OTR Authorization

Contact authentication is an optional feature and serves as an additional security layer. It allows you to identify your contact for your chat session. To do so, you must provide a “question” and a “secret,” used for two-way authentication on each chat session.

Next, you must communicate the “secret” to the other chatter.

NOTE

While you can use the Secure Chat to send the encrypted secret, you might consider to either disclose the secret before the chat setup; or share it in some other uncompromised medium, such as an encrypted email. Whatever you choose, take care that your question and secret are revealed only to the desired party. On each chat session, you and your contact will be prompted to enter the “secret.” If either party fails, the chat session with this contact cannot be established.

This process can be done on your contact’s side as well. In this case, he must communicate the “secret” to you.

Create Question and Secret

To authenticate a contact to your chat, follow these steps:

1. Open your contact list and tap the selected contact you wish to have an encrypted chat with. The Chat screen appears on display, with a red padlock icon on top which means that no authentication is applied yet.
2. Start typing, and the chat session gets encrypted.

3. Tap the padlock, which is now green, meaning your chat is encrypted.

4. The “OTR Authorization” panel opens, and it prompts you to compose your question and secret.

 

OTR authorization in Secure Chat app

When you send the OTR Authorization question and secret, the opposite party is prompted to provide the secret you created.

Your contact prompted to provide the secret.
Upon success, you establish an encrypted chat session.

The chat session is now encrypted and authenticated.You can recognize that a chat session is authenticated by observing the padlock icon: it is now displayed in darker color with a green check mark .

Updated on September 21, 2017

Was this article helpful?

Related Articles