Verify Chat Keys
Deadline: May 23
Most end-to-end encrypted chat programs allow users to do manual verification of the other chat partner.
Software: Either WhatsApp or Signal. Two people in the group need to have the same software. Its ok to do this activity with someone outside the class.
Steps:
Follow the steps for WhatsApp or Signal below. You can also try with both to compare and contrast.
- Open WhatsApp on a phone
- Menu -> Settings then click on the QR code image near the profile line
- Person A should scan person B’s QR code to verify them. Then switch and Person B should scan Person A’s QR code.
- Tada! You are now verified contacts.
- Open a chat with your (new) contact, then click their picture/icon to open the contact information.
- Scroll down to “Encrytion” and click to verify that you are using encryption.
Signal
- Open Signal app on a phone
- Open a chat with the other person
- Menu -> Chat settings -> View safety number
- Compare the presented numbers or scan the barcode
- If you are satisfied that they numbers match click the “Mark as verfied” button
Reflection questions
- As an end-user do you feel confident that you have properly verified this person such that the security property of Authentication will now hold future chat messages with this person?
- Are you likely to verify chat parterns in the future? Why or why not?
- What do you feel you learned from this activity?
Other things to try
- Do the above activity on both Signal and WhatsApp and discuss how they differ.
- Try with Tellegram (only if you already have the app)