[JNRowe]

> I feel like keybase is great as a key-management platform and _that's it_.

I agree, although I'll freely admit I haven't tried to use the other features all that much.

However, I do find myself a little uneasy with the key management aspects too. The official keybase CLI package being ~500mb when installed, the background server, etc concerns me. The alternative of using curl with a heap of largely inscrutable commands seems unworkable¹.

I wonder if anyone has worked on an alternative, and easy to inspect, client to interact with keybase for just the key management aspects?

1. I largely used the curl method, but suspect very few others would.

[oefrha]

I don’t enjoy the key management part of Keybase and don’t find it particularly strong, but why do you think the curl method is inscrutable? The entire payload (basically a JSON blob plus a signature) is there for you to see instead of a binary client that could do god knows what (even if you have the source code it’s probably harder and at least slower to understand than the final payload sent over the wire). I would say the curl method is actually the most inspectable one.

[JNRowe]

Inscrutable may have been a little strong, but just having a re-test here shows me a nine argument curl call in some paths. I'm not saying you can't inspect it, but there is a lot going on there.

I think we're in agreement that a huge binary client is worse, but I'm suggesting there may be a middle ground with a small/simple open source client just for the key management aspect. That said, it does of course rely on people actually looking at the source of such a client ;)

[oefrha]

The parameters are mostly server states. What’s interesting to you should be “what am I signing” (since that’s the only part they didn’t provide you in the first place) and it’s a JSON blob that’s fairly understandable.

A small client is still going to send the same payload.