Apple Explains How iMessage Contact Key Verification Works

Apple has introduced a new security feature for its iMessage platform called Contact Key Verification, made available to developers in iOS 17.2 beta. The feature aims to increase the end-to-end encryption already in place by allowing users to confirm they are messaging only with intended recipients.

Apple’s Security Engineering and Architecture (SEAR) team shared a detailed technical explanation of just how Contact Key Verification works for your chats.

iMessage has been offering end-to-end encryption since its launch in 2011. The new feature is designed to address vulnerabilities in key directory services, which could be compromised to intercept encrypted messages. Contact Key Verification uses a mechanism called Key Transparency (KT) to secure the key discovery protocol and improve user experience.

“When Alice messages Bob, her device queries the KT service and verifies the response that it receives from the IDS service for Bob. If Alice’s device detects a validation error, and both she and Bob have enabled iMessage Contact Key Verification, Alice is notified about the error directly in the Messages conversation transcript,” stated the SEAR team.

The feature also includes an account-level Elliptic Curve Digital Signature Algorithm (ECDSA) signing key generated on the user’s device and stored in iCloud Keychain. This key is used to sign iMessage public keys and is available only to the user on their trusted devices.

Apple’s KT system is designed to scale to billions of users and aims to notify users only when an unexpected security condition occurs. The feature is available in the developer previews of iOS 17.2, macOS 14.2, and watchOS 10.2.

The introduction of Contact Key Verification follows other security enhancements like BlastDoor and Lockdown Mode, which were added in iOS 14 and iOS 16 respectively. With this new feature, Apple continues to advance its commitment to user privacy and security it says.