![]() Or am I still missing some way that makes this true end to end encryption? But we do trust the server to be honest at least some of the time. Since the app also seems not to allow fulfilling the second option (comparing keys), I guess this concludes that there is no E2EE currently implemented in Keybase? An attack is hard to pull off: even a malicious server (very ideal position) would have to MitM from the start, so they have to have prior knowledge of whom to target. That strikes out the first option if I'm not mistaken. Leaving in the middle whether (something like) SPV is a good solution, it is currently not implemented. Update: A friend linked this GitHub issue, where it is basically said that the whole blockchain thing isn't yet done by the app. If we do need to compare fingerprints/keys/sigchains, how can that be done in the Keybase app?.Do Keybase chats require any kind of key to be manually verified for end-to-end encryption, or does the blockchain data (which the app could verify silently under the hood) somehow prevent us from having to compare fingerprints/keys/sigchains?.When talking about it to others, they mention this blockchain thing as the reason why it's secure without needing to verify anything yourself, but I can't figure out how it works. ![]() A malicious server could return the correct answers to my command line client while telling the mobile app that the signature chain contains an entirely different key (namely the one the malicious actor uses to perform the MitM). ![]() There is documentation about how to do the verification step by step, but aside from that the instructions are broken (there is no sigs field in root_desc, the result of root.json?hash=X), this is not something I can do on my phone. How does that make sense when they claim "all messages are secure, end-to-end encrypted"? The client also occasionally and briefly displays a banner above the chat saying "end-to-end encrypted". but where does that signature chain come from? This has to be fetched from Keybase servers, so since there is no way to display it, I have to trust the server to send me the right key. So if I'm reading this right, when my friend opens a new chat with me, their client generates the shared secret, it will take the public key from the crypto_box inside my signature chain and encrypt the shared secret with that public key, and upload the result to Keybase's server so that I can download and decrypt it, thereby establishing the shared secret and starting the chat. It's shared by everyone in the chat, When a new device needs this shared key, another device that has it will encrypt it with the new device's public crypto_box key and then upload it to the Keybase server. Those keys live in the user's signature chain A chat symmetric encryption key is 32 random bytes. The documentation doesn't mention any and I can't find it when looking around.įurther on, it explains the public keys are put into your signature chain:Īll Keybase devices publish a crypto_box public key and a crypto_sign public key when they're first provisioned. The weird thing is that there is no button to do either of this. Okay, so either we verify the symmetric key (identical on both phones), or we verify the public key (I should be able to display mine on my phone, and my friend will call up what their phone thinks my public key is, and that should match). How does this work with Keybase? Their documentation explains parts of it:Īlice and Bob share a symmetric encryption key, which they pass through the server by encrypting it to each of their devices' public encryption keys. If they match, you know (based on the open client code and the cryptography it uses) that there is no (wo)man in the middle. In Signal you check the safety number, in Wire you check the device fingerprints, and in Telegram you check the encryption key. It's pretty standard for E2EE software that the (client) code is open, the server sends you the encryption key, and you can check the encryption keys out of band. Since you can't host your own server, it has to be the Keybase, Inc's server that sends you the encryption key of your friend. ![]() But after loading the code onto your phone - installing the Keybase app - and starting a chat with your friend, you still need to verify that the server sent you the right encryption key. You've read all the code in the client, or someone you trust has done so for you. The premise of end-to-end encryption (E2EE) is that the client is secure and trustworthy, your end devices is secure and trustworthy, but the network and server need not be trusted.
0 Comments
Leave a Reply. |