Security ModelĪt a high level, end-user devices are trusted and Keybase/KBFS/other Proven ownership of the fakalin account at Twitter as well as theĪt the filesystem level, each non-canonical TLF name resolves as a Ownership of the fakalin account at Twitter. resolves to the Keybase user who has proven.akalin trivially resolves to the Keybase user akalin.Useful examples involve using assertions instead of usernames. The order of the writers or reader is not alphabetical, but more The simplest example of a non-canonical TLF name is one where You can also access keybase files through paths with non-canonical TLF This is also verified by the keybase client.įor further details on the crypto design of KBFS, see Keybase client, which checks the signatures of the updates to thatįor a private folder, it is guaranteed that only the writers for thatįolder have written to it, and only the writers and readers for thatįolder can read it. Writers for that folder have written to it. For a public folder, it is guaranteed that only the The canonical name for a TLF encodes which keybase users can read or To that TLF, whereas readers can only read. The writers for a TLF can both read and write Is a keybase username, and the list of writers and readers areĪlphabetized separately. Writer1,writer2.#reader1,reader2., where each writer or reader A canonical name for a public folder is in theįorm writer1,writer2., and a canonical name for a private folder keybase/private are encrypted in addition to being signed.Ī top-level folder (TLF) is a subdirectory of either /keybase/public Files andįolders under /keybase/public are signed, and files and folders under keybase/private/canonical_top_level_folder_name/subpath. keybase/public/canonical_top_level_folder_name/subpath or Path, regardless of the device from which you access it. “Global namespace” means that each file on KBFS has a single unique In particular, we (Keybase) cannot change, read, orĮven know the names of your private files. Guaranteed integrity and authentication, and also confidentiality whenĭesired, and that only the people intended to read or write a piece ofĭata can do so. “End-to-end encryption” means that all data stored in KBFS have "Syncing data for offline access" section below for more details.) Permanent local disk storage for some folders or files see the Usage policy" section below for more details. The local disk for temporary and transient data see the "Local disk KBFS don’t permanently take up space on your devices. Among other things, that means that by default files on “Filesystem” means that there is no sync model - files stream in and “Distributed” means you can access it from any device. The Keybase filesystem (KBFS) is a distributed filesystem withĮnd-to-end encryption and a global namespace. (For a gentler introduction to KBFS, see our launch announcement.) Overview
0 Comments
Leave a Reply. |