[mekaj]

Thank you and the Keybase team for this. Unlike other services, I think KB has solved the online identity authentication issue.

There's one hurdle I need to work through to get going on chat. Thus far I've avoided uploading my private GPG key to my Keybase profile, or even copying it to other devices (call me paranoid). Unfortunately this apparently means I can't authorize any other devices (see error message: http://imgur.com/a/UOftN). I assumed device keys were meant to solve this problem, but maybe not. Is there a supported way to make a subkey (GPG or otherwise) of my primary private GPG keypair, so other devices can securely authenticate against my KB profile?

EDIT: I haven't yet started using device keys. Maybe they would work?

[NickBusey]

This is answered in the FAQ at the bottom of the post.

You'll see this policy in action when you install Keybase on a 2nd computer. It'll make you either (a) type something on your first computer, or (b) enter a paper key. This isn't just two-factor auth with server trust. The old key is signing a statement about the new key, and the new key is countersigning.

[philsnow]

It could be formatted better: it's telling you you have three different options, one of which is,

    Install Keybase on a different machine that has your PGP key

I was in the same boat as you, I didn't want to import my private key onto this mac laptop because I don't know how the "Keychain.app" works and don't trust apple to not do something super helpful like store my GPG private key forever and always. I did the login flow on the machine I do trust, and was then able to use that machine to authorize the mac laptop, without moving any GPG keys anywhere.

[mekaj]

I interpreted that option as Keybase needing a local copy of the PGP key. Thanks for helping me understand that's not the case.

I've set up Keybase on my trusted machine with my GPG keypair, and now have a device key on that machine. When I go to Devices -> Add new... -> New Computer in the GUI I'm told to "Type in text code" (along with the note "In the Keybase app on your computer, go to Devices > Add a new device"). I find this confusing because I'm already there. I tried using the only paper key I have, the one corresponding to my first device key, but there's no response when I click Continue. This is the Linux client, by the way. I'm guessing this is a bug, but I'm not sure. Can you confirm this is the same process you went through to generate your second device key?

When I try to log in on the secondary computer, which doesn't have the GPG keypair or a device key, I'm brought to the same error shown in the screenshot.

[philsnow]

on my trusted computer with my GPG key, I ran 'keybase device add', selected option 1 ("desktop or laptop") and it asked me to enter the "verification code" from the other device. It also said, "to get a verification code, run 'keybase login' on your other device", but I'm certain that I just clicked some buttons in the GUI instead of running that command.