Max here, author of FOKS. I find it interesting how much glue is required to perform basic cryptographic operations, even in 2025. Imagine a very simple idea like encrypting a secret with a YubiKey. If it's an important secret, that you really don't want to lose, then now you need a second YubiKey as a backup, in case the primary is lost or breaks. But now how do you encrypt and how do you rotate the primary out if needed? To the best of my understanding, there aren't great solutions short of a system like FOKS. If not FOKS, I really believe a system like it ought to exist, and it ought to be entirely open, so that arbitrary applications can be built on top of it without paying rent.
For all of GnuPG's faults, the usage you've described is exactly why I still use it. I have my master PGP key copied to several offline Yubikeys (one of which is stored offsite), and two day-to-day Yubikeys (one of which is always with me on my physical keychain) containing my current signing and encryption subkeys. The signing subkey is also used for SSH authentication. The second slot on the day-to-day Yubikeys is used for WebAuthn/Passkeys. The master key is brought out of storage only if I need to rotate or revoke a day-to-day subkey, or attest someone else's key for web-of-trust purposes.
I sign all of my Git commits, as well as Debian packages. I occasionally sign and encrypt email. My most important encryption use case is file backups, which are encrypted to my public key and copied offsite.
I'm excited about FOKS if it can serve as a modern alternative to the above, with fewer footguns that GnuPG.
Max! I'm so happy that you're doing this! I was a huge fan of Keybase, and have spent the last few years praying (and sometimes brainstorming funding) a decentralized, open source version of it. Looking forward to digging into the details of FOKS, but just wanted to say thank you and the Keybase team for all you've done -- including keeping Keybase going after the Zoom purchase.
I would like to second this! I'm still using Keybase for e2ee git, and have been on the lookout for alternatives because Keybase isn't developed (AFAICT) and may just disappear when the people keeping it up lose interest.
Thanks Danny! The Keybase team (not including me) deserves all the credit, I've been gone for over six months. It's a great team and I miss working with them.
If you haven't seen KERI they're worth a read, I found out about them at an Internet Identity Workshop. It has all those quality of life features for public keys - revocation, rotation, recovery. "Key Event Receipt Infrastructure". Relies on "witnesses" which I don't know if I love it but their presentation impressed me.
This is actually so needed. I've heard the phrase "minting your own tokens?!" used as an argument for (N)oAuth. The current state of affairs is honestly just sad.
Thanks!
Sorry for being lazy, but I was wondering how you share something using the E2E-encrypted KV store (it wasn't obvious in the website)? In kbfs, I remember it was as easy as putting it in a comma separated usernames path.
It's not as seamless. You need to first make a team, then invite (or add) that user into the team, and then use `foks kv put --team <your-team>`. One key difference is that in Keybase, all user's profiles were essentially world-readable. FOKS aims for more privacy by default, so in order to add Bob to your team, Bob has to first allow you view his sigchain, so you can learn his public keys.
The add vs invite distinction referred to above is because servers can choose different visibility policies. You can set up a server at foks.yourdomain.cc, and set it to "open-viewership", which means that any user can see any other user by default. If you and Bob are both on that host, you can add him to your team without his permission. But other hosts, like foks.app, do not work this way, and Bob has to authorize you to view him.
FOKS is a cool project; what kind of projects do you foresee getting spun off from this?
I'm actually working on a crytpography based project inspired by Keybase's use of Merkle Trees and identity proofing but with an added dash of privacy through pseudonyms and chain hashing. Thanks for putting time into this.
Thanks! Would love to see a file sync app, an MLS-based chat (where the encryption key is essentially a combination of the keys output from MLS and the PTK from FOKS). Password managers. I think there's the potential for something like a Hashicorp-Vault-style server-side secret key material manager, but many details left to reader. Maybe a Skiff-style Google-docs clone? I think there are lot of potential directions to go in.
IMO Vault is really nice, but something as simple as possible is better for managing secrets, especially when the storage layer has permission and sane encryption handled for you.
I will not be entering the workplace and suggesting that we use a product whose name is very easily mistaken for "the F word". It is an immediate non-starter.
(I'm sure it's a great project, and you probably meant for people to pronounce the name as "folks" rather than... y'know, the other way. I'm telling you this in a spirit of kindness so your project can be more successful and see increased adoption)
I used to use Keybase Git repos for file-based secrets management for my toy DevOps project. Either FOKS Git repos or native support in SOPS would be pretty damn cool!
It looks cool, and I agree with the creators that something like this ought to exist and optimally free from monetization incentives.
From a user standpoint it does seem like quite the undertaking to introduce it though. Most of the needs I'm looking for from such a system are currently already filled quite well by SOPS[0], where I would say I get 80% of the features (I care about) for 10% of the complexity.
