Make the "per_user_key" section of an API arg.

BaseProofSet creates a basic proof set for a user with their keybase and uid proofs and any pgp fingerprint proofs.

CheckUIDAgainstCasedUsername takes the input string, does not convert toLower, and then hashes it to recover a UID.

ClassifyStream takes a stream reader in, and returns a likely classification of that stream without consuming any data from it.

CombineErrors returns a single error for multiple errors, or nil if none.

Contains returns true if string is contained in string slice.

CTimeLog calls out with the time since start.

DebugDumpKey is used only in debugging.

Decode58 base58 decodes the input or returns an error.

DecodePacketsUnchecked decodes an array of packets from `reader`.

Run posts an array of delegations to the server.

Derive a key from another.

Derive a symmetric key.

Digest returns a SHA256 digest.

DigestForFileAtPath returns a SHA256 digest for file at specified path.

DiscardAndCloseBody reads as much as possible from the body of the given response, and then closes it.

Encode58 base58 encodes the input.

exists returns whether the given file or directory exists or not.

NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a single identity composed of the given full name, comment and email, any of which may be empty but must not contain any of "()<>\x00".

GetBundledCAsFromHost returns in root CA in []byte for given host, or nil if no matching CA is found for host.

GetTlfPseudonyms fetches info for a list of pseudonyms.

IsDirEmpty returns whether directory has any files.

IsIn checks for needle in haystack, ci means case-insensitive.

IsKeybaseAdmin returns true if uid is a keybase admin.

IsNoSpaceOnDeviceError will return true if err is an `os` error for "no space left on device".

IsSocialAssertion returns true for strings that are valid social assertions.

net.errClosing isn't exported, so do this.

IsSystemAdminUser returns true if current user is root or admin (system user, not Keybase user).

JoinPredicate joins strings with predicate.

KeybaseServiceInfo is runtime info for the Keybase service.

Any valid key matches the empty string.

arg.Me user is used to get the last known seqno in ProofMetadata.

LoadUserEmails returns emails for logged in user.

LoadUserPlusKeys loads user and keys for the given UID.

LogTagsFromContext is a wrapper around logger.LogTagsFromContext that simply casts the result to the type expected by rpc.Connection.

MakeNaclDHKeyPairFromSecret makes a DH key pair given a secret.

MakeNaclSigningKeyPairFromSecret makes a signing key pair given a secret.

MakePaperKeyPhrase creates a new, random paper key phrase for the given version.

MakePseudonym makes a TLF pseudonym from the given input.

MakeURI makes a URI string out of the given protocol and host strings, adding necessary punctuation in between.

MobilePermissionDeniedCheck panics if err is a permission denied error and if app is a mobile app.

Decode data into out, but make sure that all bytes in data are used.

NaclVerifyAndExtract interprets the given string as a NaCl-signed messaged, in the keybase NaclSigInfo (v1) format.

NameCmp removes whitespace and underscores, compares tolower.

NewAPIArg creates a standard APIArg that will result in one API request with the default timeout.

Make a new InternalApiEngine and a new ExternalApiEngine, which share the same network config (i.e., TOR and Proxy parameters).

NewAppState returns a new AppState.

NewCachedFullSelf makes a new full self cacher in the given GlobalContext.

NewCachedUPAKLoader constructs a new CachedUPAKLoader.

NewConnectionManager makes a new ConnectionManager and starts its internal routing loop running.

NewFile returns a File.

NewIdentify2Cache creates a Identify2Cache and sets the object max age to maxAge.

NewInternalAPIEngine makes an API engine for internally querying the keybase API server.

NewKexRouter creates a contextified KexRouter.

NewLinkCache creates a LinkCache.

NewLKSForEncrypt gets a verified passphrase stream, and returns an LKS that works for encryption.

Upon signup, a login session is created with a generated salt.

NewLoginState creates a LoginState and starts the request handler goroutine.

NewLoopbackConnPair makes a new loopback connection pair.

NewLoopbackListener creates a new Loopback listener.

