Let’s face it, PGP is pretty old school. It’s like pocket-protechor old-school. I’ve personally taken several runs at trying to get PGP up and running. The problem has always been: once I get PGP working, there’s nobody to send encrypted email to. PGP just has never had enough scale to get even close to mainstream. Enter keybase, which is trying to revolutionize the way people use and think about PGP with a friendly web site and integration into services such as Twitter, reddit and github. I finally cajoled an invite out of a friend today and have been giving it a whirl.
My first impression is that Keybase does not entirely solve the problem of making public-key encrypted email work better. For one: if you want to incorporate PGP email into Apple Mail, you still have to download and install GPG tools, and the command line keybase tools (which require Node and NPM). And though there is some integration between the GPG tools and the Keybase tools, it’s fiddly and requires lots of command line usage (e.g. to make sure people you “track” on the Keybase web site also have their public keys imported into your GPG keychain so you can send them encrypted emails from within Apple Mail. AND you have to use GPG tools to manually add additional email addresses into your key, if you generated the key with Keybase. So that’s a pretty high bar if you want seamless PGP email from the desktop. I haven’t even tried to get it running on any of my mobile devices yet – which will definitely mean moving to a new email client (or just not being able to access encrypted emails on mobile, which is not ideal). There’s a lot of work going on to remedy these issues if the github issue threads are any indication.
What Keybase does allow you to verify PGP signatures without physically validating fingerprints in person, though proofs you add to your social networks.
Anyway, I now have some keybase invites. If you would like one, please message me in some way and have a look yourself.
Liked this post? Follow this blog to get more.