Howto verify yourself and others properly with keybase
Hello everybody
You maybe have seen pictures of people with self-made signs containing something like:
"Hello SteemIt, I am $username and today is $date"these are, as some users point out, easy to fake with some Photoshop skills. So today I want to introduce you to Keybase (https://keybase.io), a platform where you can verify yourself and others properly with easy to use cryptography.
DISCLAIMER: I am not in any way affiliated with keybase.io, I am just an interested tech guy who likes crypto.
What is Keybase?
Keybase is a platform where one can link up his user accounts and verify other people and therefore build a web of trust. Straight from their website:
Keys for everyone!On a first look this sounds complex and indeed it is, but they do a really good job hiding the complex stuff and making it easy to use. Their goal in the end is to make "Keys for everyone". So let me introduce you to some basics of cryptography and how you can make use of it.
Keybase maps your identity to your public keys, and vice versa.
How does Cryptography work, today?
There are 2 fundamentally different types of cryptography, which are symmetrical and asymmetrical. I won't bother with symmetrical since it's not important for our use case, but the interested reader can find more info on the Wikipedia page about it.
Then how does asymmetrical cryptography work?
Okay, this one is the hardest parts in this post. I will try to make it as easy as possible.
In asymmetrical cryptography a user always has a key-pair. A key-pair consists of 2 parts, these are called public key and private key.
There are 2 operations one can do, they are encrypt and decrypt. For these 2 operations either the public or the private key can be used.
- A message can be encrypted with the public key and can only be decrypted with the corresponding private key.
- A message can be encrypted with the private key and can only be decrypted with the corresponding public key.
These two operations are called 1. encrypting and 2. signing.
Example for Encryption
One can take someones (lets call him Bob) public key and encrypt a message with it. This yields a ciphertext which is not readable by anyone ... except mister Bob himself, because he has the secret key and can decrypt it, with his secret key.Example for signing
In this scenario Bob takes his private key and encrypts a message with it. Now we can look at that ciphertext and use Bobs public key to decrypt it. Now if the message looks good (it is readable), we can be sure that it was Bob sending this message, because only his secret key is capable of producing a ciphertext that is decryptable with his public key.What does Keybase do?
We ignored a pretty fundamental problem in cryptography, which is: "how can I be sure that this is Bobs public key?". This is where keybase comes to the rescue.
People verify their accounts publicly on different platforms (twitter, reddit, websites, email, …) and keybase is basically a directory where one can find and verify these "proofs".
You can try it with my message, here on steemit: link. This is just a message claiming that I am imp on keybase, but it's also signed with my private key. Just copy the whole message starting from:
-----BEGIN PGP SIGNED MESSAGE----- …to… -----END PGP SIGNATURE-----including that gibberish looking block and paste it on https://keybase.io/verify
You can see, that I am imp on keybase and you can also find my linked twitter and github accounts which were also verified by the same process. I have publicly claimed my identity and you can easily verify it. You just used my public key to verify me on this platform, isn't that just easy and awesome?
Benefits
Okay that was cool, how can it help me? One thing you can do, is you can go https://keybase.io/encrypt put in my keybase handle (imp) and create a encrypted message and post it under this Post here on SteemIt, only I will be able to read it. That's basically private messaging over ANY public channel you can think of.
Another use case that comes to mind is verifying that you are really $public_person_of_interest and not just a faker.
It's pretty much like SteemIt, the more people use it, the better and more natural it will get.
Okay you got me, what do I need to do?
Keybase currently is in alpha, so they're just starting up (pretty much like SteemIt). Right now it is invite only and the queue is long, you can sign up and wait for it to be ready. I also have some invites left which I am willing to gift to you curious friends to test stuff out. For that just put your E-Mail and a short message under this post. If you are worried about posting your E-Mail address publicly on the internet, just encrypt the message for me. :)
I hope this guide helped you, please vote if it did. If it did not help you please leave me a comment and help me to improve on stuff.
Best Regards,
Dennis
A very good Post related to this thematic is found here: Beware Of The Catfish Scammers! Or Don't Trust Photo Verification - With Solutions. #introduceyourself
I believe keybase is one of the most promising and needed projects in crypto scene, i hope they end the alpha soon.
This is great. First time I hear of Keybase. Definitely doing that soon! You deserve more upvotes ;)
I am interested in one of your invites, though I would ask if you could find me on Just-Dice.com and I can PM you my e-mail from there. I am a trusted moderator on the site (1010)<@v1rtu0so> ~ if this doesn't suite you I can encrypt :P
Sent it to you via chat message, enjoy.
This sounds promising and exciting. Count me in :)