To better wrap my head around how FOKS facilitates team collaboration, I'd like to see two comparisons:
1) compare to a team-shared Linux machine with SSH daemon. Each team member has a user account, and they can manage their SSH authorized keys, including keys stored on Yubikey. The team can share files and git repositories on the Linux machine's own storage. Some differences I see with this approach are the federated aspect and "append-only data structures that allow clients to catch dishonest server behavior".
2) compare to Radicle, a decentralized git service. Identities are keypairs.
With FOKS, how coupled is storage of git and secrets to the FOKS server?
I'm not familiar with Radicle, but I'll check it out. For (1), consider the case of that server being hosted on AWS. Even though only members are authorized to SSH into it, the plaintext is still known to the cloud hardware, and can be exfiltrated that way. In FOKS, the server sees encrypted data only, so that attack is greatly mitigated. I would say that if the SSH server was hosted on one of the workstations of one of the team members, then the security advantages of FOKS would be much less.
The KV-Store and Git server are implemented as "applications" on top of the FOKS infrastructure, so they aren't coupled. They see a sequence of Per-Team-Keys (PTKs); they use the older ones for decryption and the newest for encryption. I'd really love to see all sorts of other applications built on top of FOKS but we might need to do some work as to nailing the right plugin architecture.
Max, can users be limited to delete/push/force push certain branches? Is a server repo incremental backup-friendly? Is is as efficient in storage space and data transfer as regular git? Can we incrementally sync dbs like Sqlite?
Seems this is the best E2EE storage. No choosing creator's cloud vs finicky self hosting, nor worry about flaky sync solutions for my password manager, note app, photo storage etc. A 2$ vps would be overkill.
- limiting users to delete/push/force; this is possible but I don't see how to cryptographically guarantee it. The server can't really help since it doesn't know what's a pack, index data block or ref. The clients can enforce this policy, but then it would be possible to make an evil client that skirts the policy. How much protection do you think you need?
- the server repo right now is implemented 100% as a postgresql DB, so yes, I think that means it's incremental backup-friendly? [1]
- e2ee git has trouble being as efficient as regular git since the server can't tell you which blocks it has; however, there are pretty good optimizations made using indices and packfiles, the white paper has more details, and I hope to write a blog on it soon.
- I'm not sure about the sqlite question. Is there a good way to backup sqlite incrementally over standard git? If not, then maybe the KV-store is better fit for this application.
I agree that git over E2EE is the best storage, even for things like PDFs and photos. Yeah, FOKS should be hostable with a very thin VPS. The storage needs will scale (n log n) as the number of users due to the Merkle Tree, but for small n, this is likely fine!
No incremental fetch right now other than what postgresql provides by default. If you're hosting a FOKS server, there is important metadata to backup too.
The best docs for the KV store are in the white paper, Section 5.1. White paper is linked to from foks.pub
Postgres seemed to check all the boxes for me. I wanted to keep things very simple at first in terms of setup and ongoing management, so didn't introduce other storage backends for other parts of the system.
I am working on an open source project where users provide signatures of their projects artifacts (this is oversimplified for the sake of the discussion).
Started using Minisign as the signature scheme. But we're struggling to find a clean solution for users keys renewal, revocation and updated public key distribution. I thought foks might help for that but the examples don't seem to confirm this. Basically the question I need to answer is :how can users trusting an existing signing key also trust the new key replacing it? I hoped we might outsource this to foks, but I think I misunderstood foks in the first place.
Thanks for the pointers.
Are first glance, SSI seem to be mainly Blockchain based, which we diverted from to be able to have easy on premise deployments.
Verifiable credentials look interesting, but need to check usability. We want our solution to be very easy to use.
This would be a great application for us! We are not exactly there yet, for reasons of privacy. Right now, there is no way for alice@host to allow unauthenticated users to view her profile. But we can definitely allow this on a host-by-host basis. With this small change, I think your application fits very naturally.
I wonder, what sort of interface is right for you? A library to compile against or a CLI app to shell out to? If a library, which languages?
Interesting!
We're at a very early stage of the implementation and develop in rust. We aim to provide multi-sig capabilities, as defined in a JSON file where the public keys of the signers can be found. If a signer looses a key, we want this 'signers' file to be updatable with the new key. We decided that signers can be humans of processes, so the keys are not an identity of a person, which might be an important detail. Currently, to update a signers file, other members of the multi-sig must sign the update. This works fine, but we are early enough in the project implementation to explore other approaches, hence my question.
We'd rather not shell out to a cli, and would preferably go with a lib or rest interface.
An attack that might be of concern with this configuration is the server suppressing updates to this JSON file, or showing different versions of the JSON file to different clients. What you're describing is pretty close to what FOKS is getting at with signature chains and Merkle Trees, but maybe it's overkill for this particular application.
