Hacker News new | ask | show | jobs
by henearkr 1983 days ago
It will, because it will prove (or give you a lot of confidence) that the agent who sent you their public key is your legit correspondent.

This uses the fact that the client on each side is open source and inspectable, so that each side knows that they sent only the public key that they generated on their own device.

PS: to answer your last sentence, Signal allows you to flag specifically contacts that you managed to verify. Which is technically equivalent to say that you verified that the public key is theirs.
1 comments
sneak 1983 days ago
Yes, but it doesn't support doing that whilst in a video call with them.
link
henearkr 1983 days ago
[edited]

Indeed it is far from straightforward that merely doing a video call suffices to check the keys.

Signal is famously using a special protocol for secure key sharing through the server, which I have not studied.

But as said by another comment, there is no way around verifying explicitly the public key using an independent channel.

link