Tuesday, December 5, 2023

iMessage Contact Key Verification

macOS 14.2 Beta:

With iMessage Contact Key Verification, users can choose to further verify that they are messaging only with the people they intend. iMessage Contact Key Verification uses Key Transparency to enable automatic verification that the iMessage key distribution service returns device keys that have been logged to a verifiable and auditable map. When a user enables the feature, they will be notified about any validation errors directly in the Messages conversation transcript and Apple ID Settings.


All devices signed into your iCloud account must be on the minimum supported version of iOS 17.2 Beta, macOS 14.2 Beta, or watchOS 10.2 Beta. If you wish to keep using other devices on older versions of the OS, you will need to sign out of iMessage on these devices in order to enable contact key verification.

Glenn Fleishman:

The company announced the process and timeline on 27 October 2023 on its Security Research blog.


Instead of relying on Apple to verify the other person’s identity using information stored securely on Apple’s servers, you and the other party read a short verification code to each other, either in person or on a phone call. Once you’ve validated the conversation, your devices maintain a chain of trust in which neither you nor the other person has given any private encryption information to each other or Apple. If anything changes in the encryption keys each of you verified, the Messages app will notice and provide an alert or warning.


Looking at it another way, this explains why Apple notes someone with a “public persona” could post a verification code online without risk. When someone wants to start an iMessage conversation with a public figure, they rely on that public element as proof that the public figure is who they say they are. Further, because Apple associates their public key with the email addresses and phone numbers associated with their Apple ID account, someone contacting them and verifying their code could only face an imposter if the hijacker had taken over the public figure’s Apple ID account.

Contact Key Verification is a solution to an issue known for years. Way back in 2016, security researcher Matthew Green explained several of iMessage’s fundamental design problems, with one of the worst being “iMessage’s dependence on a vulnerable centralized key server.” (Another was Apple’s failure to publish the iMessage protocol, which remains a concern. I wrote a Macworld column about these failings in 2016.)

Bruce Schneier:

Signal has had the ability to manually authenticate another account for years. iMessage is getting it.


Update (2023-12-19): Howard Oakley:

To turn on CKV, open System Settings, then your Apple ID. At the foot of that you’ll see the new item Contact Key Verification, within which is the switch to enable it.


If you’re in any doubt as to whether you’re messaging the person you want, provided that their details are saved to a card in your Contacts, you can verify them. Both of you will then create a code at the same time, to share and compare. To do that, open the Messages app, tap the message thread, then that person’s name to obtain Conversation details. At the foot of those you and your contact should then tap Verify Contact…. Both of you will then receive a code that you can compare with them, in person, using FaceTime or over a phone call. If the codes match, mark them as verified to add the code to their card in Contacts.


For those who have extensive contact with the public, perhaps as a well-known figure, they can create and share a public verification code, to allow others to verify messaging with them.

Update (2023-12-21): See also: Hacker News.

1 Comment RSS · Twitter · Mastodon

While my wife and I meet the requirements for this we have not been able to get it to work. It attaches the verification to the email address on the card of the other person but doesn’t show verification completed. I talked to apple support and they had me sign out of messages and sign back in but that didn’t fix it.

Leave a Comment