I wonder if the policy you describe could be implemented as world-visible team with world-visible users. Others have commented on the need for something like this, so I think it should be pursued with high priority. What's slighlty fuzzy to me is how these totally world-viewable teams and users would interact with more closed-down users on other servers.
Although I didn't consider this attack possibility (thanks for raising it!), I think we are reasonably immune to it or able to detect it with the way we manipulate and store the JSON (though completely avoiding it seems not attainable, at one point the client has to trust the response it gets from a server, am I right? Otherwise I'm very interested in pointers to learn more!)
World visible teams and users might be a way to define our multi-sigs members. But we would still need a JSON file for others characteristics of the multi-sig. I'll keep an eye on foks as if it becomes a good fit, it might let us concentrate on our service and not on key management intricacies. My email is on my HN profile, in case you want to notify me of advancement fitting our use case.
How does the "federation" work? I assume the actual team data is stored on a single foks server, the one the term is on, so I guess from there you basically have some lightweight SSO for team members using their server?
Correct! Remote members of the team get access to shared team keys, and the team's data, even though they don't have accounts on that server. Knowledge of the team key suffices to allow a remote user to authenticate and transfer (encrypted) data to and from the server.
There is very little server-to-server communication, which simplifies the design and software upgrades.
Easy multi-accounting is something that I hope we already have (`foks key switch` is pretty smooth). It's a feature I use a lot (I have a personal account on @foks.app and our company account is on @ne43.foks.cloud).
This is a great point and I thought a lot about this. This is the sort of thing that can be changed later if it's really a good idea, but I got to thinking that having non-local admins would mean more server-to-server communication and more server-to-server trust, and I was trying to avoid that.
Imagine alice@foo is an admin of bluejays@bar. One thing alice@foo will need to do is to make signed changes to bluejays@bar, when adding or removing members, let's say. Right now, the server at bar will check the validity of these signatures, that they were made with the alice@foo's latest key. So in other words, there would have to be some way for bar to authenticate to foo to allow bar to read alice's sigchain and to determine her latest key.
I was thinking that keeping foo and bar separated was a good idea both in terms of privilege separation and keeping the network simpler (which would in turn be good for uptime and would simplify software upgrades).
This looks interesting, but I'm having a lot of trouble understanding the section "A Simple Key Hierarchy".
> Everything starts with base-level keys, like user device keys, backup keys, or YubiKeys. Device keys are generated on user devices and never leave the machine they are generated on.
These base-level keys are private keys, no? The previous paragraph introduces symmetric keys, and doesn't discuss private/public keypairs.
> Every user of the system has a sequence of per-user-keys (PUKs) at the next level up the hierarchy. The secrets seeds for these keys are encrypted for all available base-level keys.
Is the idea that, if user Joe is a member of group Sales (I know, I know, how boring this example is), and Sales is a member of group Employees, if Joe wants to write something that all Employees can read, he first decrypts a symmetric key for Sales using one of his personal base-level private keys, uses that to decrypt a symmetric key for Employees, and then stores his data encrypted data with that Employees symmetric key?
> In FOKS, there are two types of parties: users and teams. In both cases, there is a rotating list of constituents (be they devices or team members), and as these constituents change, so to does the corresponding active PUK or PTK.
Does "rotating" here mean simply "potentially changing [over time]"?
Also, do I understand correctly that "rotate keys" means "choose a new key, decrypt everything that was encrypted with the original key, and then reencrypt it all with the new key"? If so, then since servers do not have access to keys (needed for decryption), I think this means that, whenever someone leaves a group or a device is lost, some client must download all data available to that group, decrypt, reencrypt and reupload it -- is that right? This suggests it would be expensive to have frequently-changing groups with access to a lot of data. (I'm certainly not suggesting I know a better way -- just checking my understanding.)
And in reality, someone making a personal project used a tool at their disposal to add pretty pictures to their website, said website not being a part of the project in any way.
If they vibe coded the app, sure, be skeptical. But there's no indication they did, just that they wanted images for their website, and they're a software engineer and not a graphics designer.
I put about as much weight in the origin of those graphics as which website editor they use. If they were advertising themselves as a web designer, sure, maybe that's relevant. That's not what they're doing here though.
Why is that different from disliking their font preference? It's an aesthetic choice, made by someone who's not advertising their web design expertise, that's purely subjective.
If this site were their product, maybe that'd matter. But why does that matter in this context?
It shows the author is willing to publish content that looks right at first glance but falls apart upon closer inspection, lacking rigor and consistency. That same description could also apply to your average amateur cryptosystem, which tends to be insecure as a result. If the author has low standards for images, might he also have low standards for his own code?