NewNormalizedUsername makes a normalized username out of a non-normalized plain string username.

NewNotifyRouter makes a new notification router; we should only make one of these per process.

NewPaperDevice creates a new paper backup key device.

NewPaperKeyPhrase converts a string into a PaperKeyPhrase.

NewPassphraseStreamLKSecOnly creates a PassphraseStream only with the lks bytes (stream[lksIndex:]).

NewPerUserKeyring makes a new per-user-key keyring for a given UID.

NewRemoteProofLinks creates a new empty collection of proof links.

NewReportingTimerReal returns an initialized reporting timer that actually reports timing information.

NewRetryAPIArg creates an APIArg that will cause the http client to use a much smaller request timeout, but retry the request several times, backing off on the timeout each time.

NewSecretStore returns a SecretStore interface that is only used for a short period of time (i.e.

NewServiceInfo generates service info for other services (like KBFS).

NewSessionThin creates a minimal (thin) session of just the uid and username.

NewSpecialKeyRing allocates a new SpecialKeyRing with the given vector of KIDs.

NewStreamPeeker makes a new Reader from the given Reader, but also allows you to Peek at the first N bytes.

NewTimerSet looks into the given context for configuration information about how to set up timers.

NewUncachedUPAKLoader creates a UPAK loader that doesn't do any caching.

NewUserCardCache creates a UserCardCache.

NormalizeSocialAssertion creates a SocialAssertion from its input and normalizes it.

NowAsKeybaseTime makes a representation of now.

OpenSig takes an armored PGP or Keybase signature and opens the armor.

OpenTempFile creates an opened termporary file.

Parse a string into one or more assertions.

Parse an assertion list like "alice,bob&&bob@twitter#char" OR nodes are not allowed (asides from the commas).

Parse a name like "mlsteele,malgorithms@twitter#bot (conflicted 2017-03-04 #2)".

Parse a name like "/keybase/private/mlsteele,malgorithms@twitter#bot (conflicted 2017-03-04 #2)".

ParseKeyFamily takes as input a dictionary from a JSON file and returns a parsed version for manipulation in the program.

ParsePGPUpdateChainLink creates a PGPUpdateChainLink from a GenericChainLink and verifies that its pgp_update section contains a KID and full_hash.

Parse a name like "/keybase/team/happy.toucans".

To be used for signatures in a user's signature chain.

PerUserKeyProof creates a proof introducing a new per-user-key generation.

Make a per-user key proof with a reverse sig.

Pluralize returns pluralized string with value.

RandString returns random (base32) string with prefix.

note: openpgp.ReadArmoredKeyRing only returns the first block.

note: openpgp.ReadArmoredKeyRing only returns the first block.

ReadPrivateKeyFromString finds the first private key block in s and decodes it into a PGPKeyBundle.

RemoveNilErrors returns error slice with ni errors removed.

SaferDLLLoading dummy for platforms not needing this.

SafeWriteToFile is a pass-through to safeWriteToFileOnce on non-Windows.

SaltpackEncrypt reads from the given source, encrypts it for the given receivers from the given sender, and writes it to sink.

SecWordList returns an array of words from secwords.

The depth argument is now ignored.

SigExtractPayloadAndKID extracts the payload and KID of the key that was supposedly used to sign this message.

SimpleSignJson marshals the given Json structure and then signs it.

SimpleSign signs the given data stream, outputs an armored string which is the attached signature of the input data.

Sleep until `deadline` or until `ctx` is canceled, whichever occurs first.

SplitByRunes splits string by runes.

SplitPath return string split by path separator: SplitPath("/a/b/c") => []string{"a", "b", "c"}.

StringToFeatureFlags returns a set of feature flags.

StringToRunMode turns a string into a run-mode.

TclToKeybaseTime turns a TypedChainLink into a KeybaseTime tuple, looking inside the chainlink for the Unix wallclock and the global MerkleChain seqno.

TempFile returns a random path name in os.TempDir().

TempFileName returns a temporary random filename.

TimeLog calls out with the time since start.

