[messaging] encryption of Signal notification messages

Sam Lanning sam at samlanning.com
Tue Feb 23 04:54:38 PST 2016 

Hi Halil,

You are mistaken in thinking that the only way in which notifications can
appear on iOS and Android devices is by a direct message from the push
server. In actuality, local applications can choose to put messages on your
screen too, it doesn't have to go via the push server.

That's what is happening in this case. Signal is locally adding that
notification to your iOS notifications (and same with android). The push
service is used to just tell devices that there are some new messages, and
that they should download and check with the server. This triggers Signal
to run some code locally that contacts the server using the open source
protocol, downloads the messages, decrypts and stores them, and then shows
a notification if necessary.

Messages are ONLY sent to recipients of the messages, and they are always
encrypted.

Hope this clears things up.

Thanks,
Sam.
On 23 Feb 2016 4:40 a.m., "Halil Kemal Taşkın" <haliko87 at gmail.com> wrote:

> Hi Trevor,
>
> Then just to clarify things, please kindly check the attached screenshot
> of my iPhone. I want to figure out what I am missing?
>
> To test the system, my friend Murat wrote me a message: "This message
> should be encrypted.".
>
> And the message itself is directly shown in the notification as you can
> check from the screenshot. This is actually what I want to point out.
>
> If you are familiar with mobile development and push notification
> services, this means, the message travelled through Signal's app server's
> push handler and Apple APNS as plaintext.
>
> Screenshot:
> https://www.dropbox.com/s/euy5a98v0ej9jyb/SignalNotification.png?dl=0
>
> Regards,
> Halil Kemal TASKIN.
>
>
> 23 Şub 2016 tarihinde 11:51 saatinde, Trevor Perrin <trevp at trevp.net>
> şunları yazdı:
>
> On Tue, Feb 23, 2016 at 1:41 AM, Halil Kemal Taşkın <haliko87 at gmail.com>
> wrote:
>
> But your message is also sent in plaintext for push notification issues.
>
>
> Hi Halil,
>
> Your description is wrong - Signal works as Raphael describes.
> Plaintext content for encrypted messages is not sent through push
> services.
>
> Trevor
>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160223/8b77c339/attachment.html>

More information about the Messaging mailing list