Here’s a concise rewrite of the article:
Cloudflare, a leading connectivity cloud company, has announced a new service to verify the integrity of public keys used in the end-to-end encryption of popular messaging applications. In end-to-end encryption (E2EE), messages are protected through a public-private key exchange, ensuring that only the intended recipient can read the message. Previously, security-conscious users had to manually verify these public keys with their contacts, but Cloudflare’s new service automates this process, building trust by ensuring keys haven’t been tampered with.
WhatsApp, long partnered with Cloudflare for security verifications, is the first to implement this new auditing process, enhancing user trust in the app. E2EE ensures that messages are encrypted before they are transmitted and can only be decrypted by the recipient’s device, preventing even the messaging service from reading their content. Many services offer security key verification to confirm that users are communicating with the intended recipient.
While manual key verification is vital for users like journalists, activists, and human rights defenders, it is recommended for everyone. Cloudflare has introduced Plexi, an auditor for Key Transparency infrastructure, which verifies the authenticity of encryption keys. By acting as an auditor, Cloudflare ensures that logs of these keys are constructed correctly, and provides audit signatures that messaging apps can pass on to users, reinforcing trust in the system.
Cloudflare’s partnership with WhatsApp strengthens the open-sourced Auditable Key Directory (AKD), setting a new standard for secure messaging. “At-risk organizations, journalists, and activists trust Cloudflare for securing websites, emails, and traffic. Extending our verification process to end-to-end encrypted messaging apps aligns with our mission,” said Matthew Prince, Cloudflare’s co-founder and CEO.
For more technical details, independent researchers can read Cloudflare’s blog at Cloudflare Blog or review proof verification results at Key Transparency Dashboard. Companies interested in auditing their end-to-end encrypted infrastructure can reach out to Cloudflare.
