Direct keybase integration - signup/login about polykey HOT 9 CLOSED

My understanding is that the PK public key can be pushed up to the keybase profile just like the GPG and bitcoin addresses.

However a single human identity may have many PK keys. So either keybase allows us to publish a set of public keys (representing secret Points of Presence), or we just have to choose one of them.

from polykey.

We'll have to use signatures. We cannot add public keys to keybase system. Signatures will be fine, as that's what they use already to indicate ownership of social media profiles. Posting a signature to keybase indicates that the profile has ownership over any keynode that satisfies the signature check. Later other social networks can be approached the same way, by expecting keynode signatures to be posted.

from polykey.

Actually I've just realised we can generate keypairs with kbpgp and then upload them to whatever keybase user you are logged in as! This is done via key/add!

So this might settle how we generate sub keypairs for PolyKey and not reuse the primary keybase keypair. I'm still not 100% sure about it because there is a clause that says 'this will replace your public key'

from polykey.

I've just realised that it's not really valid to 'download the private key' after login in order to proceed with polykey, I think it is possible with keybase but strongly discouraged: keybase/keybase-issues#160.

The better option would be to login to keybase on whatever device you are using and once its authenticated, upload the public key for social discovery. This seems a lot more like the way it should work where the private key always stays on the device and possibly linked to the os keychain (#6). Then your private key remains on your device and doesn't go anywhere else. This is more like a normal link between the human and digital identity and nothing more.

from polykey.

it looks like keybase doesn't support adding keypairs at the moment: https://keybase.io/docs/api/1.0/call/key/add
Not sure when this will be developed, but we could somehow adapt key storage to kbfs? but I don't think it has an API

from polykey.

well there is always the keybase-bot, I am looking into it now and it seems the bot can use kvstore so we can store it there. There are currently bots for github, facebook etc so we can implement a bot for polykey that takes one of the users paper-key and is separated from the users account but can also feed messages into teams or individual chats.

from polykey.

here is an example I was playing around with, basically the bot is initialized with a keybase username and a pre-generated paper-key:

// A simple nodeJS bot that doesn't care who else is logged in on this machine
import Bot from 'keybase-bot'
async function main() {
  const bot = new Bot()
  await bot.init('robertcronin', process.env.PAPER_KEY!)
  /* now you can do things with the bot */
  console.log(await bot.kvstore.put('', 'polykey', 'privateKeyPair', '====BEGIN PGP MESSAGE==='));
  console.log(await bot.kvstore.get('', 'polykey', 'privateKeyPair'));
  await bot.deinit() // when done
}
main()

and the output:

{
  teamName: 'robertcronin,robertcronin',
  namespace: 'polykey',
  entryKey: 'privateKeyPair',
  revision: 4
}
{
  teamName: 'robertcronin,robertcronin',
  namespace: 'polykey',
  entryKey: 'privateKeyPair',
  entryValue: '====BEGIN PGP MESSAGE===',
  revision: 4
}

notice the teamName defaults to the username, but it could be attached to a particular team within polykey and send automated messages for public keys to facilitate peer discovery

from polykey.

Keybase API login can be achieved in JavaScript using https://github.com/keybase/node-login
The idea was to login and post a signature for polykey primary key advertising: https://keybase.io/docs/api/1.0/call/sig/post
But we ran into an error using node-login lib:

Error: from login: non-0 status {"code":1002,"desc":"Failure in verify PDPKA5","name":"SIG_CANNOT_VERIFY"}
    at /home/robbie/Documents/github/js-polykey/node_modules/keybase-login/lib/login.js:53:17
    at Generator.next (<anonymous>)
    at Deferrals.exports.Deferrals.Deferrals._call (/home/robbie/Documents/github/js-polykey/node_modules/iced-runtime-3/lib/runtime.js:88:20)
    at Deferrals.exports.Deferrals.Deferrals._fulfill (/home/robbie/Documents/github/js-polykey/node_modules/iced-runtime-3/lib/runtime.js:97:21)
    at ret (/home/robbie/Documents/github/js-polykey/node_modules/iced-runtime-3/lib/runtime.js:29:18)
    at Request._callback (/home/robbie/Documents/github/js-polykey/node_modules/keybase-login/node_modules/iced-error/index.iced:64:22)
    at Request.self.callback (/home/robbie/Documents/github/js-polykey/node_modules/request/request.js:185:22)
    at Request.emit (events.js:315:20)
    at Request.EventEmitter.emit (domain.js:482:12)
    at Request.<anonymous> (/home/robbie/Documents/github/js-polykey/node_modules/request/request.js:1154:10) {
  istack: [ 'post_login', 'login' ]
}

The only mention to this error code I could find was this issue on the client repo: keybase/client#5788

This might be an issue with my local keybase device or a bug in the API, I can't be sure, perhaps we try it with another user on a separate device. The best way to do this is the npm install keybase-login and run this script with your credentials:

import { login } from 'keybase-login'

const username = "<username>"
const passphrase = "<passphrase>"

login({username, passphrase}, (err, res) => {
  console.log(err);
  console.log(res);
})

@CMCDragonkai you might want to try this out before trialling sig/post, if you get the same, let me know and I will post an issue on the relevant keybase repo. If it doesn't work I'd say we stick with the polykey.proof hack

from polykey.

Closing on account of migration to gitlab

from polykey.