The security of Cypherdog customers' data is based on the confidentiality of their private keys. Each user's private key is generated only by client applications using the RSA algorithm and is additionally encrypted with the client password. The most important principle implemented by all system components is the principle of absolute protection of the private key - this key or any part of it never leaves the user's device. This is the only and best way to ensure data confidentiality in the system.
Confidentiality and integrity
This solution has many advantages, among others, undeniable confidentiality and integrity of stored and transmitted information, but for one quite significant limitation - the user after losing the private key will not be able to recover his data. The master system does not offer any private key recovery function. To protect data against loss, the user should for that reason use a client application to make a copy of his private key to a portable disk or print its representation in the form of a QR code and keep a copy of the key in a safe place. Options for making a copy of the key are available in the desktop application and can be performed after registration in the system. All cryptographic data generated during the information lifecycle is derived from the private key owned by the user. Therefore, the strength of the private key to computational attacks aimed at its reproduction is of fundamental importance.
Security in the era of quantum computers
According to NIST (National Institute of Standards and Technology), if there is no radical breakthrough in technology (e.g. the introduction of quantum computers), 2048-bit asymmetric keys should be secure by 2030. To safeguard the confidentiality of cypher.dog users' data in an even better way to a large extent, client applications use keys with a length of 3072 bits, which should ensure data confidentiality for a secure long period after 2030.
Private key generation
Parameters: asymmetric key length 3072 bits, key encrypted with AES256 output AES256
Function parameters: Initialization vector 16 bytes, Cipher: AES / CBC / PKCS5Padding
The key on the customer's carrier always remains in encrypted form.
Algorithm: SHA256 + RSA
Parameters: symmetric key length: 256 bits, symmetric key encrypted with RSA algorithm
RSA algorithm parameters: Cipher: RSA / ECB / PKCS1Padding
The file after the encryption operation can be read only by the designated recipient.
Encrypt address book
Parameters: Symmetric key length: 256 bits
Storing files in the cloud
Algorithm: SHA256 + RSA
Authorization of user’s devices
Algorithm: random secret + AES256 + RSA
Parameters: secret length for device authorization: 128 bits
The secret is encrypted with the AES256 + RSA algorithm
The authorization of the device is limited in time. Mobile devices are authorized based on the QR code displayed on the desktop application screen. The key on the customer's carrier always remains in encrypted form.
Invite user to chat
Algorithm: random secret + random symmetric key + AES256 + RSA
Parameters: random secret length 384 bits, random symmetric key length 256 bits
For the third party, the sender remains unknown. Only the recipient can decrypt the invitation and verify the sender. The procedure provides for mutual confirmation of the invitation and exchange of a shared secret between the inviting person and the invited person.
Calculation of chat room number for conversation
Algorithm: The basis for the calculation is a "random secret"
Parameters: random secret length 384 bits
A secret known and shared only by the inviting and invited person.