Hacker Newsnew | comments | show | ask | jobs | submitlogin

We don't get a copy of your private key (neither should anyone else, ever). We do get a copy of your public key, to certify it (we use OpenSSL's CA)



So how do you "invite" someone? Swap public keys?

-----


We generate a temporary password for the user being invited and encode it in the invitation code sent to the user's email address. We use this temp pass to verify the user when he/she signs up and destroy the pass immediately after. During initial setup, the user's device generates its own public key pair and sends a CSR (certify signing request) to us for certification.

-----




Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: