listening. We need to prove the identity of the other person we are working with. We need an easy way to use encryption to keep private data from being seen by unauthorised individuals.
There are various software, apps, services, available which offers one, two, or maybe three features mentioned. However, there is one which is largely ignored, that is Keybase.
What is Keybase?
To put it simply, Keybase is a tool which makes it easier for regular users to do encryption and signing.
Private stuff stays private. Accounts are secure against spoofing, phishing, and scamming. It also helps in establishing which online accounts are officially owned by a Keybase user, effectively nullifying online attacks through impersonation.
In other words, every person who takes their freedom, anonymity, privacy, & security very seriously must have a Keybase account.
Let’s get you started with Keybase
The first thing to understand is registration through a web browser is not possible by design and for security reasons. New users must download Keybase which is available in GNU/Linux, Android, iOS, and Windows: download Keybase here.
* We’re using Keybase for Android below, the process is the same regardless of platform.
- Launch Keybase
- Click the "Create an account" button
- Pick a username. Mandatory; public; permanent
- Name this device. Mandatory; public; permanentThis can be any name/label useful for you to identify which device (laptop, desktop, server, phone) you logged-in your Keybase account.
- Phone number. Optional; private Used to help other people find your Keybase account.
- Email address. Optional; private Used to help other people find your Keybase account.
Congratulations! You have successfully created a Keybase account and have taken your first step in establishing a way for others to prove your online identity beyond any reasonable doubt as well as to chat, share files, collaborate with your team, with a peace of mind everything is automatically end-to-end encrypted and signed.
Create a “Paper Key” for recovery
Establishing a way for others to prove our online identity, chat with family & friends, and collaborate with teams, would be practically useless if we later can not login our account. In Keybase, each [re]-installation is considered a “new device” regardless if it was exactly the same device used.
What is a “device”?
A “device” in Keybase is simply an access point or a “device” where an account is logged-in.
Registering each devices creates another security layer, if a phone was stolen one can simply “Revoke” the device. If for some reason the account was not automatically logged-out, any actions made from the “Revoked” device is automatically invalid.
Let’s create a new paper key.
- Go to the "Hamburger Menu" (lower-right corner in Android and iOS)
- Click "Devices"
- Click "Add a device or paper key"
- Click "Create a paper key"
- Wait until the random words (a.k.a. paper key) are generated Write your paper key down and place it somewhere safe and fully secure. This can be in your bank stash where only you can access; or in a 2048-bit encrypted file which only you knows how to decrypt and where the encrypted file is located.
- Tap the switch button "Yes, I wrote this down"
- Click "Done"
What is a “Paper Key” for?
A Keybase paper key is technically a “device”. It’s main purpose is to give the account owner a way to confirm a “new device” if a registered literal device is not or no longer available.
Many new Keybase users skip this step, uninstalls Keybase, and later can no longer login because they are stuck in the “new device” process. Without an existing device logged-in to Keybase you can not confirm a “new device”. A paper key acts as an “existing device” to approve a “new device”. The used paper key can be optionally revoked and a new one created (a very good practice); or create a new paper key every three months (an even better practice).
There is another way to recover a Keybase account if a paper key is not available. The catch with this method is your Keybase account will be reset back to start, all confirmed online accounts, domain names, devices, teams, followers, following, will be removed; it is as if you created a new account. The reason behind this is if you no longer have access to any of your “devices” (including your paper keys if you created any), then it is assumed all of your devices were lost and/or compromised.
Welcome to Keybase! Before you start exploring Keybase, noticed how you were not asked to enter a password/passphrase? It is only used if you want to login via a web browser—which is not advisable—and if you prefer to auto-logout when you close the Keybase app (an added security; if you reinstalled Keybase it will be considered a “new device”). We will discuss this another day.