
How can I verify Keybase's end-to-end encryption between me and a friend? - lucgommans
https://security.stackexchange.com/questions/222055/how-can-i-verify-keybases-end-to-end-encryption-between-me-and-a-friend
======
lucgommans
Keybase Chat is audited and widely regarded as secure, but when prodding for
details on how key verification works without human verification, people kept
telling me that blockchain magic takes care of it. Eventually I did a deep
dive and spent some hours trying to find any path through which the keys are
reliably verified, resulting in the post as linked.

As far as I can tell, there is no key verification possible in the mobile app
and it's basically "trust the server on first use" (TOFU; details are in the
StackExchange question). I'm not saying that this is _insecure_ per se, better
use open source Keybase than some of the more popular apps, but they claim
it's proper end to end encryption (E2EE). One might argue whether this can
perhaps fall within the E2EE definition and shift the discussion to whether we
should weaken the definition of E2EE to unambiguously include TOFU, but the
question whether my analysis is correct remains: is there a way to verify
Keybase's end-to-end encryption between me and a friend, or do I just have to
trust the server's initial key?

It seems weird for Keybase to make a claim that is not in line with what I
think is the common understanding of E2EE, so I'd love if someone else can
also read all the docs and post an answer to either confirm it or prove it
wrong. Maybe the Keybase authors could chip in, and one of the auditors is
also the highest ranked user on the security stackexchange site so I had some
hope that he would answer (I also sent him an email). It is now tied for the
highest voted unanswered question on the site and someone opened a bounty on
the question for more attention but it hasn't elicited answers so far (that's
actually why I posted it here for attention: someone with only 100 rep whom I
don't know opened a bounty for 50 rep, and I don't want it to go to waste). If
someone here knows more, a definitive answer would be welcome!

~~~
opendomain
Thank you for doing this.

