Key Verification


Key Verification is the process makes an Assertion that a Public Key is associated to the correct entity

Key Verification in Public Key Cryptography, each person has a set of keys.

Key Verification is a common feature of protocols that use End-to-End Security, such as PGP and Off-the-Record Messaging.

On Signal, Key Verification is called "safety numbers." To verify keys without the risk of interference, it's advisable to use a secondary method of communicating other than the one you’re going to be encrypting; this is called out-of-band verification. For example, if you are verifying your OTR fingerprints, you might email your fingerprints to one another. In that example, email would be the secondary Communication Channel.

Alice And Bob#

To send a message securely to a Bob, Alice must encrypt the message using her Public Key.

Mallory (an attacker) may be able to trick you into using their Public Key, which means that Mallory would be able to read your message, instead of the Bob. That means that you have to verify that a Public Key is being used by Bob.

More Information#

There might be more information for this subject on one of the following: