taco1: bad key: B707AD86 != 96D307BE

This only happens after we've signed a key for inclusion into our keyring. Before inclusion, it spits out the full PGP fingerprint, which is actually better!

Since @km seems to be uninitialized.

If we download a new link from the server, we never update the parent user object, so it just keeps refreshing again and again.

The solution is simply to update the parent user object when adding chainlinks.

Rather than hack-parsing the human-readable output. This is probably the much more robust solution.

This can wait, but eventually, seems like a good idea.

Check the sqlite3 DB and delete keys accordingly.

Not sure what the plan of attack should be, but for now it's breaking regression testing for #16.

Maybe we should have a way to pick up halfway through. The slowest thing so far is signing up, and proving, and waiting for github/twitter, etc. Slow slow.

Probably need to factor out a lot of decrypt

Sometimes we don't get anything from stdout from gpg. Works fine on Mac but it's fucked on linux. keybase version is fucking broken.

Chris's idea to keep keys used for verifying in a temporary single-use keyring. That way we don't have to worry about conflicts. It is nice idea but demands a big refactoring. Maybe leave it for Now.

1. We're getting that horrible don't trust this key message. I am not sure why not, but we don't have this problem with the live client, so it's likely something having to do with temporary keys.
2. We're still not properly decrypting, I think there's a prompt that we're missing, but unable to really understand due to the previous issue.

Some issues include:

1. taken by someone else
2. are invalid (since they contain a curse)
3. are invalid since are not long or short enough, have unfriendly characters, etc.

Look into it!

These errors on my machine.

This user has a twitter proof but not a github proof:

chris vangogh ~/git/keybase/keybase/sql >keybase track chris
warn: Missing track in signature
warn: Missing track in signature
warn: Missing track in signature
warn: Missing track in signature
info: Signature is already revoked: 263bedf900d6e8a2a430bb92b98f3c1ea1fab4e391b1abb9e0caa37264def8ed0f
info: Signature is already revoked: df33e3d366a9f30cb28a413c77b9b4b8900f1a227dae610f4b20204901f561830f
...checking identity proofs
✔ "kbtester1" on twitter: https://twitter.com/kbtester1/status/417699763287379969

/Users/chris/opt/node/lib/node_modules/keybase/node_modules/keybase-proofs/lib/scrapers/github.js:125
      return api_url.indexOf("https://gist.github.com/" + username + "/") ===

and then when we tried to track chris1000, who has a key but no proofs:

keybase track chris1000
...checking identity proofs

/Users/chris/opt/node/lib/node_modules/keybase/node_modules/keybase-proofs/lib/scrapers/twitter.js:99
      return api_url.indexOf("https://twitter.com/" + username + "/") === 0;
                     ^
TypeError: Cannot call method 'indexOf' of null
    at TwitterScraper.exports.TwitterScraper.TwitterScraper._check_api_url (/Users/chris/opt/node/lib/node_modules/keybase/node_modules/keybase-proofs/lib/scrapers/twitter.js:99:22)
    at TwitterScraper.BaseScraper.validate (/Users/chris/opt/node/lib/node_modules/keybase/node_modules/keybase-proofs/lib/scrapers/base.js:34:17)
    at /Users/chris/opt/node/lib/node_modules/keybase/lib/sigchain.js:450:31
    at ok (/Users/chris/opt/node/lib/node_modules/keybase/lib/sigchain.js:465:23)
    at Deferrals.runtime.Deferrals.Deferrals._call (/Users/chris/opt/node/lib/node_modules/iced-coffee-script/lib/coffee-script/iced.js:115:18)
    at /Users/chris/opt/node/lib/node_modules/iced-coffee-script/lib/coffee-script/iced.js:127:26
    at Object.runtime.trampoline (/Users/chris/opt/node/lib/node_modules/iced-coffee-script/lib/coffee-script/iced.js:94:16)
    at Deferrals.runtime.Deferrals.Deferrals._fulfill (/Users/chris/opt/node/lib/node_modules/iced-coffee-script/lib/coffee-script/iced.js:126:26)
    at iced.Deferrals.parent (/Users/chris/opt/node/lib/node_modules/keybase/lib/sigchain.js:442:38)
    at ok (/Users/chris/opt/node/lib/node_modules/keybase/lib/sigchain.js:443:21)

yippee!

Right now we'll blindly allow it

Since we obviously don't need to pull from the server what we've written ourselves.

Right now, they're being imported into the main keyring. We might take the stance that keys are allowed in the main keyring that aren't trusted, but I think that's kind of ugly.

This might need to be solved, if at all, along with issue #29. Alternatively, there could be an obscure GPG option that I'm missing.

Maybe fetch the primary key, and then ask whether it in particular needs to be revoked or not.

Here is the sequence to consider:

1. User A generates a github proof
2. User B runs keybase track/id A and sees a failure
3. User A posts the gist to gist
4. User B runs keybase track/id A and still sees a failure

The problem is that chain links aren't strictly speaking immutable. They can change when the proofd process goes through and checks them. We can take the position that the client should do what proofd is doing. But it's nice to have all of that scraping happening on the server. The other alternative is for the client to update chain links for those with dead api_urls. Once the api_url is filled in, it shouldn't change.

This is a really annoying bug that's going to take some time to fix, unfortunately.

I'm not sure who's doing that, is it GPG?

And that slows things down every further.

We can probably be smart about not doing anything much in the case of the key already being in our keyring and signed, and skip the whole key import and signing process.

Don't get the right behavior if you untrack and then retrack. I think compression is broken.

With @fingerprint and @get_fingerprint(). It's quite ugly, let's clean it up.

...for users who make a lot of requests. The logged-out limit is 60/minute.

Right now, we just get a GPG failure and no further explanation.

...So maybe still want to run check_remote_proofs

Or maybe repartition the DB so that it can handle multple users?

We're checking every time now it seems, even on repeated keybase track --localss. I thought we didn't need to check the remote proofs in that case?

Need some work on this.

First of all, if the key is already imported and signed, then we shouldn't resign it, since it will prompt the user for a password.

Second of all, we probably want to ask the user if he's ok with it, before signing the key? Maybe we're already doing that with approval of remote proofs.

maybe it should be less so.

Ideally we could stick with one, or at the very least, need to be more explicit as to which is being used.

since we're scraping output. I'm not sure of how best to solve this

And subclasses should say whether or not they want it...

http://www.freebsdmadeeasy.com/tutorials/freebsd/create-a-ca-with-openssl.php

Looks like we'll have to create a CA. Eventually the options we need are traced back to here:

http://nodejs.org/api/tls.html#tls_tls_connect_options_callback

Seems like the 'cert' option is just for client certificates. Seems like the ca option
is the only way to distribute the server public key.

Some possible solutions:

1. Have the logged in user ID as a column in each table.
2. Have the DB named after the logged in user. This has the disadvantage that state isn't stored across the two users, but maybe that's OK.

Which is the agreed upon way to change users.

Also, a keybase logout might be useful.

Will need 3sec to decrypt, of course.

Will list:

1. Logged in as
2. Session active/non-active
3. Private key available/non-available

Others?

...Especially for scrapars

Rather than the short mofos. This is going to be extremely useful and protect against all sorts of collision attacks that we're now open to. Stil, I'm not stoked about the 64-bit target space, it might be the fundamental weakness of the system.

Move all of the iced-generic stuff like athrow and bufeq_secure from the latter to the former.

Need a reg test here.

End-to-end regression testing. We need to figure out how to make PGP keys in batch mode to make this possible. Or potentially, we can you KBPGP to do so, just for testing.