Quick Start Guide

 CryptoGraf Manual

 Product Description

 Tech Description

 FAQ on Crypto


























1. Technology Description
2. Randomizer
3. Message Encryption and Digital Signature
4. Crypto Contact


1.Technology Description

CryptoGraf combines full message creation and sending interface, use of standard X.509 based digital identity certificates, a mechanism to generate cryptographic random numbers from an image selected by the user.

CryptoGraf uses standard cryptographic algorithms AES, RSA and SHA for encryption and digital signing of messages.

CryptoGraf users generate their own RSA private and public key pair at the first instance they use the product. The private key is stored in the mobile phone and secured with a user supplied password (according to PKCS#5 standard). The public key is stored as X.509 digital certificates containing minimal input by the user, such as name, affiliation, country and validity period.

2. Randomizer

Since virtually all smartphones have a built-in camera and image gallery, users are assisted by the "Randomizer" to select an image to used as a seed to generate the RSA (1024/2048 bit) private and public key pair. This way of seeding a cryptographic random number is the most effective way to achieve entropy on a small device, and avoids using device limited entropy to seed the generation of a deterministic and pseudo-random number. Images from the built-in camera are also used to seed generation of the 256-bit AES symmetric encryption key.

3.Message Encryption and Digital Signature

The privacy of the message is protected using a combination of cryptographic algorithms based on S/MIME Message Specification, Cryptographic Message Syntax (CMS), AES Key Wrap, AES in CMS (RFC3565, RFC3394, RFC2633, RFC2630, PKCS#7).

After composing a message and selecting a recipient, when the user presses 'send', a digital signature of the message is generated using SHA-256 with RSA Encryption. The message and the digital signature appended together and encrypted using a 256-bit AES key in CBC mode. The AES key is seeded by the "Randomizer", is generated automatically and is unique for each message. The AES key is then encrypted with the recipient's public key (PKCS#7 and RFC3394) and then sent together with the encrypted message (using a format based on S/MIME standard specification).

At the recipient's mobile smart phone, to decrypt the message, the user simply uses CryptoGraf to read the message. The enclosed 256-bit AES key is first unwrapped and decrypted using the recipient's RSA private key. The decrypted AES key is then used to decrypt the contents of the actual message and the accompanying digital signature which gives further confirmation on the authenticity and integrity of the message.

4.Crypto Contact

CryptoGraf products identify contacts with a combination of their phone number, public key X.509 End Entity certificate and other X.509 Certificate Authority certificates in the chain of authentication. This is simply termed Crypto Contact to simplify key exchange via bluetooth, SMS or MMS. It is also possible to import X.509 End Entity certificates and link with an entry from the phone contacts to create a Crypto Contact. Crypto Contact exchange is proximity aware, since distinguishing between a personal encounter or indirect introduction seems to a better indicator of trust levels.

Another type of Crypto Contact for identity protection is used to generate a One-Time-Password for authentication to a VPN, Web Service, Online Banking, Document Work Flow or even Authentication of Authorised Task Delegation. CryptoGraf's OTP employs event based synchronisation between the client and server, and is more robust compared with OTP solutions requiring synchronised time between the client and server.