In this case, probably not! The text on the website and the author’s comments here and his background all suggest that he writes high-quality cryptosystems. But the AI art by itself is still evidence pointing to lower quality.
Because it shows a lack of respect for and understanding of the work graphic artists actually do. Now if that's your brand, great. You are communicating it effectively. If it's not your brand, it's probably worth considering the subtext in your presentation.
> it shows a lack of respect for and understanding of the work graphic artists actually do
No more than wearing off-the-rack clothes shows a lack of respect for and understanding of the work tailors actually do.
No more than wearing factory-woven cloth shows a lack of respect for and understanding of the work weavers actually do.
No more than heating a can of soup shows a lack of respect for and understanding of the work chefs de cuisine actually do.
In my cases as well as yours, one certainly can choose to spend extra for the luxury of the best to meet the want, but it is also fine to spend less and meet the need. In my cases as well as yours, judging someone for the value he assigns to a luxury is gauche.
> Because it shows a lack of respect for and understanding of the work graphic artists actually do.
If I cannot afford a graphic designer, then my choices are:
- AI slop
- MS Paint graphics (or really poorly made stuff in Inkscape)
- stealing someone else's icons and graphics off of Google Images (or trying to find stuff with an open license)
- not including graphics
Obviously the first one is the easiest when you want something, but also quite controversial.
It shows a lack of attention to detail when the illustration for "Merkle Trees" is not a forest (it has cycles). And "A Simple Key Hierarchy" could use an illustration of a real example instead of nonsense.
If someone used comic sans for their cryptographic software landing page, and someone else said: "this font makes me wonder if I can have any faith in this human being's aesthetic sense", I am willing to bet a nickel that you wouldn't be employing any of the same arguments that you're now employing to defend their choice of LLM images so devotedly.
Many people find using LLM images tacky and garish. It screams low-effort slop, to a significant number of people. When it's so easy to find great usable images on wikipedia, for example, it's hard to know why a sophisticated technical person would take the risk involved in this choice.
I'd a quick look there at the images on the wp page for chains, and the one for knots - some really excellent images. One doesn't need a PhD in web design to pull it off, either.
Yes, they’re so tertiary that there was no reason to include them on the website. They’re ugly and mismatched, don’t consistently add value to the content, and make a negative first impression (for these reasons and for people who have valid aversions to AI slop). (By the way, all or almost all of the images are generated, not just the two you listed.) Useless images are far from a new problem (gotta love those Medium-article-style heros that can take multiple MB when people forget to optimize them) but AI further lowers the quality bar.
I think this complaint is likely against HN guidelines against these kinds of complaints about the site layout or how the page is designed. Will be flagging this complaint every time in the future because I consider it against guidelines.
That which can be asserted without evidence can be dismissed without consideration, per Hitchens’s Razor. I don’t think research exists about a relation between AI generated images and quality of the project using them, so your complaint seems like motivated reasoning because you believe that generated images are a sign of poor quality or judgement in an area that would reflect on other aspects of the project. The fact that our perceptions are colored in this way is not accurate, and is gamed by marketers. Criticism of the promotional aspects of a project like this which isn’t commercial or customer facing is not very convincing on your part and deserves being called out.
Max here, author of FOKS. I find it interesting how much glue is required to perform basic cryptographic operations, even in 2025. Imagine a very simple idea like encrypting a secret with a YubiKey. If it's an important secret, that you really don't want to lose, then now you need a second YubiKey as a backup, in case the primary is lost or breaks. But now how do you encrypt and how do you rotate the primary out if needed? To the best of my understanding, there aren't great solutions short of a system like FOKS. If not FOKS, I really believe a system like it ought to exist, and it ought to be entirely open, so that arbitrary applications can be built on top of it without paying rent.
For all of GnuPG's faults, the usage you've described is exactly why I still use it. I have my master PGP key copied to several offline Yubikeys (one of which is stored offsite), and two day-to-day Yubikeys (one of which is always with me on my physical keychain) containing my current signing and encryption subkeys. The signing subkey is also used for SSH authentication. The second slot on the day-to-day Yubikeys is used for WebAuthn/Passkeys. The master key is brought out of storage only if I need to rotate or revoke a day-to-day subkey, or attest someone else's key for web-of-trust purposes.
I sign all of my Git commits, as well as Debian packages. I occasionally sign and encrypt email. My most important encryption use case is file backups, which are encrypted to my public key and copied offsite.
I'm excited about FOKS if it can serve as a modern alternative to the above, with fewer footguns that GnuPG.
