secure email, secure online storage & file sharing, anonymous email search | contact us | send email | login 

Home Products Clients Sign Up Support About Us
 
secure email encryption software menu
Introduction
Architecture
Security FAQ
CryptoChallenge

Tell a Friend
Signup/Upgrade Account
 


CryptoHeaven Security

CryptoHeaven software is developed to accelerate wide spread use of highest-grade cryptography. The source code is distributed without restrictions upon its further dissemination.

A user-friendly, no-compromise information-heaven crypto system is created, where no third parties, including server administrators, government agencies, big brothers and others watching, have access to plain text version of transmitted information. Information is stored in encrypted form on the server as generated by the client, and only the sender and the recipient possess the keys to gain access to the information. Having the entire logs of all transmissions made and all of the data stored on the server, does not give access to the plain text version of information.

Some of the features of the service include secure document storage, secure document sharing and distribution, secure message boards, secure e-mail, and secure instant messaging. All services fully encrypted using the latest technology including an AES symmetric cipher Rijndael with 256 bit encryption keys, SHA-256 message digest function, and asymmetric encryption with keys of 2048-4096 bits in length.

The user-name and passphrase with additional salt together create a unique user pass-code. This pass-code is only known to the user and never shared, stored, or send anywhere. When user forgets his user-name or passphrase, all of his data stored on the server will become inaccessible forever to anyone, we have no ability to recover any portion of the data or the lost pass-code.

When a new user account is created, the user generates his personal private/public key pair. The public portion of the key is then sent to the server where it can be picked up by others connecting to the system. The private portion of the key is encrypted with user's pass-code and stored on the local computer or sent to the server at user's choice. When the encrypted private key resides on the server, user benefits from ability to access his account from anywhere in the world through the Internet.

The user's software uses the private key portion directly or indirectly to decrypt all of the data stored on the server. Other Clients use the public portion of a user's asymmetric key to send messages - if they are authorized to do so through active contacts.

Secured communication starts with the server sending the client a one-time short-term randomly generated session key encrypted with user’s public key. Client uses his private key to decrypt the session key by applying his pass-code and Rijndael(256) algorithm. From that point on, everything passing through the communication channel is encrypted using that key. The communication layer - sitting between the application and the network, automatically encrypts and decrypts all communications on both, the client and the server. The communication protocol protects data confidentiality, protects against packet dropping, reordering, or any other modification.

Data encryption layer provides second level of security encrypting all of the data content directly or indirectly with recipients’ public keys. This ensures that when the packets are received at the server and stored in our Data Center, nobody can decrypt the contents except for the designated recipients.

Going a little bit deeper into the technical aspect, every folder has its own symmetric encryption key with which all of its content is encrypted. This encryption key is not stored anywhere in its plain form; it is instead encrypted with public portions of asymmetric keys of the individuals who have access to the folder. In this manner only the selected individuals who created the folder, or were granted access to the folder by its creator are able to decrypt folder's content.

All files, messages and contacts, including the names and descriptions, uploaded and stored on the server are encrypted with their own symmetric keys. Their symmetric keys are in turn encrypted with the folder's key. Only the people who possess private keys, which decrypt asymmetrically encrypted folder keys, can gain access to the records.

When a new message is sent to the recipient, the message's symmetric key is encrypted with recipient's public key. Only the designated recipients, using their private keys, can decrypt the message. Message attachments are treated as part of the message and are similarly encrypted.

Consult CryptoHeaven Security FAQ for more information.

The source code is distributed without restrictions upon its further dissemination. Download.
 
 © 2001-2010 CryptoHeaven, Inc.
Contact Us | Service Agreement | Privacy Policy | User Guide | Site Map