keys.pub - Cryptographic key management, sigchains, user identities, signing, encryption, password manager, FIDO2

# Install

Download for macOS (opens new window)

Download for Windows (opens new window)

Download for Linux (opens new window)

Or the command line only.

WARNING

Unfortunately, this project is not currently being worked on. I may revisit this in the future, if you would like to sponsor development or hire me please reach out at gabriel@keys.pub.

# What is it?

Manage cryptographic keys, sigchains and user identities.
Search for keys, verify and import them.
Encrypt, decrypt, sign, verify (using Saltpack (opens new window)).
FIDO2 support for hardware keys like SoloKeys (opens new window), YubiKeys.
Most features are available in both the app and on the command line.
100% open source (github.com/keys-pub (opens new window)) and cross platform (macOS, Windows, Linux).
Experimental: Create a secure connection (Wormhole) between 2 computers (using Noise (opens new window)).

Using the desktop app to encrypt a message from gabriel@github to multiple recipients.

WARNING

This project is in development and has not been audited.

# Why?

Key management is hard. We need tools, libraries, apps, services and documentation to help us.

# How does it work?

The default key is a EdX25519 key capable of signing and encryption.

We can link this key to your identity on Github, Twitter, Reddit, HTTPS domain, etc, by creating a signed statement and publishing it both there and in your sigchain. (You can either revoke the sigchain statement or remove the signed statement to "unlink".)

You can search for keys by user name and service (e.g. gabriel@github, gabrlh@twitter), or lookup a user by a key identifier using a Web API.

The Saltpack (opens new window) format is used for signing and encryption.

The Noise Protocol (opens new window) is used to create a secure connection (Wormhole) between 2 computers/keys.

Key identifiers are Bech32 format (opens new window), encode the type of key and public key bytes, and include a checksum with error correction.

The app and command line utility connect to a keysd daemon thats runs as a gRPC service on your computer. 3rd party applications can choose to use the command line interface, the gRPC interface or the go library directly.

keys pull gabriel@github
kex1mnseg28xu6g3j4wur7hqwk8ag3fu3pmr2t5lync26xmgff0dtryqupf80c

> echo "hi 🤓" | keys encrypt -a -r gabriel@github
BEGIN SALTPACK ENCRYPTED MESSAGE. kcJn5brvybfNjz6 D5ll2Nk0Z2co0as ...

The above example pulls the public key for the Github user gabriel, verifies it and creates an encrypted Saltpack message.

# What else?

# Go Libraries

All the features in the app are available through Go libraries.

See some examples

# Similarities/Differences

Keybase (opens new window): This project borrows many ideas from Keybase, including sigchains and user (proofs), and uses Saltpack (opens new window) other packages. However, this project only links a single key to a user.
Age (opens new window): We also use Bech32 as a key identifiers, and convert Ed25519 keys to X25519 (opens new window).

Install →