The standard time.Unix() converter interprets 0 as the Unix epoch (1970).

UsernameToUID works for users created after "Fri Feb 6 19:33:08 EST 2015", with some exceptions, since we didn't ToLower() for all UIDs.

UsernameToUID works for users created after "Fri Feb 6 19:33:08 EST 2015".

VerifyReverseSig checks reverse signature using the key provided.

VersionString returns semantic version string.

WaitForServiceInfoFile tries to wait for a service info file, which should be written on successful service startup.

1 year.

How long we'll go without rerequesting hints/merkle seqno.

0x0.

0x5.

0x169a.

0x1cb8.

0x1cbd.

CryptoMessageFormatKeybaseV0 is for the zeroth version of Keybase signatures, which will eventually be deprecated.

CryptoMessageFormatPGP is for PGP.

CryptoMessageFormatSaltpack is the Saltpack messaging format for encrypted and signed messages.

CryptoMessageTypeAmbiguous is for an ambiguous message based on the stream prefix.

CryptoMessageTypeAttachedSignature is for an attached signature.

CryptoMessageTypeClearSignature is for PGP clearsigning.

CryptoMessageTypeDetachedSignature is for a detached signature.

CryptoMessageTypeEncryption is for an encrypted message.

CryptoMessageTypeSignature is for a sig that can be either attached or detached.

NOTE: This file needs to stay consistent with config/id.iced on the website, and that one has IDs on the lower end of the range that aren't represented here.

Context used for chaining generations of PerUserKeys.

The current device encryption key.

The current device signing key.

these strings need to match the keys in keybase/lib_public/public_constants.iced -> public_constants.device.type.

these strings need to match the keys in keybase/lib_public/public_constants.iced -> public_constants.device.type.

these strings need to match the keys in keybase/lib_public/public_constants.iced -> public_constants.device.type.

OpenPGP hash IDs, taken from http://tools.ietf.org/html/rfc4880#section-9.4.

OpenPGP hash IDs, taken from http://tools.ietf.org/html/rfc4880#section-9.4.

OpenPGP hash IDs, taken from http://tools.ietf.org/html/rfc4880#section-9.4.

OpenPGP hash IDs, taken from http://tools.ietf.org/html/rfc4880#section-9.4.

OpenPGP hash IDs, taken from http://tools.ietf.org/html/rfc4880#section-9.4.

OpenPGP hash IDs, taken from http://tools.ietf.org/html/rfc4880#section-9.4.

OpenPGP hash IDs, taken from http://tools.ietf.org/html/rfc4880#section-9.4.

The following constants apply to APIArg parameters for critical idempotent API calls.

The following constants apply to APIArg parameters for critical idempotent API calls.

The following constants apply to APIArg parameters for critical idempotent API calls.

kex doc specifies 65 bits of entropy.

Uses SHA-256.

Packet tags for OpenPGP and also Keybase packets.

16 years.

By default, only 64 files can be opened.

team links.

16 years.

TODO: Ideally, box would expose how many random bytes it needs.

Todo: Ideally, box would specify nonce size.

16 years.

16 years.

TODO: Ideally, ed25519 would expose how many random bytes it needs.

= 64.

= 32.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

PaperKeyWordCountMin of 13 is based on the current state: entropy: 143 (PaperKeySecretEntropy [117] + PaperKeyIDBits [22] + PaperKeyVersionBits [4]) len(secwords): 2048.

this should never change to a value greater than 13.

A PGP key (including the synced PGP key, if there is one).

An older merkle root than this is too old to use.

How old the merkle root must be to ask for a refresh.

key_revocation_types.

key_revocation_types.

key_revocation_types.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

Status codes.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

Team link types If you add a new one be sure to get all of these too: - A corresponding libkb.LinkType in constants.go - SigchainV2TypeFromV1TypeTeams - SigChainV2Type.IsSupportedTeamType - SigChainV2Type.RequiresAdminPermission - SigChainV2Type.TeamAllowStub - TeamSigChainPlayer.addInnerLink (add a case).