Max! I'm so happy that you're doing this! I was a huge fan of Keybase, and have spent the last few years praying (and sometimes brainstorming funding) a decentralized, open source version of it. Looking forward to digging into the details of FOKS, but just wanted to say thank you and the Keybase team for all you've done -- including keeping Keybase going after the Zoom purchase.
I would like to second this! I'm still using Keybase for e2ee git, and have been on the lookout for alternatives because Keybase isn't developed (AFAICT) and may just disappear when the people keeping it up lose interest.
Thanks Danny! The Keybase team (not including me) deserves all the credit, I've been gone for over six months. It's a great team and I miss working with them.
If you haven't seen KERI they're worth a read, I found out about them at an Internet Identity Workshop. It has all those quality of life features for public keys - revocation, rotation, recovery. "Key Event Receipt Infrastructure". Relies on "witnesses" which I don't know if I love it but their presentation impressed me.
https://keri.one/
A good 3-part "Hitchhiker guide" introduction to Keri is available to get a quick overview. Here part two "What exactly is KERI?":
https://medium.com/finema/the-hitchhikers-guide-to-keri-part...
Max, this looks interesting and I'd like to follow the blog. Would you please add an Atom feed to the blog?
This is actually so needed. I've heard the phrase "minting your own tokens?!" used as an argument for (N)oAuth. The current state of affairs is honestly just sad.
> TL;DR: FOKS is like Keybase, but fully open-source and federated
What features from a user perspective does it currently have in common with Keybase?
F.e. I remember Keybase mostly for secure messaging using public identities (HN, Reddit etc.), and sharing data/files.
E2E-encrypted git. Keybase has KBFS, and FOKS has a poor man's equivalent, which is E2E-encrypted Key-value store.
Thanks! Sorry for being lazy, but I was wondering how you share something using the E2E-encrypted KV store (it wasn't obvious in the website)? In kbfs, I remember it was as easy as putting it in a comma separated usernames path.
It's not as seamless. You need to first make a team, then invite (or add) that user into the team, and then use `foks kv put --team <your-team>`. One key difference is that in Keybase, all user's profiles were essentially world-readable. FOKS aims for more privacy by default, so in order to add Bob to your team, Bob has to first allow you view his sigchain, so you can learn his public keys.
The add vs invite distinction referred to above is because servers can choose different visibility policies. You can set up a server at foks.yourdomain.cc, and set it to "open-viewership", which means that any user can see any other user by default. If you and Bob are both on that host, you can add him to your team without his permission. But other hosts, like foks.app, do not work this way, and Bob has to authorize you to view him.
FOKS is a cool project; what kind of projects do you foresee getting spun off from this?
I'm actually working on a crytpography based project inspired by Keybase's use of Merkle Trees and identity proofing but with an added dash of privacy through pseudonyms and chain hashing. Thanks for putting time into this.
Thanks! Would love to see a file sync app, an MLS-based chat (where the encryption key is essentially a combination of the keys output from MLS and the PTK from FOKS). Password managers. I think there's the potential for something like a Hashicorp-Vault-style server-side secret key material manager, but many details left to reader. Maybe a Skiff-style Google-docs clone? I think there are lot of potential directions to go in.
Something like pa should be easy enough to port to it as a first pass: https://github.com/biox/pa
IMO Vault is really nice, but something as simple as possible is better for managing secrets, especially when the storage layer has permission and sane encryption handled for you.
For context this is the original keybase guy coming back to make a workalike opensource version -
https://blog.foks.pub/posts/introducing/
Okay sorry nobody's said it yet. I'll say it.
You cannot call it that.
I will not be entering the workplace and suggesting that we use a product whose name is very easily mistaken for "the F word". It is an immediate non-starter.
(I'm sure it's a great project, and you probably meant for people to pronounce the name as "folks" rather than... y'know, the other way. I'm telling you this in a spirit of kindness so your project can be more successful and see increased adoption)
Zero FOKS given
It's literally that word in Afrikaans!
edit: actually, I'm not sure if "fok" is used, but "fokken" is and it's fairly obvious what it means.
Eh - my take is it's just "Fox" (as clearly indicated by the large fox in the logo).
Firefox did just fine with that name. I don't really think it's a huge problem.
Not a Firefox user I take it?
The fact that this already has git support is amazing. I can easily migrate my Keybase git repos with a single command.
I used to use Keybase Git repos for file-based secrets management for my toy DevOps project. Either FOKS Git repos or native support in SOPS would be pretty damn cool!
It looks cool, and I agree with the creators that something like this ought to exist and optimally free from monetization incentives.
From a user standpoint it does seem like quite the undertaking to introduce it though. Most of the needs I'm looking for from such a system are currently already filled quite well by SOPS[0], where I would say I get 80% of the features (I care about) for 10% of the complexity.
