Archive

Posts Tagged ‘phone’

Keybase Brings Free Security to Novice Users

02-Sep-17 11:59 pm EDT Leave a comment
P

GP encryption is not new – quite the opposite.  But it’s always had one big advantage over its leading competitor: S/MIME.  S/MIME is used to encrypt email using certificate-based, 3rd-party authentication whereas PGP relies on dual, private/public key encryption.  And thanks both to S/MIME gaining commercial vendor support relatively early, coupled with being easier than the open-source-supported PGP (with relatively primitive tools that required some degree of technical competency to master); those wanting to encrypt email easily had to deal with investing in 3rd party certificates that could cost hundreds or even thousands of dollars before the feature was available.

KeybaseThanks to Edward Snowden, we’re all now pretty-well acquainted with the notion we’ve lost privacy and will likely never get it back.  But even so, that doesn’t mean the government (or God-knows-who nowadays) ought to have carte blanche to read chats, emails or become privy to what you’re downloading via bitTorrent or what cash you’re exchanging with parties online.  (At least not until tax time.)  And a tool that works on all platforms big and small, like Keybase, is now available to assist with all of the above!

To begin, it’s best to start on a Mac or Windows environment – somewhere where the configuration utility can operate.  The system does a pretty decent job of talking one through the process of setting up one’s first PGP (security) keys and getting the app installed.  However, one improvement for the future might be getting this utility (also called a “CLI” or “command-line interface”) to work within a web browser so one can perform the entire process using a hand-held device.  Once the software is installed, one finds installed an icon in their system tray (on Windows) which will present the list of users and some very heavily shaded icons (despite) which are used to access other parts of the Keybase app.  The CLI also has its own icon deployed to the Windows ‘Start’ menu and this is where you can quickly access many of the features associated with setup.  In my case, I already had PGP keys and so using the CLI was a necessary part of the setup.  Regardless, to get acquainted with the CLI and how it works with setup, I’d begin by loading up a copy of the “new user” docs in a web browser.  Then in the CLI utility, run two commands:

First, run “keybase help” to see what commands are instantly available to you as a new, unregistered user (there are a few), and

Second,, run “keybase signup”.

Finally, I’d quickly read through the “basic docs” you have open in your browser and drill down into any areas where you have questions.  Still more questions about Keybase and maybe PGP?  I strongly advise you get a Reddit account if you’ve not already got one and access the group called r/Keybase.  You’ll find this well-trafficked!

Although the Keybase app (accessed from the system tray) links to several choice apps, PGP is extremely versatile and plug-ins exist for Microsoft Outlook 2016 (and earlier) and is used with numerous other applications.

If there is a down-side to the app, there is a concern that — since a Keybase account can be used with several keys — it could be possible for someone to associate 2 keys (which typically involve two email addresses being known) together and thereby create an identity profile on a Keybase user.  This is a security concern, although an obvious workaround would be to register PGP keys to separate Keybase accounts and thereby never expose oneself.  Keybase itself claims it never advertises personal details, but if one connects to another user (say, for secure chat) and exchanges their public key; in such a case the potential would exist for that 3rd party to disclose your email at their discretion.  (This itself isn’t a security flaw, but it is something to be mindful of when exchanging data security regardless of the means used.)

Advertisements
Terry Glavin

CHRONICLES

Techno Manor

Geek's Corner

VM.Blog.

an IT blog.. and an occasional rant

Yammer Site Status

Is Yammer down? Offline? Broken? Undergoing scheduled maintenance? When will it be back? Find out here.

jalalaj

A journey full of wonderful experiences

Azure and beyond

My thoughts on Microsoft Azure and cloud technologies

TechCrunch

Startup and Technology News

Ottawa Citizen

Ottawa Latest News, Breaking Headlines & Sports

National Post

Canadian News, World News and Breaking Headlines

Targeted individuals's

One Government to rule them all.

Joey Li's IT Zone

Everything about IT

jenyamatya

Unravelling the magik of code...

The Bike Escape

Adventures on a road bike

The Ross Report

Now you know where you need to know more...

Lights in the Dark

A journal of space exploration

ottawatraining.wordpress.com/

Using strength to improve and eliminate injuries.

The Ross Report

Now you know where you need to know more...

Little Girl's Mostly Linux Blog

Nothing to see here. Move along...

David Eedle

Geek, tech, programmer, business owner. Serial starter of things. Occasional finisher. Oh, and please don't call me Dave.

%d bloggers like this: