Security › Cryptographic ID
thumb_up Follow me on GitHub to get notifications about my projects (like Fossdroid Core), thanks! close

Cryptographic ID

Attest the trustworthiness of a device using asymmetric cryptography
Version: 0.3.1
Added: 09-12-2022
Updated: 10-01-2023
This is an Android App to create and verify identities based on ed25519 signatures. It can also verify prime256v1 signatures to support signatures generated by a tpm2. This can be used to verify devices (e.g. replace tpm2-otp) or people who are in posession of a private key.
The advantage over tpm2-otp is asymmetric cryptography, so you don't need to store and protect the secret on both devices, but have one secret on each device and the public key on multiple devices.

On the first pairing, you need to trust both devices. You create a QR-Code via the share button on device 1, scan it via the "add-friend"-button on device 2. So if you trust device 2 in the future, you can share-and-scan again to verify, that device 1 is really the device you initially trusted in the past.

You can use the same for people you meet over the internet, when you have a secure channel already. One can make a screenshot of the qr-code, sign it and send it to the other party. When you meet in real-life, the other party can proof, that it is really the other party.

Screenshot of Cryptographic ID Screenshot of Cryptographic ID Screenshot of Cryptographic ID
code Source file_download Download