I had similar thoughts to coming up with an alternative to PGP, though I came more from the stance of trying to avoid RSA. I ended up using OpenSSH. What I stalled on was a good way to share and manage keys besides a directory of public keys. What I didn’t see in the post was how @tedu is managing that, but that’s something I’d be interested in hearing more about.
If I want your public key, I send you an email “hey, what’s your public key.” You email back. Or maybe you put it on the twitters. The keys are small enough that all of the places you would put your “keybase.io proof”, you can just put your key. Or use the telephone. Or symmetrically encrypt, and say the password over the phone.
Is it perfect? No. But I think it’s workable and livable. It does require some forethought if you’re going to be sending sensitive data. Like if you suddenly decide, mid starbucks, to leak some top secret documents to a reporter over free wifi but don’t have their key, that would be bad. Is Larry says that Ralph says that Moe says that Curly says this is Ted’s key really any better? If that’s what it comes to, you are better off negotiating that chain yourself.
PKI is a hard problem, but I’m not sure it needs solving. People want perfectly usable crypto, but unless it’s perfectly secure, I think it’s better to use a tool that says “hey, watch yourself.” It’s not quite the parable of the space pen, but 80/20 rule for sure.
Or did you mean file system directory? Yeah, you put all your friend’s keys in one file. I’m not sure how much management one needs to do that a simple text editor wouldn’t suffice. I have found this reasonably effective for dealing with ssh known_hosts.
When I was developing it, I just a directory (something like ~/.sshcrypt if I remember right) that I kept all the public keys in. I started looking into something like the hosts file, but then I realised no one was going to use it and I really just wanted a proof of concept anyways, so I didn’t end up collecting everyone’s keys into one list. I took the same approach in regards to trust, revocation, and all that too – that’s overkill for most communications security, and most developers I know can’t be arsed to make their beds, much less follow some notion of “proper” commsec.
I do prefer your choice of ciphers, by the way; I didn’t have that option building off SSH keys, but I’m glad the ciphers are there now.
Finally something reasonable!
Are there plans to push this into base along with libsodium? Or just as a port/package?
It’s just something I wanted to do. There was a kind of pressure to make signify into more than it is; now it doesn’t need to be.
If you put up a release archive somewhere I’ll make a port for it.
tedu this looks great. Can’t wait to play around with it.