Don’t Trust Apple To Verify Someone — Then Use Contact Key Verification?
Like it or not, Apple has always had the best security on their devices — including having specialised hardware which looks after the security of the device and of the user. Now, Apple has added contact key verification on the iPhone, and which can be used to authenticate the person you are speaking with — without using Apple’s identity services. For this, it generates a unique public code, and where each person can compare the codes generated in order to verify those involved in a conversation on the iMessage app. An important feature is that it is possible to advertise a Public Verifiable Code over social media.
Basically, in iMessages, there is now a “Verify Contact” link for the contact, and when the other person clicks on Verify Contract, a contact verification code is shown. The verification on each device is then compared, and if they match, the identities have been verified. The verification is done out-of-band:
With iMessage, we integrate the Apple Identity Directory Service, and which will store the public key of the key pair for all the end-to-end encryption services. The private key is used to decrypt data, and also…
