WARNING

This project is in development and has not been audited. Don't use for anything important yet.

# Install

Download for macOS

Download for Windows

Or the command line only.

# Introduction

Key management is hard.

keys.pub is a go library, desktop app, command line utility and REST API that manages cryptographic keys, sigchains and user identities. It integrates with other frameworks to provide signing and encryption, such as Saltpack or Noise Protocol.

> keys pull gabriel@github
kex1mnseg28xu6g3j4wur7hqwk8ag3fu3pmr2t5lync26xmgff0dtryqupf80c

> echo "hi 🤓" | keys encrypt -recipient gabriel@github -armor -stdin -stdout
BEGIN SALTPACK ENCRYPTED MESSAGE. kcJn5brvybfNjz6 D5ll2Nk0Z2co0as ...

The above example pulls the public key for the Github user gabriel, verifies it and creates an encrypted message.

The default key is a Ed25519/X25519 key capable of signing and encryption. This key can also be used to create a sigchain (an ordered sequence of signed statements). You can link a key to an identity (on Github, Twitter, Reddit, etc), by publishing a signed statement to this sigchain.

The Saltpack format is used for signing and encryption, providing authenticity, repudability and anonymity.

You can search for keys by user name and service, or lookup a user by a key identifier using a REST API.

Key identifiers are Bech32 format, encode the type of key and public key bytes, and include a checksum with error correction.

Your keys are protected by a keyring which is secured by both the OS and a user supplied password (similar to a password manager).

The keysd daemon runs as a gRPC service on your computer.

Using the desktop app to encrypt a message for the Github user gabriel.

# Similarities/Differences

# Coming soon

  • Other key types like age?
  • Legacy/pgp?
  • Better documentation
  • More services (Facebook, Website)
  • Inbox
  • Import SSH ed25519 keys
  • Wormhole through relays (syncthing)
  • Syncthing integration