Crypho — End-to-end encrypted file sharing and messaging

Using Crypho

Wed, 23 Mar 2016 21:54:54 +0100

Using Crypho

Crypho is a messaging and sharing tool for people and organisations with high security requirements. It provides an easy to use chat and file sharing application that helps teams communicate confidential information easily.

Crypho is a Software-as-a-Service, free for personal use and paid for businesses and professionals. You can use Crypho through a normal web-browser or on your mobile device of choice. No pre-installation of software, firewall-configuration or key exchange is necessary.

Crypho is end-to-end encrypted.

This means that when you send messages or share files through Crypho, your data is encrypted before it leaves your computer. The encryption is done with keys shared by only you and the message recipient. Only the recipient with the correct keys can decrypt the information shared. No one else can access your messages and files — not even Crypho staff. It is impossible for Crypho to get access to your information or to grant others access to your information. For a more in-depth look at the security design, have a look at our technical security page.

Crypho is private

Crypho is private and confidential by default. Crypho does not share or publish information about you like other applications or social networks do.

Core functionality

Crypho is group messaging and file sharing. You can chat with your contacts directly or in groups. You can share files directly in the chat or keep a shared folder of files between two people or for a group. Only the people explicitly granted access can view or download the files. All files and messages are strongly encrypted and never available to anyone else.

Logging in

Sat, 04 Apr 2015 15:29:29 +0200

Crypho’s primary focus is the confidentiality of your data. Because of the high security focus, logging in requires two-factor authentication and a strong passphrase.

It requires your email address, your passphrase and a time based security code.

Your passphrase

You created your passphrase when you signed up. Take special care of your passphrase. It is the basis for your cryptographic keys, and instrumental to the security of the application.

Two-factor authentication code

In addition to the passphrase, you also need a time based security code for Crypho’s two-factor authentication. The two-factor authentication ensures that even if someone gets hold of your passphrase, they still cannot access your account. In addition to something you know (your passphrase) you also need something you have (usually your phone or your computer).

There are several ways of generating the security code:

The security code can be generated on your phone from the Crypho mobile app.
The security code can be generated on your phone from one of many available authenticator apps supporting TOTP, for example Google Authenticator.
The security code can be sent you your phone as a notification, as long as you have the Crypho app installed and linked. To do this, click the “send code via App” button on the login form.
The security code can be sent you by SMS/Text message. To do this, click the “send code via SMS” button. An SMS with a six digit security code should arrive in seconds. Enter the six digits in the field and press Log in.
The security code is also displayed inside the mobile app. Both on the login page (for those that have autologin disabled) and at the very top of the preferences page.

The security code is valid for 60 seconds. If you wait too long, you will have to request a new code.

Remember me

By checking the checkbox Remember this computer for two weeks Crypho will not require a security code for the next two weeks for that computer.

Forgot your passphrase

If you cannot remember your passphrase, click the Lost your passphrase link and follow the instructions.

Key recovery

Fri, 20 Jan 2017 13:00:00 +0200

It is easy to either forget your passphrase or lose access to your 2-factor authentication codes.

To regain access to your account without losing your existing content and contacts, you can use a recovery key. The key must be generated up front.

The recovery key is a 256 bit key printed in the form of 24 words. It can be used to recover your account should you forget your passphrase.

Here’s an example of how it might look:

Creating your recovery key

You can create a recovery key by selecting “Key recovery” in the menu in the Crypho desktop or web apps. It is not possible to create recovery keys from the mobile app.

It is only possible to have one recovery key available at any time. Creating a new recovery key instantly invalidates all previously generated recovery keys.

The new recovery key will only be shown to you once. There is no way to access it again. We recommend that you write it down or print it on paper. Store your key in a safe place, for example in an envelope in a safe or bank deposit box. Do not store it digitally. And make sure no-one else gets access to it.

Should you forget your passphrase or lose your two-factor authentication mechanism in the future, you will then be able to use this key to recover your account.

Contacts

Tue, 29 Mar 2016 11:48:19 +0200

Using Crypho, you communicate either directly with your contacts or in groups. To add a contact, you must invite them to be your contact and they must approve your contact request. You can only be made someone’s contact by explicit approval. Your contacts are listed in your main Crypho home screen. Only you can see who your contacts are. They are not shared with others.

Inviting a contact

To add a contact, click the add contact button in the main contact listing screen. You will be given the opportunity to enter their email address and a personal message. An invitation email will be sent them inviting them to be your contact in Crypho. If they don’t have an account already, they will have to join first in order to accept your invitation.Your personal message will be sent as part of the invitation email to them. Once they choose to accept your invitation, they will appear in your contacts list and you will appear as a contact in their list.

In the “invitations” entry in the top menu, you can see you sent and received invitations. The counter on the main menu entry shows the number of received invitations you have not yet responded to. The menu has two entries.

Received invitations

a list of invitations received from others, each invitation with an option to accept or reject it. Rejecting an invitation throws it silently away without alerting the person that invited you.

Sent invitations

Shows a list of invitations that you have sent to others. Each invitation has the option to withdraw the invitation by clicking the x next to it. This also silently deletes the invitation, and does not send a notification to the recipient.

Deleting a contact

To delete a contact, click on them in the main list so you can view the conversation with them. In the bottom right corner of the chat is a button saying “delete contact”. Clicking this will delete them from your contacts, and you will be removed from their contact list as well.

Sharing files

Fri, 29 Apr 2016 11:51:01 +0200

All members of a group conversation can share files and delete files in the group’s shared folder. Share files either by dragging and dropping them on the main chat conversation or by clicking the upload files button in the file overview screen.

If the shared file is an image, a thumbnail of the image will be generated and displayed. For any security conscious people out there, it might be comforting to know that the thumbnail is generated on the client while uploading. Generating thumbnails on the server is of course impossible, as all files are encrypted before they reach Crypho’s server.

Viewing shared files

When someone shares a file in a conversation, it is immediately displayed in the chat and available for download. Clicking a file icon or thumbnail immediately downloads and decrypts the file to make it available to you.

All the shared files can also be seen in the “shared files” panel. Delete files in the shared files panel by clicking the trash icon.

File size limits

File uploads have a max size depending on your account plan. Free account can share files up to 3 megabytes. Paid accounts can share files up to 100 megabytes, depending on plan size.

Groups

Tue, 29 Mar 2016 11:49:49 +0200

A group is a persistent chat room with a shared file folder that is available exclusively to invited members of the group. Groups are never announced publicly or visible to anyone beyond its members. Only invited members have access to the group conversation, know of its existence, and see who else is a member.

Chatting in groups

All members of the group have access to the group chat. All members receive notifications (on mobile) for new messages when a message is posted if they are not logged in at the time.

Muting a group (mobile only)

If you prefer not to receive mobile notifications from a particular group conversation, you can select to mute the group:

Visit the group with the mobile app
Click the cog icon in the top right corner of the screen
Choose “mute group” in the menu that appears

Creating a group

To create a group, click the “Create group” button in the main screen. You will be presented with a panel that allows you to choose among your contacts who to add to the group. If you want to invite people to the group that are not your contacts, invite them to be your contacts first. The members field has a search. Start typing, and you will immediately be presented with matches among your contacts. Clicking a contact immediately adds them to the group.

Leaving a group

To leave a group, click the “leave group” button inside the group chat. If you are the group owner, you cannot leave a group, only delete it.

Group roles

The person that initially created the group conversation is designated the owner, indicated by a star in the roster. The owner can invite and remove members, rename the group and delete the group. The owner can also promote other group members to “operator”. Operators are indicated by a half star icon in the roster. Operators can also add and remove people to the group, rename the group. Only the owner can delete the group.

Renaming a group

To rename a group in the web app, simply click on its title when inside the group conversation and change the text. You must be operator or owner of the group to change its name.

Managing members

Given that you have permission to manage a group’s members, clicking the members button brings up the member management menu. You can add existing contacts to the group, grant (or remove) group members operator role and evict members from the group.

If you add a new member to a group, they will get access to the group immediately. They will also be able to see previous chat history and files that have been shared to the group.

