Alternatives to QR code to verify contact - question from new user

Stelle deine Frage öffentlich an die Threema-Forum-Community - über 4.600 Mitglieder helfen dir weiter. > Frage stellen <
  • Forgive me if this has already been addressed. But all the notes about verifying a contact involve getting together physically and scanning each other's QR codes. Is there another way I can share information with someone remotely, out of band, say by reading my public key in its entirety to him/her over the phone? Or, if we are speaking with each other at the time, is sending a JPG of our QR code through email to scan as good? If reading our public keys to each other is good, how do I change the verification level? There is nothing on this on Threema's site that I can find, verification only discusses scanning each other's QR code.

    Threema is my most secure messaging app and I want to verify everyone I use it with (not many), but we won't get together physically to scan codes, most likely.

    Thank you for your assistance.

  • If you cannot scan QR codes, simply compare the public key.

    Your own public key is available by tapping on the button "Show public key" in the "My Profile" tab.

    To see a contact's public key, open its contact details screen and tap on "Show public key".

  • That's what I thought, thank you very much for the reply. But I don't see a "Verify" button. If I do this with a contact, will we be able to change the verification level after reading each other our keys?

    Thank you for the help. I love this app, but I am still finding my way around it.

  • That's what I thought, thank you very much for the reply. But I don't see a "Verify" button. If I do this with a contact, will we be able to change the verification level after reading each other our keys?

    Thank you for the help. I love this app, but I am still finding my way around it.

    Hi Triumph,

    you are welcome!

    Which Smartphone are you using for Threema?

    I will give you a step-by-step guide for verification, but it's different because Threema for iPhone for Android has a separate protection against making screenshots.

    Ciao
    Snoopy

    Threema-Nutzer seit 23.12.2020 (immer mit gleicher Threema-ID!) 8)
    Kein Backup? – Kein Mitleid! 8o

    Einmal editiert, zuletzt von Snoopy (10. Juli 2022 um 17:58) aus folgendem Grund: Confusion iPhone/Android regarding extra protection from screenshots

  • Thank you so much! I only just installed it, set up Threema Safe, and have played with EchoEcho so far. I'm going to install it on my son's phone and try this today. We can scan each other's QR code, but I want to practice this reading the Public Key in our Profile and manually marking each other as verified so I may do this with others in other locations.

    I am using an iPhone 8S running on the latest ios version. Thank you again, Snoopy! What a helpful community this is.

  • Hi Thriumph,

    no, it's not possible to do that with the Profile 64-digit Public Key over the phone only.

    But it is a good way to make sure that the other person is the right person.

    For security reasons, Threema doesn't recommend the following procedure at all, but if you are absolutely sure about the person on the other side / other device contacting, than it's no danger of a man-in-the-middle-attack.

    Furthermore, this should also not be vulnerable because the public key only belongs to the correct private key.

    Apple iOS has no additional protection as I mentioned above.

    So you can make a screenshot from the QR code instead of showing your device's screen to another person directly.

    And you can send it via Threema app to your friend, if he / she has a second device to scan it from the Threema screen (and maybe store it temporary to load it thereafter for scanning it then with Threema on iPhone (or Android device).

    And then your contact can do the same procedure to send his/her QR code to you, so that you also get three green points. ;)

    Always remember: security makes things more complicated, but also more secure. ;)

    Ciao
    Snoopy

    Threema-Nutzer seit 23.12.2020 (immer mit gleicher Threema-ID!) 8)
    Kein Backup? – Kein Mitleid! 8o

    Einmal editiert, zuletzt von Snoopy (10. Juli 2022 um 18:02)

  • Probably easier and also more secure than a screenshot if both of you have a desktop PC or a notebook: Make a video call via whatever desktop video conference solution you prefer (e.g. Jitsi) and just show your QR code into the camera.

    (Um Verwirrung zu vermeiden: Ich arbeite bei Threema, spreche hier aber für mich.)

  • Most excellent! Thank you for that, very easy. As long as I coordinate with my contact I believe if I email a screenshot of the QR code within minutes we can feel secure about the exchange and verify each other by scanning. That was very helpful,