Apparently, the one thing the internet needs right now is a new PGP key directory! I bet you can’t contain your excitement!
Sarcasm aside, Keybase is a new PGP key directory, albeit one with a difference. Whereas most, like PGP‘s own Global Directory, validate purely based on the email addresses contained in the keys, Keybase intends to be publicly auditable and linked to social media. That means that if you upload your public PGP key to Keybase, anyone should be able to validate that the key is indeed yours, and is in turn tied to your Twitter and Github accounts, and your web site. Its developers were the co-founders of dating site OKCupid.
You can then prove your identity, and at the moment, this can be done on Twitter, Github, and one or more of your own domains. This is done by tweeting a cryptographic hash, posting a gist on Github and uploading a file to your web server – all containing cryptographic data that someone can verify using your public key from Keybase. If your private key is hosted online, you can do this in the browser, but otherwise you’ll need to use the command line client.
Keybase is in its early phases. I’m guessing from its illustrations that support for Reddit profiles, and Bitcoin wallet addresses, are in the pipeline. And other than verify people’s keys, track other users to vouch for them, and send encrypted messages, there’s not a whole lot you can do on there right now.
Whilst I verify that I own this web site by including my web site’s URL in the key itself (available here), I suppose this is another way of proving identity on the web.
Public signups are not yet available, but at the time of writing I have two invites available. If you want one, let me know in the comments – I just need your email address.