[messaging] encryption of Signal notification messages

Chris Johnson captain.slim at gmail.com
Mon Mar 7 11:56:01 PST 2016


Are there any security implications to the user's secret key not being
encrypted when the phone is locked? (I presume this must be the case since
a message can be decrypted while the phone is locked.) Before this change
was implemented, was the user's secret key unencrypted only when the phone
was unlocked?
On Mon, Mar 7, 2016 at 6:03 PM Frederic Jacobs <lists at fredericjacobs.com>
wrote:

> Hi Halil,
>
> I implemented this feature on Signal iOS and can confirm that messages are
> end-to-end encrypted.
>
> 1) The iPhone registers for push notifications.
> 2) When a message arrives, and the app is not in the foreground, a push
> notification is sent (it is constant size) and contains *no metadata on
> sender or even encrypted content.*
> 3) When the iPhone gets that push notification, it doesn’t display
> anything to the user but open a socket in the background to the Whisper
> Systems web socket to fetch the message payload. Decrypts it. Checks the
> user’s notification display style preference. And shows relevant
> information.
>
> So to sum up, APNS is just used as a “wake-up” signal to tell the
> recipient’s phone that a message is available.
>
> Best,
>
> Frederic
>
> On 23 Feb 2016, at 13:40, Halil Kemal Taşkın <haliko87 at gmail.com> wrote:
>
> Hi Trevor,
>
> Then just to clarify things, please kindly check the attached screenshot
> of my iPhone. I want to figure out what I am missing?
>
> To test the system, my friend Murat wrote me a message: "This message
> should be encrypted.".
>
> And the message itself is directly shown in the notification as you can
> check from the screenshot. This is actually what I want to point out.
>
> If you are familiar with mobile development and push notification
> services, this means, the message travelled through Signal's app server's
> push handler and Apple APNS as plaintext.
>
> Screenshot:
> https://www.dropbox.com/s/euy5a98v0ej9jyb/SignalNotification.png?dl=0
>
> Regards,
> Halil Kemal TASKIN.
>
>
> 23 Şub 2016 tarihinde 11:51 saatinde, Trevor Perrin <trevp at trevp.net>
> şunları yazdı:
>
> On Tue, Feb 23, 2016 at 1:41 AM, Halil Kemal Taşkın <haliko87 at gmail.com>
> wrote:
>
> But your message is also sent in plaintext for push notification issues.
>
>
> Hi Halil,
>
> Your description is wrong - Signal works as Raphael describes.
> Plaintext content for encrypted messages is not sent through push
> services.
>
> Trevor
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20160307/4f7bfaf4/attachment.html>


More information about the Messaging mailing list