Key exchange verification


1 comment

  • Official comment
    Skylar Nagao

    Hey Karl,

    Peerio actually has a couple ways to verify your contacts' public keys. You can go to your contacts page and select their name to view their public key, as well as view their identicon, a cryptographically unique identifier. You should verify either the identicon or public key in another trusted communication channel.

    The client is open source and has been audited by the experts at Cure53, so you can ensure nothing is happening client-side. Peerio uses TOFU (trust on first use). There is a cached encrypted version of your contact list and the client checks with each message to ensure that each message only has the recipients identified, otherwise the message will fail. If a user's public key changes, Peerio will produce a warning indicating this, and will suggest you re-verify your contact's public key.

Please sign in to leave a comment.

Powered by Zendesk