Mensago’s Secret Sauce: Keycards

If you jump into the world of startups, you hear a lot of… strange terms flying around. One of them is the USP, a business’ Unique Selling Proposition. Your USP is what makes you or your product special. Mensago has two, actually: end-to-end encrypted messages that work just like e-mail and keycards. If you’re really into privacy or cybersecurity, the first one gets you excited. The second one most people don’t get right away. Let me tell you about Mensago’s keycards and why they’re awesome.

What are They?

A keycard is a collection of information about you that tells people who you are and how to reach you. If you’re curious what exactly one looks like, here’s a sample keycard.

Type:User
Index:2
Name:Corbin Simons
Workspace-ID:4418bf6c-000b-4bb3-8111-316e72030468
User-ID:csimons
Domain:example.com
Contact-Request-Verification-Key:ED25519:017b7|s$D3%>KPjb7E4Pe<w92^)GJ
Contact-Request-Encryption-Key:CURVE25519:6YINYBj?<KTpFvfSMBNx_yDHyaV{*Xai8@JZ(<Nd
Encryption-Key:CURVE25519:F*Z(}|8X~qbdH8dL%|MCFBrKe>V_~inP7%WhNVR
Verification-Key:ED25519:gRWh(E)YrQQ+m3WfO$xKjqAhJ%?xD45;8n;=s&r
Time-To-Live:7
Expires:20220729
Timestamp:20220430T123029Z
Custody-Signature:ED25519:OwTQQ7mV{krXkws{ZNpP~L7@Xfc8^gw3U2IUwpz;(lT#$n~8WrwxldTLcfiqa?tWxD%k6m&kr&hP$W$
Organization-Signature:ED25519:19CnAFNdXU&7Na>IC1g^<5ETUrcHB(8&k|_>Bu02>MIP5QVrf(5KwGhq9TLY%%Wg6bYq4FAztA1DN#y
Previous-Hash:BLAKE2B-256:otqel;ncyI^_vHnz5qYw;pffDYR)&K&Ba%t-+#gg
Hash:BLAKE2B-256:wbIDpnocY658DKBC<3Lj{B!1ZE;S5$-0L;ttT9ih
User-Signature:ED25519:#AJ~t1x;UIMhZBG6)l;dAaj;8NXLhqCKy|8<Ba(mNo4Q)q>wV?P#DvSDhLfooCm1xh-qxQ$HxLo_M$n

At first glance this looks like a jumble of random letters, numbers, and symbols with some regular English words thrown in. It’s kind of a mess, but that’s OK. Why? First, most people don’t see this. Second, it tells people who you are in a way that uses a lot of complicated math to prevent anyone else from pretending to be you. While working on Mensago, I’ve discovered that cryptography is both complicated and messy. Oh well. 🤷‍♂️

A Digital Identity

Keycards solve two big problems. The first is identity, that is, who you are online. The example above tells us about a fictional person, Corbin Simons, whose Mensago address is csimons/example.com. If Corbin had wanted to set up a private account, he could have left out his name and user ID, and his Mensago address would have been 4418bf6c-000b-4bb3-8111-316e72030468/example.com. While it’s a lot longer, it’s private and unique.

Aside from using a slash instead of an @, this isn’t a big deal, right? Pretty much, and that’s the point. If you don’t care one bit about the technical details, there’s nothing more to worry about. Sending messages to other people just works. The other stuff which looks pretty strange is what actually prevents other people from impersonating you. If you don’t care about how it works, you can skip the next section. 😸

The Ugly Details

If you’re into digital security, there’s a lot to like here. First, a keycard can contain multiple entries. Each entry has four different cryptography keys: two are for verifying digital signatures and two are for encryption. While it’s a little strange that there are two keys are for Contact Requests., we’ll look into these in more detail further down.

Next let’s look at the bottom section: the signatures and hashes. The Custody Signature field chains together all of a keycard’s entries so that the entire chain can be verified with the Contact Request Verification Key field. Each person issues their own keycard, but their organization acts as a trusted third party that vouches for them. In essence, each Mensago server is a certificate authority for the domains it administers. They use the hashes to maintain an unusual kind of blockchain that protects the integrity of all the keycards on the server. Finally, the user signs the entire thing, making sure we can Verify All The Things.

A Directory and Key Exchange

The second problem that keycards solve is a longtime problem in cryptography: how to give your encryption key to someone else. At first glance, this doesn’t seem so hard, but in cryptography, everything is tricky. In this case we have to ensure that the encryption key is for you and only you and that no one except you has the decryption key. Likewise, if you and the other person haven’t met, that’s a tough problem made even tougher.

Fortunately, keycards tie your address to a few keys. Mensago communications are opt-in, so no one can send you messages unless you explicitly give them permission. In order for you to contact someone, you have to send them a Contact Request, which work like Facebook’s Friend Requests. Every Mensago user has an encryption key just for Contact Requests. When you send someone a Contact Request, you’re sending them a bit of information about yourself along with an encryption key that they can use to contact you in the future. Their Contact Request Encryption Key protects your information in transit. When they accept, they send you their encryption key. Thus, key exchange is a solved problem.

Public and Protected

Bitcoin and other cryptocurrencies have popularized the concept of a blockchain, which is basically a database where you can only add entries — everything else is read-only. The problem with most types of blockchains is that they make computers do an arbitrary kind of work in order to add to the database. Multiply this arbitrary work by thousands of computers and you have a real environmental impact. This is part of the reason why blockchain-based products are so controversial.

Mensago’s keycard database is carefully managed as a tree-shaped blockchain where the organization forms the trunk and each person gets their own branch. A person can update only their branch, and they have to be logged into the server in order to do it. In this way, there is a chain of security that ensures the integrity of the information in the database. It’s also fast and doesn’t run up your electricity bill.

Although this might seem like a lot of work just to let people find out how to contact you, it’s a critical part of the infrastructure. By using this special kind of blockchain, it means that if the server gets hacked, the attacker can’t change anyone’s contact information without everyone knowing about it. By not trusting the server to do very much, each person’s contact information is kept safe.

So What?

If all of this seems like “well, that’s nice, but why is this so special?”, then I’ve got a few reasons for you to get excited about keycards and Mensago in general.

  • If impersonating someone is impossible without access to one of their devices, phishing attacks are a lot harder.
  • If someone needs my permission to send me a message, they can’t spam me.
  • If everyone has a unique, publicly available encryption key that anyone can look up, a password isn’t required to prove who I am.

I get so excited about Mensago — and probably talk way more about it than I should — because I know what’s possible. Most people have come to accept spam and phishing as part of life. They don’t have to be, and that is why Mensago exists in the first place.