Still in early development available for testing only.
How it works
With Keybase user/key management is made easy and with OnlyKey private keys remain offline and protected. They are not accessible to the browser, the extension, or the local computer. By using U2F the extension can send messages to OnlyKey to be securely decrypted and signed offline. This provides similar function to a token/smart card but no drivers or software required. With this extension and an OnlyKey secure messages can be sent using Windows, Mac, Linux, Chromebook.
Before using this extension you must follow these instructions to generate PGP keys and load them on OnlyKey:
BrowserCrypt is only available for testing as an unpacked extension. To add the extension to Chrome:
- Download the app and unzip - https://github.com/trustcrypto/OnlyKey-BrowserCrypt/archive/master.zip
- Browse to chrome://extensions
- Check the box for Developer mode
- Select “Load unpacked extension”
- Select the folder OnlyKey-BrowserCrypt-master to load
Add Keybase friends
After you create a Keybase account using the instructions provided in the User’s Guide you can add your account and your Keybase friends. This way you can send encrypted messages easily without having to remember their Keybase ID.
- Click the OnlyKey app icon in the upper-right hand side of the browser (OK)
- Type in your Keybase Username in the first box
- Type in your friends Keybase Usernames in the second box. Separated by commas.
- Click Submit
Sending and receiving secure messages
Now whenever you need to send an encrypted message:
- Just highlight a message to encrypt
- Right-click, and select Encrypt for [Keybase User] to encrypt the message via OnlyKey
- Enter the challenge code that displays in prompt and also displays on the OnlyKey app icon onto the OnlyKey
Make sure to compose your message in a form that does not have auto draft save features. For example, Gmail may save copies of unencrypted message as you type. The message box on https://apps.crp.to/encrypt may be used to compose messages. We will be introducing a feature soon to open a secure composition window
The encrypted message will be displayed and you can paste it into an email, IM, app or pretty much anything.
Empower the people: Give people the ability to securely send and receive messages using any computer with no complicated software/drivers required and no worrying about compromise of user’s private identity.
Private: No logins required. No tracking!!! No emails. No ads. No demographics. No local proof of who was using this extension as anyone can enter any username and/or list of friends from publicly available Keybase profiles.
Strong Crypto - Everything should be sent via HTTPS to/from the web application. Data between local browser and OnlyKey should be encrypted using AES/ECDH shared secret (NaCl + AES-256-GCM). This means on the local computer data is end-to-end encrypted and even if a malicious applications were to intercept communication it would be encrypted and unreadable without the key.
Open source & audit-able - What you see is what you get this repository is a Github page hosted directly on Github.
Please, feel free to commit fixes!
A detailed description of the underlying communication protocol can be found here - https://github.com/onlykey/onlykey.github.io
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country’s laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
The following cryptographic software is included in this distribution:
For more information on export restrictions see: http://www.apache.org/licenses/exports/