[0]: https://getsops.io
To better wrap my head around how FOKS facilitates team collaboration, I'd like to see two comparisons:
1) compare to a team-shared Linux machine with SSH daemon. Each team member has a user account, and they can manage their SSH authorized keys, including keys stored on Yubikey. The team can share files and git repositories on the Linux machine's own storage. Some differences I see with this approach are the federated aspect and "append-only data structures that allow clients to catch dishonest server behavior".
2) compare to Radicle, a decentralized git service. Identities are keypairs.
With FOKS, how coupled is storage of git and secrets to the FOKS server?
I'm not familiar with Radicle, but I'll check it out. For (1), consider the case of that server being hosted on AWS. Even though only members are authorized to SSH into it, the plaintext is still known to the cloud hardware, and can be exfiltrated that way. In FOKS, the server sees encrypted data only, so that attack is greatly mitigated. I would say that if the SSH server was hosted on one of the workstations of one of the team members, then the security advantages of FOKS would be much less.
The KV-Store and Git server are implemented as "applications" on top of the FOKS infrastructure, so they aren't coupled. They see a sequence of Per-Team-Keys (PTKs); they use the older ones for decryption and the newest for encryption. I'd really love to see all sorts of other applications built on top of FOKS but we might need to do some work as to nailing the right plugin architecture.
Max, can users be limited to delete/push/force push certain branches? Is a server repo incremental backup-friendly? Is is as efficient in storage space and data transfer as regular git? Can we incrementally sync dbs like Sqlite?
Seems this is the best E2EE storage. No choosing creator's cloud vs finicky self hosting, nor worry about flaky sync solutions for my password manager, note app, photo storage etc. A 2$ vps would be overkill.
Thanks for these great questions!
- limiting users to delete/push/force; this is possible but I don't see how to cryptographically guarantee it. The server can't really help since it doesn't know what's a pack, index data block or ref. The clients can enforce this policy, but then it would be possible to make an evil client that skirts the policy. How much protection do you think you need?
- the server repo right now is implemented 100% as a postgresql DB, so yes, I think that means it's incremental backup-friendly? [1]
- e2ee git has trouble being as efficient as regular git since the server can't tell you which blocks it has; however, there are pretty good optimizations made using indices and packfiles, the white paper has more details, and I hope to write a blog on it soon.
- I'm not sure about the sqlite question. Is there a good way to backup sqlite incrementally over standard git? If not, then maybe the KV-store is better fit for this application.
I agree that git over E2EE is the best storage, even for things like PDFs and photos. Yeah, FOKS should be hostable with a very thin VPS. The storage needs will scale (n log n) as the number of users due to the Merkle Tree, but for small n, this is likely fine!
[1] https://www.postgresql.org/docs/17/continuous-archiving.html...
Can we fetch incremental changes from KV-store? I want to read the KV store docs. Could you share that?
Why is server repo specifically Postgres?
Thanks for the answers!
No incremental fetch right now other than what postgresql provides by default. If you're hosting a FOKS server, there is important metadata to backup too.
The best docs for the KV store are in the white paper, Section 5.1. White paper is linked to from foks.pub
Postgres seemed to check all the boxes for me. I wanted to keep things very simple at first in terms of setup and ongoing management, so didn't introduce other storage backends for other parts of the system.
I am working on an open source project where users provide signatures of their projects artifacts (this is oversimplified for the sake of the discussion).
Started using Minisign as the signature scheme. But we're struggling to find a clean solution for users keys renewal, revocation and updated public key distribution. I thought foks might help for that but the examples don't seem to confirm this. Basically the question I need to answer is :how can users trusting an existing signing key also trust the new key replacing it? I hoped we might outsource this to foks, but I think I misunderstood foks in the first place.
Try looking into SSI (self-sovereign identity) and verifiable credentials - the use-case you are referring to.
Thanks for the pointers. Are first glance, SSI seem to be mainly Blockchain based, which we diverted from to be able to have easy on premise deployments. Verifiable credentials look interesting, but need to check usability. We want our solution to be very easy to use.
This would be a great application for us! We are not exactly there yet, for reasons of privacy. Right now, there is no way for alice@host to allow unauthenticated users to view her profile. But we can definitely allow this on a host-by-host basis. With this small change, I think your application fits very naturally.
I wonder, what sort of interface is right for you? A library to compile against or a CLI app to shell out to? If a library, which languages?
Interesting! We're at a very early stage of the implementation and develop in rust. We aim to provide multi-sig capabilities, as defined in a JSON file where the public keys of the signers can be found. If a signer looses a key, we want this 'signers' file to be updatable with the new key. We decided that signers can be humans of processes, so the keys are not an identity of a person, which might be an important detail. Currently, to update a signers file, other members of the multi-sig must sign the update. This works fine, but we are early enough in the project implementation to explore other approaches, hence my question.
