Trust & verification

Make sure it's really them.

Encryption protects your messages in transit. Verification confirms the other end belongs to the person you think it does. Minyma makes that simple - and worth doing for the conversations that matter.

Here's how identity works on Minyma, what a safety number is, how to verify a contact in person with a quick QR scan, and what it means when Minyma tells you a contact's keys have changed.

Security at a glance Open Help

How identity works

Pinned on first contact, watched ever after.

1. Identity keys Every device has long-term identity keys. Minyma uses two together - classical Ed25519 and post-quantum ML-DSA-65 - so identity holds up against both today's and tomorrow's attackers.
2. Pinned on first use The first time you connect with someone, Minyma remembers their identity keys. From then on, it expects the same keys - and notices if they change.
3. Verifiable by you You don't have to take the app's word for it. You can compare a safety number, or scan a QR code in person, to confirm the identity yourself.

Two ways to verify

Pick the level that fits the conversation.

For everyday chats, identity pinning works quietly in the background. For sensitive conversations, take a moment to verify - it only has to be done once per contact.

  • Compare safety numbers. Each conversation has a unique safety number derived from both people's identity keys. If yours and your contact's match - read aloud, over a trusted channel, or side by side - the conversation is verified.
  • Scan to verify, in person. The strongest option: scan your contact's QR code face to face. Minyma confirms a match and includes a check of their post-quantum identity key, then marks the contact verified.
Get Minyma See safety features

When keys change

Minyma tells you - and why that matters.

A contact's keys can change for ordinary reasons: a new phone, a reinstall, or a reset. They can also change because something is wrong. Minyma doesn't guess which - it surfaces the change so you can decide.

What you'll see

A clear nudge, in the chat

When a contact's identity keys change, Minyma marks them as not verified and shows an in-chat prompt. This applies to both the classical and post-quantum identity keys - a change to either one routes into the same trust review.

What to do

Re-verify before sensitive sharing

If you expected the change (your contact got a new phone), you can re-verify and carry on. If you didn't, treat it as a reason to confirm through another channel before sharing anything important.

Our trust model, stated plainly

What we protect, and what we're still building.

  • Minyma uses trust-on-first-use with pinning, comparable safety numbers, and in-person QR verification. For most people, in most situations, this is a strong and practical level of protection.
  • Verification is hybrid post-quantum: identity is bound by both Ed25519 and ML-DSA-65 signatures, and the safety number and verify QR reflect both.
  • A fuller key-transparency system - automatic, network-wide monitoring of identity keys - is a planned enhancement that builds on the verification above.
  • Minyma is under continuous internal security testing and is queued for independent cryptographic review; we describe verification by exactly how it works, and publish review milestones as they're completed.
Transparency & data Technical Overview