![]() ![]() Once you’ve created a repository (or selected an existing one), there is a Clone: field that shows you the address you’ll use to access this repository. You can make it your own personal repository or share it with a team. Navigate to Git and select New Repository. This prevents two people (or two devices controlled by the same person) from overwriting each others’ changes and causing conflicts. With first-class Git repositories, Keybase knows to lock your repository when necessary. Using Git repositories in Keybase (or via the command line) is better than just hosting your local Git repositories in Keybase Files. You can be sure that your team members did indeed push the changes that the Git history log says they did. ![]() This also means that every time you or a member of your team pushes or pulls (or clones) data to or from one of these repositories, all writes are verified by your private keys, which never leave your device. This means that your data is encrypted-not even Keybase can see what’s in there (nor its name, the filenames, your other configuration-nothing). Keybase has created an open source remote helper that facilitates this interaction, keeping the data in your repository within your control via your local Keybase app. This allows Git itself to interface with datastores other than the local filesystem. Under the hood, Git supports remote helpers. (How dare they?!) All of your data is automatically encrypted and verified. You can be certain they’re safe, not only from prying eyes, but also from malicious people who might try to change your code. They’re 100% private, encrypted, and verified. These repositories are real Git repositories but you can view them in the Keybase app. You can put any kind of content in these repositories, but they’re especially useful for personal private repos or for secret content shared among teams. Play with it, please, and let us know what features you want added.Keybase supports free, encrypted, authenticated, and private Git repositories. If your biggest fear is hiding whom you're talking to, none of the apps mentioned on this page are safe unless you're coming in over Tor, with no info connected to your real identity, in a library or cafe, and wearing a disguise. It's better than PGP because of many modern crypto best practices, easier and safer key management, and easier and safer identity lookups. All of this is a requirement for performance and (upcoming) mobile notifications. Like with most chat apps, the Keybase servers will see who you're looking up.įor a given message, Keybase servers know who sent it, approximate size, who the recipients are, and an ID for the channel. More advanced blocking / reporting / nuking features will be available in an upcoming release. This version supports muting individual conversations, so you're not interrupted and can ignore conversations that you're not interested in. What block/muting features are available? When our mobile apps launch, your phone will be a great device for provisioning and chatting. Maybe even 3, if you start caring about your data in Keybase. So it's extra important to make sure you have at least 2 devices or paper keys. Keybase cannot read any of your encrypted data. ![]() If you lose all of your devices and paper keys, you will lose your data. But that would be publicly discoverable because of the new device name announced in your signature chain. If someone were to steal a device of yours that wasn't revoked, they could use it to read your data (of course), and therefore provision another new device. The old key is signing a statement about the new key, and the new key is countersigning. This isn't just two-factor auth with server trust. (a) type something on your first computer, or (b) enter a paper key. You'll see this policy in action when you install Keybase on a 2nd computer. This is verified by everyone you chat with. Key additions must be signed publicly into your signature chain by a currently active key,Īs determined by your signature chain. What's preventing Keybase from adding a device for me, that's really just owned by Keybase or nefarious shadow organization X? You can think of a PGP key as another part of a user's identity, and therefore one of the assertions you can make, like a Twitter address. You can, however, address someone by their PGP key! I've proven ownership of this PGP key, which your own client will verify: keybase chat send 'hi whoever owns 9701 6CB3' The basic idea here is that non-technical people won't get confused and do something irresponsible. You can read more about our key model here. People aren't so great at managing and moving PGP private keys around, so PGP keys are not included in our chat or filesystem. Even if you have a PGP key on your Keybase profile, these messages are only encrypted with your Keybase device + paper keys. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |