Login without creating a device key

[Wolf480pl]

Is it possible to keybase login without creating a device key? I liked the way keybase worked before device keys were introduced, and I don't want to use device keys. Is there a hidden commandline option like --no-device-keys, and if not, could you add one?

[RyanSinger]

Disagree; device keys greatly increase the security of keybase. Private keys shouldn't travel between devices more than absolutely necessary. Better would be to completely deprecate the PGP key and have keybase only have device keys.

[Wolf480pl]

@RyanSinger that would be a good argument if we were talking about introducing a new infrastructure in case where no infrastructure is in place.

However, I've already had my PGP keys on these devices for over a year, since before I used keybase. I started using keybase as a way to connect my PGP key to my online identities. This can be done without keybase, but keybase provides a standardised and streamlined method for verifying such proofs. The only functionalities of the keybase client I have used were keybase id, keybase track, and keybase push (for updating the pubkey w/o re-proving everything). Being unable to use keybase track (and probably keybase push) without a device key breaks my workflow. I'm hesitant to start using device keys, because I don't fully understand them yet, and I don't think they'd be useful for me for purposes other than being able to use the keybase client.

[RyanSinger]

They are perfectly fine for the goal of being able to use the keybase client. Your workflow will work fine, and the device key will simply securely identify your client to the keybase service for pushing new pgp keys. Nbd for your usecase.