[0xDEAFBEAD]

>If you want to do fingerprint distribution, you should actually publish your Signal key's fingerprint (they call it 'safety number' to keep everyone on their toes).

"Each Signal one-to-one chat has a unique safety number that allows you to verify the security of your messages and calls with specific contacts."

https://support.signal.org/hc/en-us/articles/360007060632-Wh...

I don't see how I could publish my safety number if it's unique to each one-on-one chat?

I've been looking at the Signal website, and I don't actually see a way to distribute a fingerprint...

[lucb1e]

As I said, safety numbers are how they keep everyone on their toes! Can't have it be easy to verify that the Signal servers are honest :) This is why I joke that moxie must be a double agent (I don't think he is, but I find it funny that many of Signal's principles (see also: alt clients; federation; phone numbers; etc.) can be explained that way).

The key material shown in each chat is a concatenation of your fingerprint and their fingerprint, ordered alphabetically so that you are both shown the same thing. By checking two of your chats, you can find out which half is shared (that's yours) and which is unique (that's theirs).

The QR code contains more data, I think your phone number and perhaps a longer/stronger fingerprint (I looked into it once but forgot the details), so that's marginally more secure/foolproof to compare but also even harder to distribute since it'll only ever be valid for one contact

[0xDEAFBEAD]

Thanks, this is valuable information. Is it documented anywhere?

[lucb1e]

What, the source code isn't documentation enough? (jk)

I vaguely remember critique towards PGP coming from Signal's corner of the internet (probably before it was called Signal) for having long-term stable keys and published fingerprints that make it so you want them to be long-term stable for verification purposes. Problem is, I looked for this critique a few months ago and can't find it anymore, so perhaps I'm putting words in their mouth that, instead, came from Signal supporters in a comment thread or so, though I also can't think of any other reason to hide your public key's fingerprint. Regularly swapping out keys protects from temporary key compromise situations, that's simply a fact, but it trades off being able to publish your key somewhere and people being able to use that to not have to trust "the server" (a central key distribution system) in an E2EE application. I have a different opinion than Signal seems to have on which variant is the lesser evil, but I can see why they've made the choice. (Imagine my surprise when finding out that Signal's public keys are long-term stable with indefinite validity.)

So, given that they seemingly don't want people to use their public key fingerprint the way that you can with PGP (printing it on a business card), I am not surprised if there is no user documentation on how to undo the concatenation. I'm not aware of such documentation myself, and it wouldn't be the first time that I have to dive into Signal's source code to find info on already-pushed-to-users functionality.

Let me know if you find any docs, though, because I seem to type out the explanation of how to use signal key fingerprints somewhat regularly (I should store it somewhere in reusable form, yeah) and sending a link with screenshots will be much nicer

[0xDEAFBEAD]

Maybe you can write the O'Reilly book on Signal ;-)