Deleting a group

To delete a group, click the delete group button. Only the group owner can delete it. When a group is deleted, all chat history and all shared files are deleted permanently. Your contacts are still available as contacts.

Enterprise accounts

Sun, 29 Jan 2017 12:00:00 +0200

Crypho offers a paid version for organizations and companies. It offers useful features for managing many users and company compliance.

Extra features:

Customers can share and store large files, up to 100mb. There is no limit on storage.
Customers can add as many groups they wish.
Customers can download transcripts of chats in plain text format. This can be useful for compliance or archiving purposes.
Customers are identified as professional users and have a badge indicating their organization/company in the member roster.

Managing an organizational account:

The administrator of an organization account can add and remove people to the account.

In the menu, select “My account”.

The account overview includes:

The company name. This will be shown on member rosters for all members of the account.
A list of all members of the account.
A form to add new members to the account

Verifying key fingerprints

Tue, 24 Jan 2017 11:48:19 +0200

Crypho’s end-to-end encryption protects your data from surveillance. For critical communications it is also important to be certain of the identity of the person you are talking to.

By verifying each other’s encryption keys, you and the person with whom you are communicating add another layer of protection to your conversation by confirming each other’s identities. This makes you certain that you are always talking to the right person. Crypho makes it simple to manage key signing and verification.

Out-of-band verification

When verifying keys, it is important that you actually check that you are communicating with the correct person. This is why verification should be done through a different medium than Crypho itself — called out-of-band verification.

Meet in person and verify

If it can be arranged safely and conveniently, the ideal way is to meet in person and verify keys face-to-face. Crypho’s mobile app has convenient provisions for this: your key fingerprint is available as a scannable QR code, and scanning each other’s fingerprints is convenient and quick.

Verify via phone

If meeting in person is not an option, telephone is a good alternative. Talking on the phone makes it easy to confirm that you are talking to the correct person and not an impostor. Crypho has convenient six-word fingerprints that can easily be communicated over the phone and entered in the app for verification.

Viewing your own key fingerprint

The fingerprint appears as both a QR code and a list of six seemingly random words. The QR code and the list of words are equivalent. Both are a unique representation of your cryphographic keys. By sharing the QR code or the list of words with your contacts, they can enter it into their app so it can always be aware of any suspicious changes to your keys.

Give your key fingerprint to your contacts in a medium separate from Crypho. In a manner where they can be sure it is really you.

Desktop and web

In the desktop or web apps, your key fingerprint is available through the menu under “My fingerprint”.

Mobile

In the mobile app, your key fingerprint is available from the settings screen.

Verifying a contact

Desktop and web

In the desktop or web apps, clicking the red circle next to a contact in the contact list brings up the key verification screen. Enter the six words that your contact has shared with you in the form. Your contact should now be listed as verified.

Mobile

In the mobile app, view a direct conversation with the contact you want to verify and press the cog symbol in the top right corner. In the menu that appears, select “Verify contact”.

You have two options for verifying:

Scan your contact’s QR code fingerprint with your phone’s camera
or enter your contact’s six word fingerprint when they share it with you.

Key changes

If you have lost access to your account and reset your passphrase, new cryptographic keys will be created for you, and as a result you will also get a new fingerprint. ALl your existing contacts will be notified, and all verifications will be invalidated.

Crypho detects when someone’s keys change - for example when they have lost and reset their password. Key verifications are automatically invalidated and must be verified again in this case.

We recommend that you verify all your Crypho contacts.

Security in Crypho

Tue, 22 Mar 2016 10:21:10 +0100

Download security whitepaper

Download the Crypho security whitepaper in PDF format. No registration necessary.

Download

Security Overview

Crypho uses several layers of protection to provide privacy and security. All data should be end-to-end encrypted without Crypho or anyone else having access to the encryption keys. There should be no way for Crypho or a third party to gain access to any of the data. Even if the data is intercepted, stolen or seized, it is worthless without access to the members’ keys.

