• FuglyDuck@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Again, with the client code you should be able to tell that the keys are generated there and not sent anywhere

    then no one- including the intended recipient- can decode them without that physical device. kinda defeats the point of a messenger service. The codes have to be sent somehow. Either it’s sent along their servers, or the recipient’s device directly.

    I really don’t care to get into it. Just know that if you’re using a generic, stock device… any message you send should be considered compromised. depending on the app, and the device in question, it may (but not necessarily) require physical access to the device. but, by it’s very nature, the messenger service meant to be decoded and read. it is fundamentally permissive in nature.

    Is it secure enough for France’s needs? Probably. does it mean it’s the best? Probably not.

    • matter@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You seem to be a bit confused about how asymmetric encryption works. There is no need for private keys to be transmitted for a messaging service to work. I encourage you to read about the difference between public and private keys in asymmetric encryption. They are generated in pairs, such that when something is encrypted using a public key, it can only be decrypted using the corresponding private key. So it’s not correct to say that the message can’t be decrypted by the intended recipient - they are in fact the only party who can, but even the sender can not.