Key distribution is hard, no doubt about that. Keybase has a pretty good idea on its head, but falls on its face at the finish line.

The keybase approach of authenticating a key belongs to someone is by signing an advertisement for keybase with your private key and posting it to a social media account. This is actually a pretty decent idea, people are generally pretty sure their facebook/twitter/etc friend is the person they think it is. The more accounts you link to keybase, the harder it is for them to spoof being you, and ergo makes your public key’s authenticity pretty good!

The other day, my friend was asking how to encrypt a file public key. I assumed he meant a PGP key, but he was actually talking about ssh keys. A quick google shows people have asked this question before, with kind of lack luster answers.

The majority of ssh keys are actually RSA keys, which is good as they are the only type of ssh keys which can also encrypt. It also happens to be the majority of PGP keys are also RSA keys. As a result, the underlying encryption of PGP messages and authenticating to a server are usually the same.