I really love Signal, but it is lacking a good Public Key Infrastructure. I hope this is something that the WhisperSystems people are going to be working on in the future, because all the potential is there: The authentication method of scanning QR codes is brilliant, because it is so usable. For now, I have my fingerprint up on my homepage so people can verify it (as long as they believe that I have full control over my homepage).
If you want to get your fingerprint as a QR code image file, this is what you do: Get the
qrencode
command line tool either through your Linux package manager or through cygwin on Windows. In Signal, choose My identity key from the main menu and type those digits into a file, say textsecure-fingerprint.txt
. Then, use this little Python script to generate the QR code:
from base64 import encodebytes
from os import system
d = open("textsecure-fingerprint.txt","r").read().strip().split()
k = encodebytes(bytearray.fromhex(''.join(d)))
system("qrencode -o textsecure-fingerprint.png -l L -t PNG " + k.decode("utf-8"))
And there you go. If someone knows how to get the fingerprint directly from the device, I'd be happy to know that.