We'd rather not shell out to a cli, and would preferably go with a lib or rest interface.
An attack that might be of concern with this configuration is the server suppressing updates to this JSON file, or showing different versions of the JSON file to different clients. What you're describing is pretty close to what FOKS is getting at with signature chains and Merkle Trees, but maybe it's overkill for this particular application.
I wonder if the policy you describe could be implemented as world-visible team with world-visible users. Others have commented on the need for something like this, so I think it should be pursued with high priority. What's slighlty fuzzy to me is how these totally world-viewable teams and users would interact with more closed-down users on other servers.
Although I didn't consider this attack possibility (thanks for raising it!), I think we are reasonably immune to it or able to detect it with the way we manipulate and store the JSON (though completely avoiding it seems not attainable, at one point the client has to trust the response it gets from a server, am I right? Otherwise I'm very interested in pointers to learn more!)
World visible teams and users might be a way to define our multi-sigs members. But we would still need a JSON file for others characteristics of the multi-sig. I'll keep an eye on foks as if it becomes a good fit, it might let us concentrate on our service and not on key management intricacies. My email is on my HN profile, in case you want to notify me of advancement fitting our use case.
How does the "federation" work? I assume the actual team data is stored on a single foks server, the one the term is on, so I guess from there you basically have some lightweight SSO for team members using their server?
Correct! Remote members of the team get access to shared team keys, and the team's data, even though they don't have accounts on that server. Knowledge of the team key suffices to allow a remote user to authenticate and transfer (encrypted) data to and from the server.
There is very little server-to-server communication, which simplifies the design and software upgrades.
The whitepaper says:
> all the admins and owners — those who have the ability to change the team — must be on the same home server
Maybe with easy multi-accounting it could be made less annoying, but this seems like a big limitation for a federated system.
Easy multi-accounting is something that I hope we already have (`foks key switch` is pretty smooth). It's a feature I use a lot (I have a personal account on @foks.app and our company account is on @ne43.foks.cloud).
This is a great point and I thought a lot about this. This is the sort of thing that can be changed later if it's really a good idea, but I got to thinking that having non-local admins would mean more server-to-server communication and more server-to-server trust, and I was trying to avoid that.
Imagine alice@foo is an admin of bluejays@bar. One thing alice@foo will need to do is to make signed changes to bluejays@bar, when adding or removing members, let's say. Right now, the server at bar will check the validity of these signatures, that they were made with the alice@foo's latest key. So in other words, there would have to be some way for bar to authenticate to foo to allow bar to read alice's sigchain and to determine her latest key.
I was thinking that keeping foo and bar separated was a good idea both in terms of privilege separation and keeping the network simpler (which would in turn be good for uptime and would simplify software upgrades).
This looks interesting, but I'm having a lot of trouble understanding the section "A Simple Key Hierarchy".
> Everything starts with base-level keys, like user device keys, backup keys, or YubiKeys. Device keys are generated on user devices and never leave the machine they are generated on.
These base-level keys are private keys, no? The previous paragraph introduces symmetric keys, and doesn't discuss private/public keypairs.
> Every user of the system has a sequence of per-user-keys (PUKs) at the next level up the hierarchy. The secrets seeds for these keys are encrypted for all available base-level keys.
Is the idea that, if user Joe is a member of group Sales (I know, I know, how boring this example is), and Sales is a member of group Employees, if Joe wants to write something that all Employees can read, he first decrypts a symmetric key for Sales using one of his personal base-level private keys, uses that to decrypt a symmetric key for Employees, and then stores his data encrypted data with that Employees symmetric key?
> In FOKS, there are two types of parties: users and teams. In both cases, there is a rotating list of constituents (be they devices or team members), and as these constituents change, so to does the corresponding active PUK or PTK.
Does "rotating" here mean simply "potentially changing [over time]"?
Also, do I understand correctly that "rotate keys" means "choose a new key, decrypt everything that was encrypted with the original key, and then reencrypt it all with the new key"? If so, then since servers do not have access to keys (needed for decryption), I think this means that, whenever someone leaves a group or a device is lost, some client must download all data available to that group, decrypt, reencrypt and reupload it -- is that right? This suggests it would be expensive to have frequently-changing groups with access to a lot of data. (I'm certainly not suggesting I know a better way -- just checking my understanding.)
AI-generated images on the front page really take away from the trustworthiness of this thing..
And in reality, someone making a personal project used a tool at their disposal to add pretty pictures to their website, said website not being a part of the project in any way.
If they vibe coded the app, sure, be skeptical. But there's no indication they did, just that they wanted images for their website, and they're a software engineer and not a graphics designer.
I put about as much weight in the origin of those graphics as which website editor they use. If they were advertising themselves as a web designer, sure, maybe that's relevant. That's not what they're doing here though.
Not having any pictures at all is better than having AI pictures, in my opinion
Perhaps it’s a filter to intentionally scope audience.
And you’re not just having a kneejerk reaction?
Why is that different from disliking their font preference? It's an aesthetic choice, made by someone who's not advertising their web design expertise, that's purely subjective.
If this site were their product, maybe that'd matter. But why does that matter in this context?
It shows the author is willing to publish content that looks right at first glance but falls apart upon closer inspection, lacking rigor and consistency. That same description could also apply to your average amateur cryptosystem, which tends to be insecure as a result. If the author has low standards for images, might he also have low standards for his own code?
In this case, probably not! The text on the website and the author’s comments here and his background all suggest that he writes high-quality cryptosystems. But the AI art by itself is still evidence pointing to lower quality.
Because it shows a lack of respect for and understanding of the work graphic artists actually do. Now if that's your brand, great. You are communicating it effectively. If it's not your brand, it's probably worth considering the subtext in your presentation.
> it shows a lack of respect for and understanding of the work graphic artists actually do
No more than wearing off-the-rack clothes shows a lack of respect for and understanding of the work tailors actually do.
No more than wearing factory-woven cloth shows a lack of respect for and understanding of the work weavers actually do.
No more than heating a can of soup shows a lack of respect for and understanding of the work chefs de cuisine actually do.
In my cases as well as yours, one certainly can choose to spend extra for the luxury of the best to meet the want, but it is also fine to spend less and meet the need. In my cases as well as yours, judging someone for the value he assigns to a luxury is gauche.
The cost of obtaining the alternative; Creative Commons use images or even just inserting emojis is already free. Your argument doesn’t hold up.
> Because it shows a lack of respect for and understanding of the work graphic artists actually do.
If I cannot afford a graphic designer, then my choices are:
Obviously the first one is the easiest when you want something, but also quite controversial.It's free software. Graphic artists don't work for free.
It shows a lack of attention to detail when the illustration for "Merkle Trees" is not a forest (it has cycles). And "A Simple Key Hierarchy" could use an illustration of a real example instead of nonsense.
If someone used comic sans for their cryptographic software landing page, and someone else said: "this font makes me wonder if I can have any faith in this human being's aesthetic sense", I am willing to bet a nickel that you wouldn't be employing any of the same arguments that you're now employing to defend their choice of LLM images so devotedly.
Many people find using LLM images tacky and garish. It screams low-effort slop, to a significant number of people. When it's so easy to find great usable images on wikipedia, for example, it's hard to know why a sophisticated technical person would take the risk involved in this choice.
I'd a quick look there at the images on the wp page for chains, and the one for knots - some really excellent images. One doesn't need a PhD in web design to pull it off, either.
Hmm, maybe I need to reconsider having my choice of fonts enforced in my web browser settings (or have a whitelist of "comic sans", at least)
I agree. Max, strongly encourage you to remove the AI images. Not everyone is bothered but a significant number of people are.
You 100% didn’t vibe code this, but the AI images give that sort of impression.
Those images (bootstrap, vault) are so tertiary to the both the article and the project.
I'm excited to try this out personally! Thanks for building this maxtaco
Yes, they’re so tertiary that there was no reason to include them on the website. They’re ugly and mismatched, don’t consistently add value to the content, and make a negative first impression (for these reasons and for people who have valid aversions to AI slop). (By the way, all or almost all of the images are generated, not just the two you listed.) Useless images are far from a new problem (gotta love those Medium-article-style heros that can take multiple MB when people forget to optimize them) but AI further lowers the quality bar.
I think this complaint is likely against HN guidelines against these kinds of complaints about the site layout or how the page is designed. Will be flagging this complaint every time in the future because I consider it against guidelines.
That which can be asserted without evidence can be dismissed without consideration, per Hitchens’s Razor. I don’t think research exists about a relation between AI generated images and quality of the project using them, so your complaint seems like motivated reasoning because you believe that generated images are a sign of poor quality or judgement in an area that would reflect on other aspects of the project. The fact that our perceptions are colored in this way is not accurate, and is gamed by marketers. Criticism of the promotional aspects of a project like this which isn’t commercial or customer facing is not very convincing on your part and deserves being called out.
https://en.wikipedia.org/wiki/Hitchens%27s_razor
Like it or not complaining about AI generated images now is like complaining about people using Photoshop or Illustrator to create images.
[flagged]
I feel like this comment is AI-generated, also
Absolutely, I can see why you feel that way.
[dead]
[flagged]
[flagged]
Are all of this account’s comments AI-generated?
Yes, I clocked it in another thread.