Log in Join

Frequently asked questions

account

Do others have to pay in order to be my contacts?

No. Anyone who joins Crypho is automatically joined with a free personal account. There are no restrictions on who you can connect to.

How can Crypho be free for personal use? Is there a trick or ads?

There are no ads or tricks. Our revenues are based on business contracts.

We make it is easier for our customers to communicate with people outside their company by offering free personal accounts.

The personal accounts have some limitations compared to the paid accounts.

How do I delete my account?

To delete your account, simply ask customer support.

What are the limits on personal accounts?

Personal accounts can only own one group each. They also have limitations on the sizes of files that can be shared.

See the accounts and pricing page for details on the different types of accounts.

What does it cost to use Crypho?

Personal accounts are free. They have some limitations.

Business accounts, however, have paid subscriptions with more features. See the pricing page for details on the different types of accounts.

What happens if I exceed my limits for a free account?

When you exceed the limits of a free account, a popup will appear on your screen offering you to upgrade.

encryption

What is end-to-end encryption?

End-to-end encryption ensures that only you and the person you’re chatting with can access your messages. The messages (and files) are encrypted on your device with a key that is only shared between you and the recipient.

Only the designated person can decrypt and read the message. Even if messages are transmitted though Crypho’s servers, there is no way for anyone to decrypt and read them, as the keys are only available to the end users.

This is also the case with shared files.

Where does the encryption happen?

All encryption and decryption happens on the client (i.e inside your mobile phone or computer).

Your encryption keys are never shared with anyone else. Therefore, no encryption or decryption can happen on our servers.

Which encryption algorithms does Crypho use?

Crypho uses well known and tested encryption algorithms:

  • AES 256 (for encrypting your chats and files)
  • ElGamal ECC (For key exchange)
  • Scrypt (for authentication and initial key exchange)

Read more about Crypho’s security and encryption in the security section of Cryhpo’s documentation.

general

What is Crypho?

Crypho is an end-to-end encrypted messaging app with file sharing. It lets you communicate with others while keeping your information encrypted and confidential.

Crypho is available as a mobile app for Android and iOS, a desktop app for Windows and Mac OS, and a web app for quick access through a normal web browser.

Can I use multiple devices?

Yes. We recommend using Crypho from both mobile and desktop for the best experience. You can connect multiple mobile devices or multiple desktops.

You can always access Crypho through a web browser by visiting app.crypho.com.

Do I have to take action to make sure my communications are secure in Crypho?

You don’t have to do anything special to secure your Crypho communication.

All communications in Crypho is encrypted end-to-end. No exceptions. There is no way to switch to insecure or unencrypted communication.

How is Crypho different from similar systems?

What sets Crypho apart from similar systems is the uncompromising focus on security and end-to-end-encryption. All data is end-to-end encrypted without Crypho or anyone else having access to the encryption keys.

There is no way for Crypho or a third party to gain access to any of the data. Even if the data is intercepted, stolen or seized, it is worthless without access to the members’ keys.

How will I get notifications about new messages?

To get notifications about new messages when you are offline, you should

  • Install the mobile app and accept when it asks you to receive notifications or
  • Install the desktop app

The web app can not inform you of new messages when you are offline.

Is Crypho Open Source?

Yes. Crypho is Open Source and so is all the cryptography used in it. The source code is available on GitHub at github.com/crypho.

Is there a way to get a transcript of an entire chat history?

Yes. Pro accounts have a button to download a plain text transcript of an entire conversation history.

My avatar image was set automatically. How?

When you create your account, we check for a profile picture on Gravatar. If there is one, we copy it to Crypho.

We only check this on sign-up, then make a local copy of the image. We do not check Gravatar repeatedly for updates.

What browsers are supported for the web version?

You can use Crypho on the web from all modern web browsers: The latest versions of Chrome, Firefox, Safari, Edge, Opera and Vivaldi all work.

We are not longer able to support Internet Explorer.

If you do not have access to a supported browser, we recommend you download and install the Crypho app.

When I delete a file or message, is it really deleted?

Yes. Completely and unrecoverably.

Where other systems often just mark a file as deleted, we immediately wipe it from disk.

Who can I send messages to?

You can chat and share with anyone who is your contact and anyone who shares a group with you.

For someone to be your contact, you must invite them (inside the app) and they must accept the invitation.

Invitations happen from inside the app, and are sent as a link through email.

Who is Crypho for?

Crypho is for organisations that have higher-than-normal security requirements, either from security concerns or from compliance requirements. Typical users are from the financial industry, the energy sector, enterprises, government and law-enforcement sectors — as well as small companies with security requirements.

We recognize that individuals also have the need for secure communications. We offer personal accounts for free.

groups

Can others see which groups I am a member of?

No-one else can see which groups you are a member of, except the groups you share with them directly.

Example: Let’s assume that you are a member of Group A and Group B, and Anna is a member of Group B. Anna can see you in Group B as you are both part of it, but there is no way for her to know that you are a member of Group A, or even that Group A exists.

How do I create a group?

To create a group, click the “Create group” button in the main screen. You will be presented with a panel that allows you to choose among your contacts who to add to the group. If you want to invite people to the group that are not your contacts, invite them to be your contacts first. The members field has a search. Start typing, and you will immediately be presented with matches among your contacts. Clicking a contact immediately adds them to the group.

Anyone can create groups. Free accounts have a limitation on the number of groups.

How do groups work?

A group conversation is a persistent chat room and shared file folder available exclusively to invited members of the group. Groups are never announced publicly or visible to anyone beyond its members. Only invited members have access to the group conversation, know of its existence, and see who else is a member.

The person who creates the group is the group owner. The owner can add and remove other members.

The owner can also promote other members to operator. The operator can also add and remove members.

Only the owner can delete the group.

legal

What happens if the government requests access to my data?

First and foremost: Since all content in Crypho is encrypted with keys that only our customers hold, none of the content shared by our customers can be surrendered to authorities, regardless of warrants.

Crypho can not grant access to anyone to read your encrypted messages or files or be forced to install back doors.

There may however be cases where we are presented with legal requirements to share other information with government authorities. This is described in detail in our law enforcement policy and and transparency report page.

Crypho AS will not share customer data with any authorities unless compelled to do so by law. This means a request from a Norwegian court approved by a judge.

Crypho is subject to Norwegian law only. Foreign agencies with requests for information should direct their requests to the Norwegian police. We cannot comply with foreign requests that are not supported by a Norwegian court order.

Where are the Crypho servers located?

Crypho’s servers are located in Norway in northern Europe.

passphrase

I know I am using the correct passphrase, but the mobile app still will not log me in.

One of the mechanisms in the login uses time-based codes. For example, if the clock on your mobile phone is one minute wrong, you will not be able to log in.

Turning on the automatic update of the clock on your mobile phone will fix this.

What are recovery keys?

A recovery key is a mechanism that enables you to recover your account and content if you should forget your passphrase some time in the future.

Read how to create and use a recovery key in the documentation section.

What happens if I lose my passphrase?

You can request a passphrase reset on the login form in the desktop client or on app.crypho.com/login.

If you have previously created a recovery key, using this will allow you to retain your contacts, groups and shared content.

If you do not have a recovery key, you will be able to reset your passphrase as long as you have access to your two-factor authentication codes.

When you reset your passphrase this way, new encryption keys will be generated, and you will lose access to your existing messages, files, contacts and groups. Your contacts will be informed that you have re-set your passphrase and your keys.

You can read more about how to reset your passphrase on our page about passphrase recovery

What is a passphrase?

A passphrase is like a password only longer: words and characters that you enter to let the app know that the person typing is you.

Crypho also uses your passphrase to form a cryptographic key that is used for fetching other encrypted keys from our servers. It is therefore important that you use a strong enough passphrase. The simplest way of making your passphrase strong is to make it longer.

We recommend using at least three words, for example a short sentence.

Why do I lose content and groups when resetting my passphrase?

When you reset your passphrase without a recovery key, new encryption keys will be generated, and you lose access to your contacts and groups.

Your existing contacts will be informed that you have re-set your passphrase and your keys, and must re-confirm you as a contact.

This is partially a security measure to avoid account fraud. It is also a result of the technical design of the cryptographic key exchange:

Since Crypho does not have access to your cryptographic keys, there is also no way for us to accesss your existing content. Since we cannot see it, we also cannot give you access to it.

In order to avoid losing access to your groups when resetting your passphrase, make sure to create a recovery key.

phone

The Android app requires me to turn on the screen lock to start

In order to keep your keys secure, Crypho must use encrypted storage space on your phone. This space is unavailable to the app unless your phone is protected with a pin, password or fingerprint. Android lock patterns, however, are not secure enough and will not allow the app to unlock the secure storage.

This is a limitation imposed by the Android operating system.

privacy

Can I use Crypho anonymously?

Crypho is primarily designed as a business tool and not for providing anonymity.

We record as little data about you as possible. We do not share any of it with others. If you are still afraid of leaving metadata around and want to stay completely anonymous while using Crypho, you could:

  • Sign up with a throwaway email address
  • Access Crypho through TOR only
  • Use the mobile app or Google Authenticator for two-factor authentication rather than leave your phone number for SMS

Can others see who my contacts are?

No.

People can only see:

  • Their own contacts
  • People they share a group with.

No one else can see who is in your contacts list.

What metadata is available to Crypho?

We have no access to any of the content you share with others.

We store basic information about your account, such as your email address and phone number.

There is also meta-information about who your contacts are and what groups you are a member of.

We keep all of this information completely confidential.

Why do you ask for my phone number?

We need your phone number in order to send you your 2-factor authentication tokens. If you don’t want to share your phone number, you can use the Crypho smartphone app or one of the available TOTP authenticator apps instead of SMS.

two-factor-authentication

I was in the process of registering an account

If you were in the process of registering an account (on desktop or web) and didn’t complete your registration, you have no 2-factor authentication configured. Thus, you will not be able to log in.

To remedy this, simply click the original link you were sent in your registration email. Either from when someone invited you or when you received an email to confirm your email address.

You should promptly be taken to the correct stage in the sign-up-process, and able to complete the form.

Where can I get the 2-factor authentication code?

In addition to the passphrase, you also need a time based security code for Crypho’s two-factor authentication. The two-factor authentication ensures that even if someone gets hold of your passphrase, they still cannot access your account. In addition to something you know (your passphrase) you also need something you have (usually your phone or your computer).

There are several ways of generating the security code:

  • The security code can be generated on your phone from the Crypho mobile app.

  • The security code can be sent you your phone as a notification, as long as you have the Crypho app installed and linked. To do this, click the “send code via App” button on the login form.

  • The security code can be sent you by SMS/Text message. To do this, click the “send code via SMS” button. An SMS with a six digit security code should arrive in seconds.

  • The security code can be generated on your phone from one of many available authenticator apps supporting TOTP, for example Google Authenticator.

  • If you have previously created a recovery key, you can use it to gain access to your account.

The mobile app can generate the authentication code on its own. Once you have linked your account to your phone, there is no need to enter the code. The security code is valid for 60 seconds. If you wait too long, you will have to request a new code.

If you have none of the options above available, you will effectively be locked out of your account. The only option left is to delete your account and re-register.