These values must match constants.iced in the proofs library.

Note that 45 is skipped, since it's retired; used to be LegacyTLFUpgrade.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

These values must match constants.iced in the proofs library.

16 years.

Chat prefixes for each MessageBoxedVersion.

StartLogFileName is where services can log to (on startup) before they handle their own logging.

16 years.

Packet tags for OpenPGP and also Keybase packets.

Packet tags for OpenPGP and also Keybase packets.

Packet tags for OpenPGP and also Keybase packets.

UID of t_alice.

TimerAPI enables API timers.

TimerNone means Timers Disabled.

TimerRPC enables RPC timers.

TimerXAPI enables External API timers.

max number of user summaries in one request.

Version is the current version (should be MAJOR.MINOR.PATCH).

BackoffDefault is a backoff policy ranging up to 5 seconds.

ErrCannotPeek is returned if you try to Peek, then Read, then Peek from a stream, which isn't allowed.

FirstPRodMerkleSeqnoWithSkips is the first merkle root on production that has skip pointers indicating log(n) previous merkle roots.

PrereleaseBuild can be set at compile time for prerelease builds.

Right now reddit is the only site that seems to have any requirements for our User-Agent string.

AppState tracks the state of foreground/background status of the app in which the service is running in.

BackoffPolicy implements a backoff policy, randomizing its delays and saturating at the final value in Millis.

Shared code across Internal and External APIs.

BufferCloser is a Buffer that satisfies the io.Closer interface.

CachedFullSelf caches a full-on *User for the "me" or "self" user.

CachedUPAKLoader is a UPAKLoader implementation that can cache results both in memory and on disk.

CheckerWrapper wraps a Checker type to make it conform to the PassphraseChecker interface.

ComputedKeyFamily is a joining of two sets of data; the KeyFamily is what the server returned and is not to be trusted; the ComputedKeyInfos is what we compute as a result of playing the user's sigchain forward.

refers to exactly one ServerKeyInfo.

When we play a sigchain forward, it yields ComputedKeyInfos (CKIs).

ConnectionManager manages all connections active for a given service.

Contextified objects have explicit references to the GlobalContext, so that G can be swapped out for something else.

Struct for the DelegationsList.

File defines a default SafeWriter implementation.

GPGKey is a shell around gpg cli commands that implements the GenericKey interface.

Identify2Cache stores User objects in memory for a fixed amount of time.

InvalidRepoNameError indicates that a repo name is invalid.

InviteArg contains optional invitation arguments.

KexRouter implements the kex2.MessageRouter interface.

We have two notions of time we can use -- standard UTC which might be screwy (skewy) based upon local clock problems; or MerkleRoot seqno, which is totally ordered and all clients and server ought to agree on it.

Once the client downloads a RawKeyFamily, it converts it into a KeyFamily, which has some additional information about Fingerprints and PGP keys.

LinkCache is a cache of ChainLinks.

A guard used to tell background tasks to stay off the sigchain while the user is changing their sigchain on purpose.

LoginState controls the state of the current user's login session and associated variables.

Logs is the struct to specify the path of log files.

LogSendContext for LogSend.

LoopbackAddr is an address class that implement the net.Addr interface for loopback devices.

LoopbackConn implments the net.Conn interface but is used to loopback from a process to itself.

LoopbackListener is a listener that creates new loopback connections.

NeedOtherRekeyError indicates that the folder in question needs to be rekeyed for the local device, and can only done so by one of the other users.

NeedSelfRekeyError indicates that the folder in question needs to be rekeyed for the local device, and can be done so by one of the other user's devices.

NodeHashAny incorporates either a short (256-bit) or a long (512-bit) hash.

NoOpError is returned when an RPC call is issued but it would result in no change, so the call is dropped.

NopWriteCloser is like an ioutil.NopCloser, but for an io.Writer.

NotifyRouter routes notifications to the various active RPC connections.

OuterLinkV2 is the second version of Keybase sigchain signatures.

PaperChecker implements PassphraseChecker for paper keys.

