Blog of All Trades

Bewildering botany, free software fanaticism, reliable book reviews, 'mazing math

April 8, 2021

How to Use Signal Messenger

HEADS UP: If you know your way around computers and Linux systems, then host your own Matrix server instead. Matrix is more difficult to set up but is a better long-term solution because it is decentralized and is not attached to phone numbers.

Why is Signal Better then SMS and Other Messaging Apps?

SMS (texting) and telephone calls are laughably, leave-the-front-door-unlocked-and-open insecure. SMS is sent over cell networks completely unencrypted, allowing cellular providers to read and store every text. Providers can disclose the metadata or even contents of messages to law enforcement. Land-line calls are completely unencrypted and LTE calls (used by modern smartphones) are riddled with security holes. Telephone call metadata is logged by telephone networks and shared with intelligence agencies.

"Privacy-oriented" messaging apps like WhatsApp and Telegram are still ailed by security flaws. WhatsApp is closed-source, making all of its security claims unverifiable. With WhatsApp being a subsidiary of Facebook and its release of a liberal metadata sharing privacy policy, we have reasons to suspect the app. Telegram requires users to opt-in to encryption, which is unavailable for group chats, and uses in-house crypto (a stupid thing to do with cryptography).

How does Signal work?

Diagram of Signal protocol in detail

I drew a pretty diagram of the Signal protocol in detail above but I think I got too down in the weeds. I will give a simple explanation in the next paragraph. For other in depth explanations watch Computerphile's videos on how the first keys are established and how each message is made forward and backward secure. The seasoned cryptographer can skip those and read the whitepapers. If you are unfimiliar with Diffie-Hellman exchange, public-key cryptography please watch the linked videos before reading the explanation.

The goals of the Signal protocol are fourfold: (1) ensure Signal's servers can't decrypt user's messages, (2) prevent evesdroppers from decrypting messages, (3) let users communicate even when one of them is offline, and (4) thwart attackers that have even stolen the latest encryption keys from decrypting any previous messages or future messages (but not the latest one of course). The first and second goal is acheived by having every Signal user store his private keys on his own device and encrypting with them (or other keys that require his private key to generate). This is called end-to-end encryption and is the bare minimum for a secure messaging protocol. The third goal is met by Signal running a server that stores user's public keys (sent to the server when a user creates them), associated with their phone number, and relaying encrypted messages to their destination. A simplified view of the protocol is this: the sender (let's call him Dog) asks Signal's servers to send him his receiver's (call her Cat) public key, the server sends Dog her public key, Dog encrypts his message with Cat's public key, he sends the encrypted message along with his destination phone number (Cat's) and sending phone number (his own) to the server, Signal's servers stores the encrypted message until Cat downloads her latest messages from the server, the server (supposedly) deletes Cat's encrypted message, Cat decrypts Dog's message with her private key, and she reads it. If one is being a critical cryptographer, he may notice that Signal could send Dog their own public key that they generate instead of Cat's and perform a man-in-the-middle attack. Dog can verify that the public key Signal's server sent him is truly Cat's key by clicking on her contact, tapping "safety number", physically meeting up with her, and comparing "safety numbers".

The Signal protocol is a tad more complex than the preceding explanation since it has to meet the fourth goal of not allowing an attacker to decrypt all messages in a conversation if he comprimises their identity keys or latest message keys. Each user's identity key is a permanent key used for authentication and is in each of their keychains. A user's keychains also contain a prekey and a unique one-time prekey. Users generate several keychains and upload them to the server. The first message sent encrypted with a symmetric Diffie-Hellman key generated from the public keys in one user's keybundle (identity key, prekey, unique one-time prekey) and the private keys (just identity key and a unique ephemeral key) of the other user's bundle. Since Diffie-Hellman can generate the same key from a public key A with private key B and private key B with public key A, the reciever can look at the metadata the sender attatched, figure out what keys he must use to generate the first symmetric key, and decrypt the first message. So, why the complexity of multiple unique keyrings of the receiver stored on Signal servers and the sender's unique ephemeral key generating a symmetric key? Well, it forces an attacker who comprimsed the receiver's identity key to have to keep on comprimising the new unique one-time keys that the receiver is uploading to Signal's servers. The ephemeral key and identity used by the sender means the attacker would have to nab both (and the ephemeral key is only generated when they start texting). After they establish initial symmetric keys, the Signal protocol goes one step further. It uses a "double rachet" system to generate new symmetric message keys for each message based on a Diffie-Hellman exchange each message and the previous symmetric key. The Diffie-Hellman exchange ensures future secrecy (comprimisng a previous message key won't break all future messages) and the previous symmetric key ensures backward secrecy (comprimising a future message key won't let an attacker break the previous messages).

Bad Things about Signal

Signal is not the last word on secure messaging. Its servers present a single point of failure and it's phone number requirement makes anonymous communication a joke. Decentralized software like Matrix, XMPP, Tox, Jitsi, and Briar are all unique solutions to Signal's problems and warrant consideration by anyone seeking greater control and anonymity.

iOS Installation

  1. Launch the app store, search 'signal', and install this result.
  2. When Signal finishes installing, open the Signal app.
  3. Allow Signal the permissions it asks. It is safe enough to grant the Signal app these permissions because it is free software and is popular enough that smart cryptographers are always examining the code for dangerous bugs.
  4. Enter your phone number. Signal uses phone numbers as usernames and as optional 2-factor authentication. Note that it doesn't have to be the same number on the device you are setting up Signal on. For improved anonymity, purchase a burner phone to verify Signal with.
  5. Click the 'From messages' button to automagically verify your phone number with the code Signal texted you.
  6. Create a unique PIN for the Signal app. This PIN secure your Signal account in case an evildoer steals your phone number.
  7. Click on the icon in the upper right to send or call someone in your Signal contacts. If you gave Signal permission to view your contacts (an action which should be safe, as Signal is free software), then the contacts of any of your friends who use Signal will already be there.
  8. (Optional) For friends who use Signal but whose contacts you do not have click the 'Find by Phone Number' button and manually enter their number.
  9. After clicking on your friend's Signal contact, touch the phone icon in the upper right to call them or type in the bottom box to text them.

Linux Installation

Use your distribution's package manager to update your local repositories, upgrade your old packages (if on a rolling release distro), and install the latest version of Signal. The command for Debian is longer because Signal is not in the official repositories so Signal's very own repository must be installed. If your distro's repositories does not have Signal then move to a real distribution or build Signal from source.

After installing Signal, scan the QR code from your phone on the Signal app to set up your computer under your Signal account.