DEV Community

Saul Hardman
Saul Hardman

Posted on • Originally published at on

Authenticate with using PGP and Keybase is a public instance of IndieAuth, the decentralised identity protocol built on top of OAuth 2.0. In this article I'm going to explain how to authenticate yourself using your domain and a set of PGP keys handled by Keybase. Once you've successfully logged into you'll be able to use the same method to authenticate with any IndieAuth service.

There are many methods of authenticating with IndieAuth, but PGP feels the most "Indie". I manage my keys using Keybase which conveniently hosts your public PGP keys in ASCII format. I'd initially presumed that IndieAuth would require keys to be hosted on the domain being used to login, but thankfully that's not the case and so keys hosted remotely on services such as Keybase can be used directly too.

Generating a PGP Key Using Keybase

Once you have Keybase Desktop installed, open up a terminal of your choice and run the following command and follow the steps to generate a PGP key:-

> keybase pgp gen
Enter fullscreen mode Exit fullscreen mode

If you've chosen to generate a new key, alongside an existing key, then you'll need to include the --multi flag.

Once that process is complete, you should now be able to access a hosted copy of your public PGP key at the following URL:-

# NOTE: replace `${YOUR_USERNAME}` with *your* Keybase username${YOUR_USERNAME}/pgp_keys.asc
Enter fullscreen mode Exit fullscreen mode

If you have multiple PGP keys associated with your Keybase account, you can select an individual key by setting the fingerprint parameter:-

# NOTE: run `keybase pgp list` to reveal additional information about existing keys${YOUR_USERNAME}/pgp_keys.asc?fingerprint=${YOUR_KEY_FINGERPRINT}
Enter fullscreen mode Exit fullscreen mode

Link to the Keys

Add the following <link> tag to the <head> of your HTML document:-

<!-- NOTE: replace `${YOUR_USERNAME}` with *your* Keybase username -->
Enter fullscreen mode Exit fullscreen mode

To verify that your configuration is working, and on each subsequent IndieAuth login, you will be provided with a snippet of text that you're required to sign using your PGP key. Navigate to the site and enter and submit your domain name to the <input> in the "Try it!" section:-

A Screenshot of the 'Try It!' Form on

To do that with Keybase, open the command line and (after ensuring that you have Keybase Desktop installed) run the following command, replacing the placeholder text within the single quotes with the challenge text:-

> keybase pgp sign -m 'INSERT CHALLENGE TEXT HERE'
Enter fullscreen mode Exit fullscreen mode

If you're on macOS, you can pipe the output to pbcopy so that you're ready to paste the signed text back into the <input>/<textarea> and submit right away, like so:-

> keybase pgp sign -m 'INSERT CHALLENGE TEXT HERE' | pbcopy
Enter fullscreen mode Exit fullscreen mode

So there you have it, you should now able to authenticate with IndieAuth services using your very own domain and a set of PGP keys.

Top comments (0)