[messaging] encryption of Signal notification messages
Frederic Jacobs
lists at fredericjacobs.com
Mon Mar 7 10:03:25 PST 2016
Hi Halil,
I implemented this feature on Signal iOS and can confirm that messages are end-to-end encrypted.
1) The iPhone registers for push notifications.
2) When a message arrives, and the app is not in the foreground, a push notification is sent (it is constant size) and contains no metadata on sender or even encrypted content.
3) When the iPhone gets that push notification, it doesn’t display anything to the user but open a socket in the background to the Whisper Systems web socket to fetch the message payload. Decrypts it. Checks the user’s notification display style preference. And shows relevant information.
So to sum up, APNS is just used as a “wake-up” signal to tell the recipient’s phone that a message is available.
Best,
Frederic
> On 23 Feb 2016, at 13:40, Halil Kemal Taşkın <haliko87 at gmail.com> wrote:
>
> Hi Trevor,
>
> Then just to clarify things, please kindly check the attached screenshot of my iPhone. I want to figure out what I am missing?
>
> To test the system, my friend Murat wrote me a message: "This message should be encrypted.".
>
> And the message itself is directly shown in the notification as you can check from the screenshot. This is actually what I want to point out.
>
> If you are familiar with mobile development and push notification services, this means, the message travelled through Signal's app server's push handler and Apple APNS as plaintext.
>
> Screenshot: https://www.dropbox.com/s/euy5a98v0ej9jyb/SignalNotification.png?dl=0 <https://www.dropbox.com/s/euy5a98v0ej9jyb/SignalNotification.png?dl=0>
>
> Regards,
> Halil Kemal TASKIN.
>
>
> 23 Şub 2016 tarihinde 11:51 saatinde, Trevor Perrin <trevp at trevp.net <mailto:trevp at trevp.net>> şunları yazdı:
>
>> On Tue, Feb 23, 2016 at 1:41 AM, Halil Kemal Taşkın <haliko87 at gmail.com <mailto:haliko87 at gmail.com>> wrote:
>>> But your message is also sent in plaintext for push notification issues.
>>
>> Hi Halil,
>>
>> Your description is wrong - Signal works as Raphael describes.
>> Plaintext content for encrypted messages is not sent through push
>> services.
>>
>> Trevor
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160307/1b01576d/attachment.html>
More information about the Messaging
mailing list