Hi,
I have registered a device on my Ubuntu partition.
After switching to Arch I noticed that I cannot log into that specific device again..
What excatly is a device here? I thought it is like a ssh-identity. Whichever device posses a GPG key is considered X.
But my GPG key kinda seems to not be enough...
Is there a way to log back into a specfic device name? I also resetted my account and still device names are blocked.
For Frodo.
der-Daniel
All 9 comments
Device keys are provisioned by keybase client, and the client does not use your GPG key directly as a device key.
You would need to share a home folder, I suppose... or it might be a file in /etc/* not sure.
junderw
on 19 Sep 2017
How can I backup one of my devices then?
der-Daniel
on 21 Sep 2017
It's not recommended you ever move your device key off of your device. The best way to keep your account safe is to provision multiple independent devices (or paper keys).
maxtaco
on 21 Sep 2017
How can I backup one of my devices then?
You don't. That's the whole point of device provisioning.
You can generate a paper key if you need to, and that paper key can be used to provision new devices in the future.
A Paper key is your "backup"
junderw
on 21 Sep 2017
Ok understand, but
I understand device as a physical device. Am I wrong on this one?
What if I need to reinstall my OS. The device stay the same..
What is a good naming scheme then? My-Laptop-01, My-Laptop-02?
I do not think revoking devices just beacuse I reinstall an OS is a good practise. That can happen quite often..
der-Daniel
on 21 Sep 2017
I'm curious about this too. I can see why having the device keys leave the device is not recommended, but in case of an intentional reinstall someone could choose to do it safely (encrypted backup or secure-delete afterwards).
I found this here: it's possible to restablish your new OS as being the same device by restoring the Keybase directories from the old OS.
Would restoring the keybase folder containing the private, public, and team directories (/keybase on Linux) be enough? Would you just install Keybase again on the new OS, and overwrite the /keybase folder with the previous version?
ar-jan
on 9 Oct 2017
If experts want to backup their keys and copy them back after they have installed their OS, there's obviously nothing we can do to stop them. It's just nothing we want to encourage the average user to do, lest he/she transfers their private keys insecurely (via iCloud, let's say...)
If you do want to back up and restore, the only truly important files are:
"$(dirname "$(keybase config info)")"/secretkeys.*.mpack# <----- secret keys"$(keybase config info)"# <----- config file
maxtaco
on 9 Oct 2017
@maxtaco How would one do this for Android?
mholt
on 8 Jul 2018
there's no convenient way I know of, but if you have developer tools, the same files are in play.
maxtaco
on 16 Jul 2018
Related issues
martindevans
路
4Comments
tyrion
路
3Comments
shadowfacts
路
4Comments
eki
路
4Comments
hkjels
路
4Comments
Most helpful comment
If experts want to backup their keys and copy them back after they have installed their OS, there's obviously nothing we can do to stop them. It's just nothing we want to encourage the average user to do, lest he/she transfers their private keys insecurely (via iCloud, let's say...)
If you do want to back up and restore, the only truly important files are:
"$(dirname "$(keybase config info)")"/secretkeys.*.mpack# <----- secret keys"$(keybase config info)"# <----- config file