To be honest, few things have caused me more frustration the past month than trying to work with the Keybase API (although it is still in beta). What’s Keybase you ask?
Essentially, it is a centralized hub where you can store a “public key” (used to encrypt messages) or if a user desires store a “private key“. It uses a process exactly the same as the image below:
With your public key in the database, anyone can then easily search you by your twitter handle, Facbook, email, or almost any social media. What this allows, is the ability to both confirm a particular person is who they say they are, and to send encrypted messages to anyone on the network. To be honest, it’s pretty cool and I like the idea (though centralized encryption is a bit scary).
What’s unfortunate, is that it is still in beta and not fully flushed out, leaving much to be desired. This is where my frustration comes in, virtually no documentation covered actually logging in using javascript and AJAX. The difficulty was figuring out how to salt the password in order to login, it requires various parsing, encoding, slicing, etc.
The final salting that managed to work is below:
Unfortunately, the code above requires the use of CryptoJS (on Google Code and Github), as well as the following code to take a string and parse it into a u8array.
Then, finally putting it all together it enables a user login:
With a successful login, it is possible to obtain everything from previous login attempts, to public keys. Unfortunately, it does not appear Keybase desires the average user to have access to have access to a private key after logging in (at least based on the issue I posted github/keybase-issues #1912). This means the only option to get a public key is to copy & paste it.
Regardless, I hope this helps anyone else who has had this issue!