Message signing slash encryption
Opened this issue · 6 comments
pls and thanks
You'll have to excuse my naivety, but how does that sort of thing work? :3
So would users upload keys to the client in the user settings section, and then it just signs the message? We should add some kind of "Verified" symbol then, next to the message, to show it was signed -- like GitHub.
How, though, do we exchange public keys -- and make sure they are associated to particular user accounts?
^ this is a problem not even matrix has solved yet. For now, we could give users a dialog with key fingerprints and ask them to click verify
or blacklist
kind of like matrix. Later on, we could support a web of trust where admins can sign other people's keys and then those people can sign other keys etc, kind of like GPG
Sounds good! I assume we store keys in localStorage (that way no server can get their evil hands on them) [as well as the verified/blacklisted data, it can't be stored on the server because then they could verify an evil signature]
I'm quite interested in implementing this, but I'd be really bad at it because I'm not familiar with the codebase. @towerofnix is assigned, so I'm happy to leave it to them to implement (if they want to).