Witness Angel Authentificator is a smartphone/PC application that allows to create an "authenticator" - digital identity and its secure keychain - to interact with the WitnessAngel ecosystem.

Currently, this application is primarily used to become a "Key Guardian". This role can have a very local utility, for example to protect the recordings of our "VideoTestimony for Condominiums". But it is also possible to join a public network of Key Guardians, on the Internet, in order to offer protection to vulnerable people.

Public Key Guardians are meant to be at the forefront of welcoming victims of violence, and helping them to legally exploit the evidence of violence that they have collected, through a common decryption procedure triggered when victims need their evidence to go to court.




Authenticator software download

The system image for Raspberry Pi computers can also be found on the Github releases page above. Note that these are the first versions of the application, so we are very interested in your feedback in case of bugs (e.g. on smartphone with notch, or very recent).

The source code of the application is of course available in the Authenticator repository !


Guided visit of the Authenticator software

1 - Manage authenticators

The home page allows you to access the authenticators present in different locations on your device: in the user profile, in a folder of your choice, or on one of the connected USB keys.

Here you can manipulate (export/check/destroy) existing authenticators, or select an empty location to initialize a new authenticator, from scratch or from an existing (previously exported) archive.

Note that the keychain and its metadata are set up in an "authenticator.keystore" subfolder of selected location.

2 - Create an authenticator

To create your digital identity, you will need to enter three pieces of information:

  • A username, which can also be a pseudonym
  • A secret phrase called "passphrase", long enough but not necessarily complex (e.g. 4 simple words)
  • A non-secret clue, to help you remember the secret phrase

The system will then generate your keychain, this operation may take some time.

Make sure you remember your secret phrase, because without it, your authenticator will be unrecoverable.

3 - Publish an authenticator

To make the public part of your identity easily retrievable by Witness Angel devices, you can decide to publish it on our web registry (called Witness Angel Gateway).

You then just have to give other persons its unique ID, like "b63a3dbd-a6e9-4e9a-b53e-f16438a9e084", so that they can import it.

Without that, it will be necessary to use a physical device (ex. a USB key) to transfer your public identity to a Witness Angel device, whether it is fixed or portable.

Note that for the moment, a published identity cannot be modified or deleted.

4 - Manage authorizations

If you publish your authenticator to the web registry, end users who used it will also be able to send you decryption authorization requests for some of their encrypted containers.

This page then allows you to accept (by entering your passphrase), or reject, these requests.

When you accept a request, behind the scenes, the cryptographic system actually reconstructs and transmits parts of the encryption keys for the target containers.

5 - Program settings

For the moment, nothing very exciting in this page, because there is only one official Witness Angel gateway (registry) deployed. Stay posted!