undefined | Better HN

0 pointsmagicalhippo1y ago0 comments

This would require a key per app installation, my SO has the app installed too for example.

It would also introduce a lot of additional failure modes.

Doable but not exactly trivial.

0 comments

3 comments · 1 top-level

layer81y ago· 2 in thread

It would work exactly like how you can send an encrypted email to multiple recipients and each of them can decrypt it despite having different private keys. That part isn’t rocket science.

magicalhippoOP1y ago

Indeed, it's making it work reliably and with zero friction given both apps and car will have variable internet access.

amluto1y ago

This is not hard. App login sets up a session with VW (which is surely already does), except the session needs a database entry and not just a JWT-like token. (Many auth frameworks do this anyway.) The database row needs to add a public key, and the server needs to send all the key changes to the car. And that’s about it.

1 more reply

j / k navigate · click thread line to collapse