PSK
PSK provides post-quantum security and is recommended in cases where users know and trust each other and where they can meet. PSK should never be used with strangers or contacts who might be malicious.
TFC accounts should be exchanged using some Authenticated channel. An authenticated (and preferrably confidential) channel should also be used to agree on the date and location for exchanging the PSK file.
Enter the contact's TFC account, nick and select PSK as the key exchange method.
PSK needs to be protected during transit, so Transmitter Program prompts the user to enter and confirm a password that needs to be delivered to the contact through some secret channel (e.g., during/after key exchange meeting).
The password should be strong to ensure an attacker who manages to make a copy of the encrypted PSK cannot access it. Next, the user must select the directory for removable media to store the PSK in.
For this step, the user needs a removable media that is entered into their Source Computer. To protect the user, this removable media must come from a sealed packaging. The user must then choose the removable media as the directory for the PSK in the GUI prompt.
The users must then meet in person, and exchange the PSK transmission media. During transport extreme care must be taken to ensure no adversary gains access to the PSK transmission media.
After the meeting, the user must insert the removable media of the contact to their Destination Computer (the one that runs Receiver Program).
WARNING! If the user accidentally connects the contact's PSK transmission media to their Source Computer instead of their Destination Computer, all security of their TFC endpoint should be assumed to have been lost permanently.
WARNING! If the PSK transmission media contains e.g. a covert transmitter, it might leak data on Destination Computer in real time. The user should never trust PSKs from contacts they don't personally know and trust. Always use X448 in such situations.
To import the PSK, the user must first select the contact, and then enter the command /psk to their Transmitter Program. The command will open a file selection prompt on Receiver Program. They must select the protected PSK file from the contacts transmission media.
The user must then enter the password given to them by their contact to decrypt the contact's PSK.
Once Receiver Program has decrypted the PSK file, it will display the user the confirmation code that must be written to the Transmitter Program's prompt. (This code is only required to verify the user has indeed imported the PSK, so Transmitter Program knows to remove the trailing "No contact key" label from the key exchange type (PSK) when viewing contact details with /names.)
This completes the key exchange, but there's one more thing to do:
Always assume the PSK transmission media received from contact steals sensitive data from Destination Computer. Never give the media back to the contact. It is the responsibility of the contact to know they cannot have their device back. As the Receiver Program's warning instructs, destroy the transmission media to ensure no data escapes the Destination Computer.
Receiver Program overwrites the PSK on the removable device after keys have been imported. This is however not a strong guarantee. Physically destroy the removable media by hammering/drilling/angle grinding the memory chips, The Guardian style.