1

On Signal's blog they mention that keys for accessing your profile are exchanged normally with your contacts using the Signal Protocol just like messages are (implying they are already contacts and you've already generated a shared ephemeral symmetric key).

They also mention if you start a new thread with someone who isn't in your contacts, you automatically share your profile with them. How is this done if the recipient is offline, not in your contacts and hasn't completed a handshake to create a shared symmetric key?

aroooo
  • 115
  • 4

1 Answers1

3

Here are some specs if you want to look into it further, especially X3DH.

Basically (and this is a simplification), the server stores a number of "prekeys" for each device, which are the public halves of ephemeral DH keys generated by a device when it registers, and regenerated as needed.

When Alice initiates a session with Bob, she retrieves a prekey from the server and creates a new ephemeral key to use with it. The message she sends includes an identifier for which prekey she used, and the public half of her ephemeral key.

When Bob receives the message, he can locate the private half of the prekey used by Alice, and use it with the public key she sent to compute the shared secret.

It's worth noting that the key agreement is necessary not only for sharing the profile, but for sending an encrypted message at all. If two devices were incapable of creating a shared secret asynchronously it wouldn't be possible to initiate a session unless both devices were online, or unless the key agreement messages were cached by the server until delivery, which would still create unnecessary delays. The prekeys are sort of a way of "precaching" key agreement messages.

AndrolGenhald
  • 15,436
  • 5
  • 45
  • 50