Comment by jumploops
4 months ago
I once built a version of this that strictly allowed you to add contacts via QR code only.
The idea was simple: you can only exchange keys in person, therefore no central server involvement at all.
4 months ago
I once built a version of this that strictly allowed you to add contacts via QR code only.
The idea was simple: you can only exchange keys in person, therefore no central server involvement at all.
Tin Foil Chat is in this variety - mailboxes are tor hidden services identified by their public key.
https://github.com/maqp/tfc
Well not quite :) Wrt what upper post said:
It used to be the case you could only exchange keys in person, but X25519 was introduced in 2016, and it was bumped to X448 in 2019. You can of course still exchange PSKs as it's currently the only post-quantum key exchange it can offer. QR-codes are not used, instead, imported strings are split into small segments that are typed manually. The program then does what it can do, to help the user identify typos.
I did something similar, share contact via QR code, offline, but with a dedicated encryption/decryption device to realize the airgap: www.qryptr.com