Pairing
Pairing is the process whereby two personas exchange their blockchain certificate roots with one another. Two personas are said to be paired if they have cached their respective blockchain certificate roots. The counter party of a paired persona is called a contact.
As you know from the architecture page, this is an important step that lets two personas trust one another from that point on even as their keys rollover/rotate. This allows the two personas to keep security parameters in synch in the event one or both personas change them — a necessity for several general scenarios such as break-glass recovery.
Pair Sequence
Personas and Contacts
A persona may be paired with multiple contacts. Within a single device, the contacts of multiple personas are segregated; the respective set of contacts of each persona is not necessarily recognized by (ie, not necessarily paired with) the other persona on the same device. This segregation enables contextualized communication security based on the pairings performed for each persona.
Commonly, an application will implement a concept of a currently active persona so that when data is received, its decryption and verification are performed with respect to the set of contacts of that persona. If data is received that is signed by a contact of a persona that is not the currently active persona, you may want to reject the data. Conversely, if you do not know beforehand which persona is the intended recipient, you may want to set the active persona to whichever persona has the the data signer as a paired contact. Keychain Core gives you the ability to do both.