Whatever place TextSecure is getting the key from could have replaced your girlfriend key with something else and be MITMing all the traffic.
The proper way to do this would be to have your girlfriend's phone display a QR code with her public key and have you scan it with your phone camera, or using NFC to transfer the public key if available.
Your "proper way" requires people to actually meet before they can begin a conversation, which greatly limits usability (you couldn't even test the app without a friend sitting next to you - who would keep an app they can't even try out on their phone?).
Second, you can verify fingerprints manually if you're in person. The biggest draw is there is no distinction between a user who you've simply exchanged keys with vs a user who's fingerprint you've verified. This is something the Threema messenger gets right. Trying to explain capabilities of the attacker and how you could be MITM'd to some random user is totally pointless and will just scare them, it's detrimental to adoption. It's far better to have a visual indication of how much relative 'trust' you have with your individual contacts, rather than write a novel implying there could be G-Men on the other side of the line.
Finally, for phone calling capability, the loop can be 'closed' through a second level of verification, because RedPhone/Signal give you a (matching) set of random words upon connection establishment, and each party says the secure words to each other before anything else. This was an idea taken from SilentCircle, I believe.
The idea here is that it is easy for a human to verify they're talking to someone they know simply if they hear their voice verify the words they're seeing, while it's probably going to be difficult for an attacker to imitate arbitrary voices on demand in real time to 'spoof' a human.
Plus, once I sent her a TextSecure message, I sent her an SMS to confirm that she received the first one. Now granted I guess someone could hijack her SMS too, but you could swap that out for any second-step verification of your choosing: an SMS, an e-mail, confirming in-person that we're receiving what the other person sent, etc.
In any case, there are no desktop clients yet that support OMEMO. Conversations and Jitsi support Message Carbons though (together with a compatible XMPP service, such as yax.im) very well. On the console, there is profanity that also supports it.
Yes, but UX is still the biggest issue. By all means develop next gen crypto tech: but first, make what we have now usable by people who aren't Unix people.
I would pay money for binaries of an Open Source GnuPG for OS X which wasn't awful to use.
Not in a tarball, not assuming I want to use the command line, on gnupg.org (with the angry SHA1 certificate warning fixed), not linked to from there for 'people who want GUIs'.
I would love to simply sync users' keys between their devices and encrypt opportunistically like OTR does. Offline key exchange would only be necessary for verification purposes at that point. I see user key management as the harder problem than exchange.
UX runs deeper than software interfaces.
> Identity and key management is really the underlying issue
Yes, that's a UX issue.
So:
- Get GPG key from Facebook (which has them as part of the standard profile today)
- Say to person: you should contact this person by a means you trust and confirm this is their key (since we don't trust anyone by default).
- Once they click OK, they can now send messages to that person.
Nothing stopping other mainstream sites from adding GPG, it's jus that FB is the only one I know of. Obviously GitHub doesn't count since most people aren't software developers.
(You can build and use your own gpg binaries if you're concerned about their modifications)
- GPGTools isn't sure what's called. GPGTools? OK where do I download GPGTools? There's no button to do that. What's GPGSuite? Do I want that instead? Installed, there's nothing called either Applications/GPGTools or Applications/GPG Suite.
- Its app is called 'GPG keychain' or similar. Nobody outside crypto folk care know what a keychain or, not should knowledge of a keychain app be required to send someone a message encrypted with their public key
- The apps main focus is key management, and it's really poor at that. There's no way to discover people's GPG keys AFAICT
- It's a plugin for Apple Mail and a command line app. Most people using Macs don't use either of those. And it's not promoted as a Mac mail plugin, which means most people will be disappointed when they use it.
- It seems to choke on common GPG output with some chars. That output is probably not encoded correctly, that shouldn't matter. Be liberal in what you accept.
Yes, you can cargo cult the PFS algorithms over the email infrastructure, but if you save the temporary key, it's not PFS anymore, and guess what, if you want to save your message to reading later, you'll have to save the temporary key too.
That's not email.
Ok, that's less "instant" than most instant messaging system. But it has the same trade-off. It has a bigger time window when messages can be decrypted, and messages last for longer.
If you give-up on reading your email latter, yes, you can have some kind of forward secrecy.
When you change the public encryption key, you decrypt all messages received under the old key, re-encrypt with a local key, and destroy the private decryption key.
This way, someone getting your private encryption key cannot decrypt intercepted ciphertext he got before your last key change.
Obviously it requires to change PGP to get a new signed encryption key every time (unless there's some extension that already does it?)
