Importing a key or key pair in Keybase on Windows

End-to-end (E2E) encrypted communication is valuable and necessary. Many tools provide this. Recently, I’ve started using Keybase, not only because of its ability to provide E2E encrypted messaging but also because of its additional feature set. One key feature is the ability to link your identity on Keybase to your identity on other sites, including Twitter and GitHub.

Keybase can also encrypt and decrypt files using PGP. PGP uses a public/private key pair to encrypt (as opposed to a symmetric key, which can create a challenge because you need a secure channel to send the symmetric key to the recipient of your message). To use Keybase with PGP, you can create a new PGP key pair directly inside Keybase, or you can import an existing key pair.

Say you have a PGP key pair in an app on Windows. Maybe the app is Kleopatra. Now, you would like to import that key pair, or the public key only, in Keybase, so you can use it to exchange encrypted messages and files.

You should carefully consider if you want Keybase to have access to your private key of an existing key pair, but I leave that decision to you. It is possible to import only the public key, which is all that someone needs to send you encrypted content.

I am not going to detail how to sign up for Keybase or how to install Keybase on your Windows PC. Refer to the link for the official guide.

For the task at hand, I am also going to assume you have exported your key pair in a PGP format, generally a file with the .asc extension. For the command line examples below, the file is in the C:\keys directory and has the name keypair.asc. The file must contain both the private and public keys, even if you don’t plan to send your private key to the Keybase servers.

Keybase comes with a command-line client. Not surprisingly, the command is keybase. You can explore the command line by typing in keybase at the prompt and pressing Enter. Keybase lists the supported commands. To learn more about a particular command, type keybase command. For example, type keybase pgp and press Enter for information on the pgp command. For usage details of the import command, use keybase pgp import h. The h is necessary to distinguish asking for help versus executing the command.

I am using the import command with the --infile (or -i, for short) argument. If you wish to send the private key to the Keybase servers, add the --push-secret argument.

keybase pgp import -i keypair.asc

The Keybase UI asks for the password of the private key. You would have set this during the export. If the Keybase UI is already open, the password dialog box may pop-under, so look out for it.

Note: If you choose to push the secret key to the Keybase server, you also need to enter your Keybase password. A second dialog would pop up, asking for that.

If you entered the password correctly, you see the confirmation on the Keybase command line. Note that the key pair maintains its existing expiration date. You can now see your PGP key on your profile, e.g., https://keybase.io/svenaelterman.