Hjalmar
I know you can manually check your own fingerprint in the config – AxCrypt refer to it as a thumbprint – although it is ultimately a centralised system. Having a UI option to visually compare the string adds an extra layer of security.
WhatsApp deal with it in their own way (see illustration) and it’s found under a secondary menu. Something similar in AxCrypt would reduce the overall risk profile because AxCrypt couldn’t be secretly compelled (if such a law even exists) to change the recipient or add another party without detection.
However as I’m typing this I can see the potential problem if such a demand was made because your server is the trusted authority. Because of the design choices it’d only affect online users and primarily those who share files.
I suppose that a user concerned about this would have to manually exchange his public key with the recipient. That’d seems like a suitable workaround.
Example WhatsApp Security Code (Fingerprint)
