Email is a bad place to keep secrets.
Edward Snowden's revelations that the National Security Agency has many means of acquiring the full text of our emails--even if it doesn't have a warrant--led to a resurgence of interest in PGP. That's short for Pretty Good Privacy, the e-mail encryption tool Snowden used to leak NSA documents to journalists and one of the few ways to keep your information private. "PGP has been around since 1991, but there's only been a small number of crypto-enthusiasts who care enough to go through the complication of setting it up," says computer scientist Max Krohn. "I think that started to change last year as people realized they can't trust their hosting providers."
The problem is PGP is pretty hard to use. That's why Krohn and Chris Coyne--who previously founded study guide company SparkNotes and online dating service OK Cupid--launched Keybase, a startup that aims to make PGP easier for average users. The idea is to create an online directory that lets you instantly locate someone online and trade the encryption tools the two of you need to communicate privately. That may sound simple, but it's a tough nut to crack, and Keybase may have found a way of doing this with a little help from social networks like Twitter.
The tiny startup is part of a broader effort to improve email encryption across the web, a movement that includes countless startups and big names like Google. But its approach is unique and is available today, even if the kinks need ironing out.
PGP is based on an idea called public-key cryptography. To use PGP, you must create two encryption "keys," which are essentially random alphanumeric strings that PGP applications use as a guide for scrambling and descrambling messages. Your "public key" is what other people use to create messages only you can decrypt. You can share that key with the world at large. Your "private key" is what you use to decrypt messages you receive. You also can use it to "sign" messages to prove you sent them.
Several things make PGP hard to use. One is keeping your private key safe. If an attacker gets it, they'd be able to use it to decrypt messages other people sent you, and impersonate you online by signing messages with your key. Keybase is trying to solve the problem of finding other people's public keys. "You can't really do anything in crypto unless you know someone else's public key," Krohn says. "Otherwise, you don't know you that you're dealing with the right person, you could be dealing with someone pretending to be that person."
Crypto-enthusiasts historically have dealt with this through a concept called the "Web of Trust." When you create a new PGP key, you can upload it to what's called a key server, which essentially is a database of public keys. To prove the key really is yours, you'd get other people to sign it with their own keys. When you want to send someone new a message, you'd check to see if someone you trust had signed the person's key. If not, you'd check to see if someone you trusted had signed the keys of one of the people who signed the key of the person you want to message.
>'I think the Web of Trust approach is the right one in theory," Krohn says. "But in practice it hasn't worked. If you go three links out, what are the chances you get to someone malicious.'
"I think the Web of Trust approach is the right one in theory," Krohn says. "But in practice it hasn't worked. If you go three links out, what are the chances you get to someone malicious?"
It's also difficult for someone new to crypto to establish and verify trust. Let's say you're a whistle blower trying to send information to Glenn Greenwald, one of the journalists who first published Snowden's revelations. You create a new PGP key, upload it to a keyserver and look for Greenwald's public key. Part of the problem is no one has signed your key, so anyone you send messages to will have no way of knowing if it's legit. Even worse, how can you be sure you have the right key for Greenwald?
His key appears in a key server and has been signed by a few people, but as far as you know, everyone who signed those keys could be an imposter. You can also find Greenwald's key on the website for his publication, The Intercept. But you can't be sure the site hasn't been hacked. To be reasonably sure you've got the right key, you need to cross reference the one you find on the site and the one you find in the keyserver.
Keybase verifies keys by using the social web to do exactly this type of cross-referencing. When you sign-up for Keybase, you have the option of creating a new public key or importing an existing one. Then you place a PGP signature on your website, Twitter account, or GitHub account to prove you own that key. Keybase includes links to that proof from your Keybase profile. As long as you believe the Twitter account, GitHub profile and website all belong to the person you're looking for, you can be reasonably sure you've got the right key. To place a fake key on Keybase, someone would have to hack all of your accounts and place the fake key on each of them. That's not impossible--especially if the person you want to contact reuses the same password for multiple accounts--but difficult enough to make you reasonably sure you've got the right person.
Keybase could also help mitigate another major usability problem for PGP. If you lose your private key or its associated passphrase, it can't be recovered. Keybase could make it easier to alert your contacts that you've lost your old key and that you have a new one.
Krohn says the company has no business model yet. So far the company consists of Krohn, Coyne and illustrator Caroline Hadilaksono, who is the only paid employee. But Keybase eventually will offer a service that will allow third-party developers to integrate its key directory into their applications. For example, a new e-mail or chat application could use it to verify the identities of different users without users having to share their private keys.
One concern is that, unlike the old fashioned key servers, which shared their information with each other in case one went down, Keybase is a centralized directory. If the company runs out of money and shuts off its servers, all that information would be lost. But Krohn says the company soon will make it possible for anyone to mirror the directory.
Keybase is still in alpha, which means there could still be many bugs and security problems. And although it makes key discovery and verification easier than its predecessors did, it still requires some command line knowledge to get working properly. It would also be nice to see more consumer facing web accounts, such as Google and Facebook, as verification options.
It's also worrisome that Keybase lets you upload your private keys. This seems like a recipe for disaster. The company says it won't save your passphrase, which would be needed to actually sign or decrypt any content. But if the service was hacked, or the developers were coerced, the software could be modified in such a way that it does capture your passphrase.
Also, PGP can't completely protect e-mail. Metadata—such as who sent a particular message and when--can't be encrypted. There are many new projects meant to address the short comings of e-mail, including the "Off the Record" plugin for instant message clients and the "next generation" messaging protocol Dark Mail, which is being developed in part by PGP creator Phil Zimmerman.
But Krohn says that even if we get rid of e-mail entirely, public PGP keys will still be useful for identity verification for many years to come. For example, coders can use it to sign their code, to help prove that it hasn't been modified by malicious hackers. It could eventually even be used to secure real-world infrastructure, such as safes or vaults. "Authenticity is the crown jewels of getting crypto right," he says. "That's what we're thinking long-term. Our goal is for everyone to have a public key. That's when things will get really interesting."
