Lately there’s been a lot of attention to how different secure messengers deal with key changes and ensure the authenticity of conversations.
It’s fantastic to see the growing interest in this topic, and with that, some well thought-through security reviews of Wire by the infosec community. Unfortunately there have also been cases of anonymous accounts on social media publishing misleading information about our app and its security.
This post will look at Wire’s unique implementation of end-to-end encryption in a multi device scenario, key verification and the behavior when keys change.
End-to-end encryption on multiple devices
One of the big reasons people like Wire is the fact that it works on mobile, tablets and desktop while keeping everything — messages, pictures, calls — nicely in sync.
Wire is the only truly multi-device, verifiably end-to-end encrypted communication platform on the market. Some others take the more limited approach of linked devices or secondary devices where the desktop experience is tied to the mobile app.
The multi-device nature of Wire has lead to conscious design choices, both on the technical and user experience level.
For example, when someone logs in with the same account on Wire on their phone and their laptop both devices generate a unique cryptographic key which is used to encrypt and decrypt messages that the person sends.
Designing key management and fingerprint verification has been an exercise in finding the right balance between security, complexity and ease of use. This remains a constant area of focus, and we are actively exploring alternatives and improvements.
This is how the verification works in more detail:
When two people (Alice and Bob) connect the first time on Wire then we assume they know and trust each other. Of course we recommend that they compare their device key fingerprints for added security. It’s straightforward if both are using only one device. After Alice verifies Bob’s device a new blue shield icon is displayed before Bob’s name in their conversation.
Messages after key change
Alice logs in on a new device, perhaps via Chrome browser on her laptop.
- Alice sees an alert on her first device, and receives an email (if she signed up with an email or added it later to her account) notifying her of the new device.
- If Bob has verified Alice’s first device and tries to message Alice then he will see a blocker view before the message can be sent.
Verification if both have multiple devices
As said earlier, each one of Alice’s devices has a unique key and she should also verify her own devices. Only after that can she verify the fingerprints of Bob’s devices and have a fully verified conversation.
Verification on Wire is unidirectional meaning that Bob does not need to verify Alice’s devices to create more security for Alice. If Bob adds a new device, Alice will be alerted.
Key change while message in transit
In a scenario where Alice uninstalls Wire (perhaps she’s switching to a new phone) and Bob sends her a message Alice will never receive the message. Bob will see that the message is in “Sent” status (has reached Wire servers) but not “Delivered” status.
The message is not automatically re-sent once Alice has added a new device. If Bob tries to send it again (because the “Sent” status tells him it hasn’t arrived), he will see the blocking take-over screen (shown below) to let him know Alice is using a new device.
We can make this even better
As a result of the questions and feedback from the community we’re in the process of auditing both user experience and different scenarios. We’ve identified a few smaller improvements already:
- On Android when a device has a fully verified conversation and receives a message from an unverified device then display a system message with the half-shield (it currently displays a popup).
- On Android the alert that Bob started using a new device can link directly to the devices view, not to Bob’s profile.
- Copy of the blocker screen on Android can be changed so it is clearer what has happened.