PDPKALoginPackage contains all relevant PDPKA versions in use at this time.

PerUserKeyring holds on to all versions of the per user key.

PGPKeySet represents a collection of versions of a PGP key.

PGPUpdateChainLink represents a chain link which marks a new version of a PGP key as current.

ProofLinkWithState contains a RemoteProofChainLink and the proof state.

PseudonymGetError is sometimes written by unmarshaling (no fields of) a server response.

As returned by user/lookup.json.

RemoteProofLinks holds a set of RemoteProofChainLinks, organized by service.

RepoAlreadyCreatedError is returned when trying to create a repo that already exists.

RepoDoesntExistError is returned when trying to delete a repo that doesn't exist.

ReportingTimerDummy fulfills the ReportingTimer interface but doesn't do anything when done.

ReportingTimerReal is a SimpleTimer that reports after the timing measurement is done.

users with PGP keys who try to revoke last device get this:.

SecretStoreLocked protects a SecretStoreAll with a mutex.

Can be used to either parse a proof `service` JSON block, or a `remote_key_proof` JSON block in a tracking statement.

ServiceInfo describes runtime info for a service.

SimpleTimer keeps track of how long something is taking, like a network API call.

SpecialKeyRing holds blessed keys, like the one Keybase uses to sign its Merkle Root.

StreamClassification tells what Format the stream is, if it's a Public signature or a Private Message, if it's a detached or attached signature in the public case, and if it's armored or binary.

StreamPeeker is a reader that takes another reader and allow you to peek at the beginning of the stream without consuming it.

TestConfig tracks libkb config during a test.

TestOutput is a mock interface for capturing and testing output.

Used by tests that want to mock out the secret store.

TimerSet is the set of currently active timers.

TlfPseudonymInfo is what a pseudonym represents.

The server returns the current full name of the TLF, in addition to the TlfPseudonymInfo above.

========================================================================= TrackChainLink .

UserCardCache caches keybase1.UserCard objects in memory.

VDebugLog is a "Verbose" debug logger; enable it if you really want spam and/or minutiae.

APIContext defines methods for accessing API server.

LoginContext is passed to all loginHandler functions.

NotifyListener provides hooks for listening for when notifications are called.

PassphraseChecker is an interface for checking the format of a passphrase.

ProofContext defines features needed by the proof system.

========================================================================= Remote, Web and Social .

ReportingTimer is an interface shared between ReportingTimerReal and ReportingTimerDummy, to allow for convenient disabling of timer features.

Internal and External APIs both implement these methods, allowing us to share the request-making code below in doRequest.

SaltpackVerifyContext is context for engine calls.

ServiceType is an interface for describing an external proof service, like 'Twitter' or 'GitHub', etc.

NewSocket() (Socket, err) is defined in the various platform-specific socket_*.go files.

TestingTB is a copy of the exported parts of testing.TB.

Can be a ProofLinkWithState, one of the identities listed in a tracking statement, or a PGP Fingerprint!.

UPAK Loader is a loader for UserPlusKeysV2AllIncarnations.

UserChangedHandler is a generic interface for handling user changed events.

When run produces a map which goes into the 'key/multi' 'sigs' list.

ApplyFn can be applied to every connection.

ConnectionID is a sequential integer assigned to each RPC connection that this process serves.

CryptoMessageFormat is one of the known crypto message formats that we admit.

CryptoMessageType says what type of crypto message it is, regardless of Format.

NormalizedUsername is a username that has been normalized (toLowered) and therefore will compare correctly against other normalized usernames.

PaperKeyPhrase is the string that can generate a paper key.

PassphraseGeneration represents which generation of the passphrase is currently in use.

PDPKA is a "Passphrase-Derived Public Key Authentication".

A secretbox containg a seed encrypted for its successor generation.

Pvl kit hash, pegged to merkle tree.

String containing a pvl kit.

String containing a pvl chunk.

TimerSelector allows us to select which timers we want on.

TLFPseudonym is an identifier for a key in a tlf.