Wednesday 8 May 2019
TLDR: Fluidkeys sets your team up with PGP keys, giving your team encryption superpowers. This release improves the reliability and usability of setting up a team.
This release builds on Fluidkeys v1: Simple PGP for teams with usability and reliability improvements. Based on feedback from teams, it’s now even easier to get your whole dev team set up with PGP, with no need to manually exchange keys.
The main changes in this release:
It’s essential that Fluidkeys can run in the background to take care of fetching keys and maintaining your key automatically.
We initially used
cron since it’s cross-platform, but macOS Mojave introduced some difficulties.
Mojave restricted applications’ ability to edit a user’s crontab, and applications running from
cron became unable to access the keychain.
On macOS, Fluidkeys now uses launchd instead of cron. From our testing so far, this is working much more reliably.
Accessing the keychain and unlocking a key presents a whole class of possible errors. To improve
reliability of background tasks, it helps to minimise the occasions where
fk unlocks a key.
We changed the way
team fetch works so that, most of the time, it doesn’t need to unlock your
When things do go wrong, we want to be able to quickly help teams get back up and running. Previously, we just didn’t have enough information and this made support impossible.
We’ve added two diagnostic messages that
fk sends to our server when running in the background:
These are only sent when running in the background (via
fk sync) and they’re only sent if you’re
part of a team.
fk generated keys which expire in about 60 days, and it would try to extend them
after about 30 days. This works fine within a Fluidkeys team, where we can ensure updated keys
are distributed among the team quickly and reliably.
But we (and lots of our users) are using PGP with contacts outside a Fluidkeys team. That was causing issues: if I update my key each month but my contacts haven’t set up automatic fetching of keys, they keep seeing my key as expired.
Our ambition for fast-renewing keys was actually creating obstacles, the opposite of what Fluidkeys should be doing.
For now we’re switching to the more-mainstream view of extending keys for a year (roughly, see below).
When I used PGP in a team of 12, we found it helped if several people’s keys expired at the same time, rather than randomly throughout the year. This meant several people would get expiry notices at the same time, making it easier to verify with another team-mate.
With this in mind, Fluidkeys sets expiries which align to a quarter:
Fluidkeys automatically extends your key so you this should be completely transparent.
Previously, we created a new encryption subkey each month and expired the old one. This key rotation was a form of forward secrecy.
However, it introduced an obstacle for people using multiple devices. It was possible to get in a situation where one device has an encryption subkey that another one doesn’t.
Again, we’re reigning in our ambition for now. Key rotation is great, but if we want millions more people to use PGP, we must focus on removing obstacles.
When you add someone to a team, there’s a back-and-forth flow like this:
fk team apply <code>which gives him verification details
fk team authorize
Reminder: the team is protected by a cryptographically signed text file. Only Tina can add people to the team (even we can’t). That’s why this isn’t a simple click-a-link web flow.
team apply and
team authorize now work harder to get you through the process. At the
end, both Chat and Tina have each other’s keys. Soon after, everyone else in the team does too.
You shouldn’t ever get one of these, but if something does go wrong with Fluidkeys’ background task, and it doesn’t extend your key automatically, it’s important that help prevent the key from expiring.
We now send expiry reminders at 14, 7 and 3 days before expiry. We include a one-liner to extend the key and diagnose the issue with the background task.
If keys do expire, we now delete them automatically, including all related information like email addresses, preferences and logs. This ensures we’re never trying to use broken keys, and it protects your personal information too.
We’re in the process of incorporating as a UK non-profit. This compels us to put our social objectives before profit. From our articles of association:
The objects of the Company are to make it simple for organisations to adopt technology and practices that protect personal information so that people may maintain their right to privacy, enjoy civil liberty and feel confident and able to participate in public life.
Fluidkeys is free for individuals and teams of two.
Paying for a team subscription supports the mission and ensures we can continue to work on Fluidkeys.
We’d love you to try out Fluidkeys and let us know how you get on.
Please get in touch: we’re excited to hear from you :)
— Paul & Ian