Alternatives to QR code to verify contact - question from new user

Stelle deine Frage öffentlich an die Threema-Forum-Community - über 3.000 Mitglieder helfen dir weiter. Los gehts!
Unterstützung von offizieller Seite erhältst du direkt bei Threema: Zum offiziellen Threema-Support
  • Forgive me if this has already been addressed. But all the notes about verifying a contact involve getting together physically and scanning each other's QR codes. Is there another way I can share information with someone remotely, out of band, say by reading my public key in its entirety to him/her over the phone? Or, if we are speaking with each other at the time, is sending a JPG of our QR code through email to scan as good? If reading our public keys to each other is good, how do I change the verification level? There is nothing on this on Threema's site that I can find, verification only discusses scanning each other's QR code.


    Threema is my most secure messaging app and I want to verify everyone I use it with (not many), but we won't get together physically to scan codes, most likely.


    Thank you for your assistance.

  • That's what I thought, thank you very much for the reply. But I don't see a "Verify" button. If I do this with a contact, will we be able to change the verification level after reading each other our keys?


    Thank you for the help. I love this app, but I am still finding my way around it.

  • That's what I thought, thank you very much for the reply. But I don't see a "Verify" button. If I do this with a contact, will we be able to change the verification level after reading each other our keys?


    Thank you for the help. I love this app, but I am still finding my way around it.

    Hi Triumph,


    you are welcome!


    Which Smartphone are you using for Threema?

    I will give you a step-by-step guide for verification, but it's different because Threema for iPhone for Android has a separate protection against making screenshots.

    Ciao

    Snoopy


    Threema-Nutzer seit 23.12.2020 (immer mit gleicher Threema-ID!) 8)

    Kein Backup? – Kein Mitleid! 8o

    Einmal editiert, zuletzt von Snoopy () aus folgendem Grund: Confusion iPhone/Android regarding extra protection from screenshots

  • Thank you so much! I only just installed it, set up Threema Safe, and have played with EchoEcho so far. I'm going to install it on my son's phone and try this today. We can scan each other's QR code, but I want to practice this reading the Public Key in our Profile and manually marking each other as verified so I may do this with others in other locations.


    I am using an iPhone 8S running on the latest ios version. Thank you again, Snoopy! What a helpful community this is.

  • Hi Thriumph,


    no, it's not possible to do that with the Profile 64-digit Public Key over the phone only.

    But it is a good way to make sure that the other person is the right person.


    For security reasons, Threema doesn't recommend the following procedure at all, but if you are absolutely sure about the person on the other side / other device contacting, than it's no danger of a man-in-the-middle-attack.

    Furthermore, this should also not be vulnerable because the public key only belongs to the correct private key.


    Apple iOS has no additional protection as I mentioned above.

    So you can make a screenshot from the QR code instead of showing your device's screen to another person directly.

    And you can send it via Threema app to your friend, if he / she has a second device to scan it from the Threema screen (and maybe store it temporary to load it thereafter for scanning it then with Threema on iPhone (or Android device).


    And then your contact can do the same procedure to send his/her QR code to you, so that you also get three green points. ;)


    Always remember: security makes things more complicated, but also more secure. ;)

    Ciao

    Snoopy


    Threema-Nutzer seit 23.12.2020 (immer mit gleicher Threema-ID!) 8)

    Kein Backup? – Kein Mitleid! 8o

    Einmal editiert, zuletzt von Snoopy ()

  • . As long as I coordinate with my contact I believe if I email a screenshot of the QR code within minutes we can feel secure about the exchange and verify each other by scanning.

    • Exactly like this


    Auf derzeit Xiaomi 11T 5 G , mit Android 12 SP1A.210812.016


    Mit mir kann man auch echt telefonieren! :)

    Wenn du mich anrufst und ich kann nicht abheben, dann rufe ich zurück.


    Gruß,


    Reinhard


    Motto: " Über Pflänzchen wird gestolpert, Bäumen weicht man aus! "