Skip to content

iMessage

iMessage

imessage Key Verification
Python PoC

How it works

iMessage, explained

  • Uses the same Service as Push notifications. Apple Push Notification Service (APNs)
    • Can be Bidirectional using the push token

Identity Registration with IDS

Action: Register your application or device with Apple's Identity Service (IDS).
Outcome: Obtain an identity keypair consisting of a private and public key. This keypair is essential for cryptographic operations.

Public Key Lookups

Action: Use the obtained keys to perform public key lookups for other users.
Details: Provide the target accounts (user identifiers) to IDS, which returns identities including public keys, push tokens, and session tokens.
Security Note: Session tokens are short-lived and tied to the requesting account, preventing unauthorized use.

Message Encryption

  • Encryption Methods:
    • Legacy (pair): Use for compatibility but lacks forward secrecy.
    • Modern (pair-ec): Preferred for enhanced security with pre-keys offering forward secrecy.
  • Implementation: Encrypt messages using the recipient's public key