Encryption, PGP and Keybase.io

Privacy matters. Encryption matters.

Everyone has heard that the united states government is spying on you. They probably aren’t the only ones. If you aren’t concerned that strangers are reading your emails and instant messages and tracking your browsing histories you really, really should be.

A strong encrypted solution to online privacy has existed since 1991 when PGP was invented. A lot of people think that key-pair encryption, also known as end-to-end encryption, is really complicated or technical but it isn’t.

How it works

You have two keys. a PRIVATE KEY and a PUBLIC KEY. Your PRIVATE KEY is kept private, and you give your PUBLIC KEY to the world.

Receiving encrypted files & emails

When someone wants to send you an encrypted message or file, they encrypt it using your PUBLIC KEY. You decrypt it with your PRIVATE KEY.

Sending encrypted files & emails

When you want to send someone else an encrypted message or file, you encrypt it using their PUBLIC KEY and the other person decrypts it using their PRIVATE KEY.

The Trust Issue

There is another consideration, how do you know if the PUBLIC KEY that claims to be from john.doe@example.com actually belongs to Mr. Doe? In the past the method was to create a “web of trust”. John would personally give you his PUBLIC KEY, and you would digitally sign it using your key. Then when John gives his PUBLIC KEY to someone else, they can see that you have vouched for it’s authenticity. The problem with this is that everyone needs to do it. This has been one of the greatest hurdles in the adoption of key-pair encryption.

Enter Keybase.io

The clever folks at Keybase.io have found a solution. Their service allows you to connect your PUBLIC KEY with various online identities, such as Twitter and Reddit, or websites which you control. These entities are considered trust-worthy, because we use them every day to communicate with our family, friends, and colleagues. This service practically solves the trust issue, eliminating the necessity for the “web of trust”.

Keybase.io will also help you with the creation of a key pair, which simplifies and standardizes the process for a lot of people. Keybase.io also generates seperate key pairs for each device that you use, be it a smart phone or a laptop or desktop. If you stop using a particular device (for example if your smart phone is lost or stolen) you can revoke the keys for that device, preventing someone from using it to impersonate you, without having to destroy your original PRIVATE KEY.

The Future, Transparency and Ease-of-Use

Encryption is the future. It is the future because the alternatives are too horrifying to live with, which is why we have books and movies like 1984 and The Matrix warning us about them years in advance. Privacy is sacred and as a race human beings are going to embrace it, whether the government likes it or not (they really don’t like it). There have been technical hurdles to overcome, but with open-source community funded projects like Keybase.io, I am confident that the future of privacy looks bright.

Please share!

There are no comments

Your email address will not be published. Required fields are marked *