Keybase — End-to-End Encrypted Chat, Files, and Git

Introduction

Keybase provides end-to-end encrypted messaging, file sharing, and Git hosting tied to publicly verifiable cryptographic identities. It maps social media accounts to PGP keys, making it straightforward to verify who you are communicating with without exchanging keys manually.

What Keybase Does

• Delivers end-to-end encrypted chat for individuals, groups, and teams
• Provides an encrypted filesystem (KBFS) accessible as a mounted drive
• Hosts encrypted Git repositories with per-repo access control
• Links cryptographic identity proofs to Twitter, GitHub, Reddit, and domain names
• Supports Stellar wallet integration for cryptocurrency transfers

Architecture Overview

Keybase runs a Go-based client daemon that handles cryptographic operations locally. Messages and files are encrypted client-side using NaCl and never leave the device in plaintext. The server stores only ciphertext and public signature chains. KBFS uses a Merkle tree for file integrity verification, and the Sigchain provides an append-only audit log of identity proofs and device additions.

Self-Hosting & Configuration

• Install the Keybase client on Linux, macOS, or Windows
• Run keybase login to create or connect to your account
• Mount KBFS with run_keybase to access encrypted files at /keybase
• Create encrypted Git repos with keybase git create <repo-name>
• Add identity proofs via keybase prove twitter or similar commands

Key Features

• Device-level key management with no single master password to lose
• Exploding (self-destructing) messages with configurable timers
• Bot API for building custom integrations with encrypted channels
• Team management with sub-teams, roles, and audit logs
• Cross-platform clients for desktop and mobile

Comparison with Similar Tools

• Signal — excellent for mobile messaging but lacks file sharing and Git
• Wire — encrypted team chat but no filesystem or Git integration
• Matrix/Element — federated and flexible but more complex to set up
• GPG/PGP — powerful cryptography but poor UX for non-experts
• SimpleX — strong privacy focus but smaller ecosystem and no team features

FAQ

Q: Is Keybase still maintained? A: Keybase was acquired by Zoom in 2020. The client is open-source and functional, but active development has slowed significantly.

Q: Can I self-host the Keybase server? A: The client is open-source, but the server is not fully open-sourced. You rely on Keybase's infrastructure for account management.

Q: How does Keybase verify identity? A: Users post signed proofs on their social accounts. Keybase's Sigchain cryptographically links these proofs to the user's key.

Q: What happens if I lose all my devices? A: You can use a paper key (generated at signup) to recover your account and provision new devices.

Sources

• https://github.com/keybase/client
• https://book.keybase.io