Cryptography

Crypho uses several well known and battle-proven encryption algorithms and libraries to ensure privacy:

ECC Encryption The El-Gamal Elliptic Curve 384-bit prime curve is used.
AES We use authenticated AES with 256-bit keys in CCM mode.
Scrypt We use the standard scrypt algorithm with N=16384, r=8, p=1.
Randomness All random numbers/IVs/keys are generated by a derivative of the Fortuna algorithm found in the Stanford Javascript Crypto Library. The entropy generators are initialized with random numbers coming from the built-in strong cryptographic RNG of the browsers.
Crypto primitives All crypto primitives used by Crypho are based on the Stanford Javascript Crypto Library.

For an in-depth review of how Crypho uses cryptography for authentication, signing & encryption please see Crypho’s security whitepaper.

Authentication & two-factor-authentication

Crypho uses the Time-based One-time Password Algorithm (TOTP) for two-factor authentication. Upon registration the server generates a TOTP secret. The member can then choose to use SMS/text messages to receive TOTP tokens, or to generate them through Crypho’s mobile app.

Web app security

Regardless of the encryption mechanisms described above, all communications between the Crypho servers and web browsers or mobile applications are encrypted using HTTPS/TLS (Transport Layer Security). While this makes no difference to the privacy of the data transmitted (since they are end-to-end encrypted) it helps further safeguarding client-server communications and mitigate man-in-the-middle attacks.

Crypho pays close attention to security announcements on new vulnerabilities on the HTTPS/TLS protocols and adapts if necessary in a timely fashion.

To protect users from cross-site scripting attacks (XSS), Crypho’s web app uses Content Security Policies to declare approved sources of content that are allowed to run in the Crypho web application.

Mobile app security

User interactions such as entering a long passphrase can be a challenge on mobile devices given their small form factor. To solve this problem Crypho developed a secure storage mechanism that uses native device security when available and complements it with strong cryptography when necessary.

Thus we allow the member to authenticate without entering her passphrase every time, by cryptographically storing the her key pair on the device. The member can opt-out of this feature, in which case her passphrase will be required every time she uses the app. This is recommended in hostile environments.

To enhance security and transparency, Crypho has released its secure storage plugin as well as its scrypt implementation for mobile as open source software on Github.

Privacy, anonymity and metadata

Crypho protects the contents of your conversations and files you share by end-to-end encrypting them with keys that are only under your control. Crypho is not anonymous. It aims to keep your data private, while providing all of the features expected by a communication service.

For example, Crypho’s server is aware of when a new message is posted in a conversation and notifies users via the web or mobile notification system. Since Crypho does not have access to the contents of the conversations, it is impossible to include the content of the message in the notifications (which would’ve been a security risk in itself anyway).

Our servers have no knowledge of your message contents, but stores things like your email address, your telephone number, your contacts in Crypho, the IP addresses you use. Crypho also stores additional data such as the time you logged-in, or when a message was sent and by whom.

Crypho does not disclose any of this information or share it with third parties, except when needed in order to fulfill its operations.

Open Source software

Crypho is Open Source, so that both yourself and security experts can independently review the source code to confirm that it does what it should and does it the right way. This way the security community and can review Crypho continously, see that cryptography is used in the correct manner and that there are no back-doors or security holes.

Crypho’s source code on GitHub

Operational security/hosting

Crypho maintains strict policies on operational security. All our code is peer-reviewed for security before deployment and we maintain a large number of automatic tests that target security specifically.

No cloud services are used for hosting or storing of the user data. Crypho is hosted on dedicated servers in Norway in order to keep our infrastructure under strict control. All your data is protected by Norwegian law.

Responsible vulnerability disclosure

We perform regular security audits internally and communicate regularly with security experts globally. Our engineering team has strong security-related background and experience. However, no software is without bugs. If a security vulnerability is found, Crypho will disclose all information relating to the bug after it is fixed. We strive for transparency and trust.

Data ownership

All information exchanged using Crypho’s service is owned by the members participating in the conversation. Crypho does not not claim any ownership of this data. Our architecture additionally makes it impossible for us to decrypt and access it.

Video and audio chat

Thu, 23 Mar 2017 00:13:30 +0200

We are super thrilled to present the first release of encrypted video and audio chats in Crypho.

