|
|
|
|
|
|
by zintagon
3703 days ago
|
|
|
> Be willing Copy & paste private key into application I understand this is a prototype. This is a hard boundary for me to cross when you have already stated it is a prototype and there are several vulnerabilities. Because of this, I haven't installed your app to try it out but I did watch the video. In your video you show two users on a web chat application encrypting their conversation after typing directly into the site's input control. The chat site may have been recording the input you typed in. I think Gmail will do this, for example. How about changing the model so you only type into your app? Interesting way to use keybase. Still seems to be a bit too much friction for the end-user. I would probably accidentally send the message without encrypting it. What is your vision of where this could lead? How will you make it easier to use? |
|
|
> How about changing the model so you only type into your app?
Indeed this is possible, but a bit more work than I was going for.
> What is your vision of where this could lead?
Honestly, my hope is that this triggers some other ideas and/or someone else is willing to work with me. Keybase is pretty awesome, and opens up a ton of options. I personally don't have a ton of bandwidth, and without anyone else being interested, I'll probably do very little.
> How will you make it easier to use?
Keybase has an API endpoint to export your private key. I requested Keybase to explain to me how to use it, because when you hit that endpoint you get a bunch of junk. It turns out only a portion of what is given to you is the private key, the rest is other data. They wouldn't tell me where to parse.
That being said, I hope they will improve that. When they do, it'll be possible to just plugin your keybase username & password and you'll be able to encrypt and decrypt.