With the ongoing security-pocalypse, we’d all like to see effective, easy-to-use encryption tools that even people with little technical knowledge could use. Over at Mashable, Matthew Hughes thinks he’s found a company that might fit the bill.
According to Hughes, Keybase.io takes the otherwise confusing world of encryption products and simplifies them. How does it do this?
Messages can be encrypted through a relatively intuitive Node.js based command-line application, or through the Keybase website.
Wait, what? Nowhere in a story headlined “Encryption for the Masses” should the phrase “relatively intuitive Node.js based command-line application” ever appear.
Okay, but maybe the Keybase.io website will be easier to use. The screenshot that Hughes posts does look fairly nice, but is immediately followed by this explanation:
This first requires that you upload your private key to their servers. This is the key which is unique to you, and allows you to encrypt and decrypt messages. As the name implies, this is something which you need to keep absolutely, 100% secret.
How helpful of them!
In fairness to Keybase.IO, the company seems to be trying to solve a different problem — if I want to securely send a PGP message to Alice, how do I make certain I’ve Alice’s public key. Keybase appears to use PGP signed messages in Twitter and other social media sites to verify identity and then pairs that with a client that facilitates accessing the correct public key for that user.
We’re not reinventing any cryptography here – the goal is a simple way to look up and trust keys, based on known public identities.