| title |
|---|
keys.pub - Cryptographic key management, sigchains, user identities, signing, encryption, password manager, FIDO2 |
Or the command line only.
- Manage cryptographic keys, sigchains and user identities.
- Search for keys, verify and import them.
- Securely store passwords and secrets.
- Encrypt, decrypt, sign, verify (using Saltpack).
- Create a secure connection (Wormhole) between 2 computers (using Noise).
- Most features available in both the app and on the command line.
- 100% open source (github.com/keys-pub) and cross platform (macOS, Windows, Linux).
- Coming soon: Backup keys/secrets to your private self-hosted storage on S3, GCP, Dropbox, etc.
- Coming soon: Support for hardware keys like SoloKeys, YubiKeys, FIDO2.
- Coming soon: Mobile apps.
::: warning This project is in development and has not been audited. :::
Key management is hard. We need tools, libraries, apps and documentation to help us.
The default key is a Ed25519/X25519 key capable of signing and encryption.
We can link this key to your identity on Github, Twitter, Reddit, etc, by creating a signed statement and publishing it both there and on your sigchain. (You can either revoke the sigchain statement or remove the signed statement to "unlink".)
You can search for keys by user name and service (e.g. gabriel@github, gabrlh@twitter), or lookup a user by a key identifier using a REST API.
The Saltpack format is used for signing and encryption, providing authenticity, repudability and anonymity.
The Noise Protocol is used to create a secure connection (Wormhole) between 2 computers/keys.
Key identifiers are Bech32 format, encode the type of key and public key bytes, and include a checksum with error correction.
Your keys and secrets are protected by a keyring which is secured by both the OS and a user supplied password.
The app and command line utility connect to a keysd daemon runs as a gRPC service on your computer.
keys pull gabriel@github
kex1mnseg28xu6g3j4wur7hqwk8ag3fu3pmr2t5lync26xmgff0dtryqupf80c
> echo "hi 🤓" | keys encrypt -a -r gabriel@github
BEGIN SALTPACK ENCRYPTED MESSAGE. kcJn5brvybfNjz6 D5ll2Nk0Z2co0as ...The above example pulls the public key for the Github user gabriel, verifies it and creates an encrypted saltpack message.
All the features in the app is available through Go libraries.
- Keybase: This project borrows many ideas from Keybase, including sigchains and user (proofs), and uses Saltpack and keybase/go-keychain and other packages. However, this project only links a single key to a user.
- Age: We also use Bech32 as a key identifiers, and convert Ed25519 keys to X25519.
- Other key types like age?
- Legacy/pgp?
- Better documentation
- More services (Facebook, Website)
- Inbox
- Import SSH ed25519 keys
- Wormhole through relays (syncthing)
- Syncthing integration