![]() ![]() In other words, although Wickr guarantees that all communication from a contact was really produced by the holder of that contact’s keys, it is equally important to ensure that the person using those keys is really who we think they are. However, in practice we all are usually interested in communicating with a particular person, not just anybody who controls a particular set of identity keys. Put differently, a Wickr account is controlled by whoever controls the identity keys belonging to the account. All subsequent communication to come from that contact can now be authenticated by checking that the received message was digitally signed using the contact’s identity keys. When you add someone to your contact list, your Wickr client immediately obtains the public part of the contact’s identity keys from the server and stores it locally. The latter is used to produce digital signatures and the former can then be used to verify those signatures. Such Identity Keys consist of a matching public and private key. On Wickr networks - either Messenger or Wickr Pro - each user’s account is ultimately bound to their signature key pair: Identity Keys. I want to share our thinking about key verification design and ways we implement it to help our users across Wickr apps to authenticate their contacts. One of the coolest things crypto enables is ensuring that a person I think I am talking to is exactly who I think it is, even if they are thousands of miles away and I’ve never met them. There are many things cryptography solves when it comes to ensuring the integrity and privacy of user connection - from protecting the content of communications so only intended recipients can decrypt them to authenticating the parties to multi-actor transactions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |