Verify User Cryptographically on Signal
Signal provides a cryptographic identification method for you to verify your correspondent. This allows you to lock the safety number with your correspondent to ensure his/her phone is:
- in tact
- is the same person
- sniff any unnoticeable changes
before sending your sensitive information out. To know more, visit: https://support.signal.org/hc/en-us/articles/360007060632-What-is-a-safety-number-and-why-do-I-see-that-it-changed-.
This section guides you on how to verify safety number between you and your correspondent.
NOTE: This section is optional but encouraged to do.
Both of you can meet up face-to-face to perform the cryptographic verifications. Afterall, what you need is the ability to scan QR code from each other.
Once the two of you meet up, you can start the cryptographic verification process.
Select View Safety Number
Firstly, in your correspondent chat, select his/her name. This will open up user-specific settings.
Next, scroll down until you find “View safety number". Click on that to bring up the verification interface.
Verify Each Other
Once you open the safety number, you will see the cryptographic keys and a QR code to scan for verification.
Either of you can now press on the QR code to scan one other before enabling the Verified button.
After completed the verification process, you will notice there is a small tick with verified label under your correspondent name.
Things You Should Watch Out
Should there is a breach of the safety number, you should verify with your correspondent as he/she may:
- change phone frequently.
- loses the phone number to someone else.
- phone's software security is compromised.
Frequent safety number breaches is a bad indicator that either side of you is having a compromised phone/phone number. Hence, please treat it seriously.