On encryption, I think there should be some easier way to default to a sender, rather than needing to specify it all the time. Maybe the first key created? For example, I have four keys in my keyring:

% keys list -t edx25519
kex1cff9ug3yflntlwjcjrh4amsdpwcvu4rsnsaru2e4z2rdqerwlagsd7gwd2 aarontoponce@twitter
kex1l0vr4xn8xzmyk8gemvtuh6dw93glujn9apwhrkh528t5fkw62weqel0ymw atoponce@github
kex1c0jp03hpuall9rphcn3syzncsqn9m2hswpj6ca3d66hy65vpvraq57yepu atoponce@reddit
kex13jf47j9492ck7twu8wstq68ezjggruv06vfr39s8s2xa2434c77sec6lyk pthree.org@https

Twitter was the first key I created, so maybe " (default)" could be appended at the end of the line, with functionality to change the default, say to my Reddit or Github keys. Then, I can do:

% echo 'super secret message' | keys encrypt -a -r user@example

Rather than needing to:

% echo 'super secret message' | keys encrypt -a -r user@example -s atoponce@reddit

Also, I find it curious that --mode, -m signcrypt isn't default. I'm curious if there is a larger usecase for sending deniable messages that aren't signed versus ones that are.

Last thing. One thing I always felt missing from the Keybase CLI was the ability to generate passwords or passphrases. With the fact that you're supplying keys rand to generate random bytes and encode them, works for most cases I think. You have various encodings, including BIPS-39. But the help on error is confusing:

% keys rand -n 8 -e bip39
Entropy length must be [128, 256] and a multiple of 32

But I can do:

% keys rand -n 16 -e bip39
powder kitchen stove already range ignore prison group recall elite hedgehog alpha

It took some fiddling, but what you're saying in the STDERR output is that you must supply at least 128 bits (16 bytes), but no more than 256 bits (32 bytes), and it must be a multiple of 32 bits (4 bytes). That means when using BIPS39 encoded, there are really only five options: 16, 20, 24, 28, and 32 bytes. I would also recommend standardizing on a unit (bytes or bits) and remain consistent. So maybe something like this instead:

% keys rand -n 8 -e bip39
bip39 must be 16, 20, 24, 28, or 32 bytes in length

Thanks for the feedback. Yeah the bip39 error is too confusing.

I'm not sure yet about default keys... I have to think about it more. From a UX perspective it seems better to not have to explicitly specify keys especially if you only have 1, but it becomes easy to accidentally use the wrong keys later on if you have multiple... so idk yet.

BTW, the bip39 error is fixed in the latest release.