Here at Keybase, we manage our own infrastructure via “chatops.” That is, we collaborate in a chat channel where we discuss and perform deployments. Chatops is great because:
Above we see @amarcedone asking a bot for a server graph. And @joshblum deploying a program.
Chatops like this might sound or look familiar. But in our case, there's no dangerous man-in-the-middle.
Any team software that isn't end-to-end encrypted and authenticated shares these monster risks.
You can write a bot in a few lines of TypeScript/JavaScript, Go, Python, or a language of your choosing. In just a few lines, that bot can do plenty of things:
These cute little bots you write will have their own keys and sigchain—just like a baby human in the Keybase era! In other words, the bot gets end-to-end device and team management for free.
Besides writing your own, you might wish to use 3rd party bots. Here's why:
So Keybase has begun a directory of useful community & Keybase-authored bots. They are available from the info-pane in any chat, starting in this week's release:
Convenient, right? This bot is a "Restricted Bot", which means it can't read what's happening in your chats—only messages directed at it:
And that's it. You can add Google Meet Bot, Reminderbot, Jirabot, etc., to your teams, in just a couple clicks, and without exposing your normal messages to whoever's hosting the bot.
Even a hosted bot lacks the keys to read your other messages.
When a team admin invites a bot into a channel, they announce a bot-specific key in the team's sigchain.
Only messages intended for the bot (say, prefixed with !meet) are encrypted for the bot. All other messages aren't encrypted using the key, so the bot can't read them. It can tell those messages are happening, and who is sending them, but it cannot understand them.
You can tell in the app which messages are readable by a bot, because they get this icon on them:
In short, after a couple clicks, it works.
FAQ
What's your favorite bot on Keybase?
@hellobot. Say hi, and ask for a puzzle.
What's stopping Keybase from injecting a bot I didn't ask for into my team?
Ahhh, evil Keybase Corp. Your team members won't accept anyone into their team—bot or human—unless an admin adds them. Which, as you can imagine, is a cryptographically-signed statement. If it's a restricted bot, the addition statement says so.
Team changes are appended to an auditable, growing chain for the team.
What's wrong with passwords? And doesn't 2FA help?
⚠️ Password+2FA does absolutely nothing to protect against server break-ins or server bugs by your chat provider.
Also, it only requires one person to write their 2fa “backup codes” into gmail or a Google drive. That would be the same person who's bad at picking passwords. So your weakest link may have their passwords and their 2FA broken into, simultaneously.
But again, even if that's not a concern, it doesn't solve the server problems.
How do I write my own bot?
The easiest way is using one of our packages listed above: TypeScript/JavaScript, Go, Python.
If you prefer to write your own from scratch, you can explore Keybase's bot API with commands such as:
keybase chat api --help
keybase team api --help
# etc
If I install multiple bots in one chat, can they read each other's messages?
No, they get independently derived keys, and therefore can't snoop on each other.
Can you be more specific about the bot's keys?
Behind the scenes, the cryptography is exceedingly simple (we like that!). In Keybase, team members share a symmetric per-team key. This is a random 32-byte key that all members of the team can see. They rotate this key whenever anyone in the team revokes a device (and more frequently for exploding messages). Keybase users symmetricly encrypt all data in a chat channel using this key. When a team admin invites a bot into a channel, she derives a bot-specific key from the shared key (via HMAC-based key derivation), and encrypts this derived key for the bot's public key. Simple crypto ensures this derivation in uninvertible, so the bot learns nothing about the underlying key. You can also check out the docs for some more technical details.
All messages to and from the bot are encrypted using this derived key. People
in the conversation will only encrypt messages that begin with bot-specific
prefixes (like !meet) for the derived key. All human readers can derive this
key from the shared team key, and therefore can decrypt the bot's outputs.
Any idea for a cool bot?
So many, from fantasy sports to an IFTTT integration.
Here's one:
I'd like to see a programming challenge bot. Sort of a Project Euler inside Keybase...when you get a problem correct, it would unlock the next. It would also invite you into a special subteam for each problem, only once you got it right. A place for people who solved that problem.