Keybase

From ArchWiki

From Wikipedia:

Keybase is a key directory that maps social media identities to encryption keys (including, but not limited to PGP keys) in a publicly auditable manner. Keybase also offers an encrypted chat and cloud storage system, called Keybase Chat and the Keybase filesystem respectively. Files placed in the public portion of the filesystem are served from a public endpoint, as well as locally from a filesystem mounted by the Keybase client. Keybase supports publicly connecting Twitter, GitHub, Facebook, Reddit, and Hacker News identities to encryption keys, along with Bitcoin and Zcash wallet addresses.

Installation

Keybase is provided by the keybase package. The KBFS filesystem and Keybase GUI can be additionally installed with the kbfs and keybase-gui packages. Alternatively, keybase-binAUR is available on the AUR which includes everything in a single package. See also the install instructions on keybase.io.

Signup / Login

If you installed the GUI via keybase-binAUR, it will walk you through signup. These instructions are for the CLI-only keybase package.

Keybase requires its service to be running so you can interact with it. First start the keybase service by starting the included systemd service as your user (enable this service to run on boot):

 $ systemctl start --user keybase

Or alternatively, run the keybase service manually:

$ keybase service

To signup for a Keybase account use, and follow the on-screen prompts:

$ keybase signup

If you already have a Keybase account you can login with:

$ keybase login <keybase_username>

GnuPG Keys

During the interactive signup if you already have any GnuPG key pairs on your keyring, Keybase will ask if you wish to use one of them. If you do not have a key pair, you can generate one with:

$ keybase pgp gen

This will interactively generate a key pair and securely upload the keys.

Keybase Filesystem (KBFS)

KBFS uses FUSE to mount the remote cryptographic filesystem. It comes with the keybase-binAUR package, or can be installed separately with kbfs.

Keybase allows users to store up to 250 GB of files in a cloud storage called the Keybase filesystem. The filesystem is divided into three parts: public files, private files, and team files. The filesystem is mounted to /keybase by default if installed through keybase-binAUR.

To configure kbfs if installed via the kbfs package, first ensure the keybase service is running (see instructions above). Then configure the desired mountpoint for the KBFS:

 $ keybase config set mountdir /path/to/kbfs

Now the kbfs service can be started:

 $ systemctl start --user kbfs

Enable this service to have the kbfs mounted on boot.

All files under /path/to/kbfs/public are automatically signed by the client. All files under /path/to/kbfs/private are both encrypted and signed before being uploaded, making them end-to-end encrypted. See the KBFS docs on keybase.io for more information and usage instructions.

Troubleshooting

Keybase GUI starts automatically

By default, keybase-gui add a desktop entry in your autostart. To disable it:

keybase ctl autostart --disable

Tray icon using AppIndicator GNOME Shell extension

You might find that no icon shows up when Keybase starts, if you are using the gnome-shell-extension-appindicator extension. It seems that Electron needs the libappindicator-gtk3 to be installed, so that it can create and manage those icons.

See also