Secure communications have never been this easy. You can now establish encrypted video chats with your contacts at the click of a button. The security is handled by the existing, proven Crypho security model and all signaling, audio and video is end-to-end encrypted.

Video and audio chats are available person-to-person, for the desktop and web platforms in this first release. Group video conversations and mobile app support will be available in the future.

Image viewers

Fri, 10 Mar 2017 00:14:30 +0200

On some platforms (most notably Android), using the built-in image viewer could cause a copy of a viewed image to be stored on your device. This could cause additional risks to some of our customers.

We have therefore implemented shiny new image viewers for Crypho: both on the desktop, mobile and web versions. Any time you decrypt and view an image, it will be shown temporarily inside the app. And you can of course zoom, pan and rotate the images, just as you’d expect. When you are done viewing an image, it will be removed completely from your device, with no trace remaining.

Colour identification to prevent accidental posts

Fri, 10 Mar 2017 00:14:00 +0200

We have livened up the user interface by adding a distinct colour to each of your contacts and groups in your contact lists. The same colour is displayed inside the chats. This way you can quickly identify which chat you are in so you don’t risk sending anything to the wrong recipient.

Transparency Report and Warrant Canary

Mon, 06 Feb 2017 12:00:00 +0100

Transparency

Crypho has an extremely high focus on the privacy of our users and the confidentiality of their content. There may however be cases where we are presented with legal requirements to share information with government authorities. This page outlines our policies for how to manage this.

First and foremost: Since all content in Crypho is encrypted with keys that only our customers hold, none of the content shared by our customers can be surrendered to authorities, regardless of warrants. The following policies are only related to the limited metadata that is available to us.

Norwegian law allows for the government to issue warrants for seizure and search of stored customer’s data on certain conditions.

Crypho AS will not share customer data with any authorities unless compelled to do so by law. This means a request from a Norwegian court approved by a judge.

Crypho is subject to Norwegian law only. Foreign agencies with requests for information should direct their requests to the Norwegian police. We cannot comply with foreign requests that are not supported by a Norwegian court order.

When legally possible, we will provide advance notice to our customers about any government data requests. We will inform about the warrant and about how it was handled. Where legally possible, we will also share the information publicly here.

Warrant Canary

On some occasions, however, we may be prohibited from doing so by law. Some warrants come with a “gag order”, a restriction on informing customers or the public that there warrant exists. In order to still keep our customers informed, we have implemented a “Warrant Canary”

The idea behind a warrant canary is as follows: if Crypho receives legal demands with a gag order, we won’t be able to tell our customers. We can however, say that we have received no such requests, and update the statement regularly. Thus, if we stop saying we have received no requests, the implicit understanding will be that we have.

Read about Warrant Canary on Wikipedia https://en.wikipedia.org/wiki/Warrant_canary

We will post an updated Canary statement at least every month. If the update date on the Canary is more than 30 days old, you can assume we have received a warrant with a “gag order”.

This is the Crypho Warrant Canary

As of 2017-05-16 10:40:00 CET

Crypho has received no warrants
for data seizure, metadata or other information

This note will be updated on a monthly basis.

Multiple email address support

Wed, 25 Jan 2017 00:00:00 +0200

Many of our customers connect with people in differnt contexts. Many communicate in personal contexts where they identify with their personal email addresses, as well as in professional contexts where they identify with their work email.

Crypho now supports multiple email addresses per account. You can add as many as you like.

You can use the additional email addresses to log in, just like you do with your primary email. You passphrase and 2-factor authentication remains the same.

When others send an invitation to you to an email address linked to your account, you will receive the invitation just as if they had sent the invitation to your primary email.

To add an additional email address, click “my profile” in the menu in the desktop/web app. The profile page has a link to add additional email addresses. When you add another email, a confirmation mail will be sent to the address you added.

Introducing Recovery Keys

Fri, 20 Jan 2017 13:00:00 +0200

One of the most common customer requests we receive is the ability to reset your passphrase without losing your content and contacts. With the new recovery keys you can do this in a straightforward manner.

The recovery key is a 256 bit key printed in the form of 24 words. It can be used to recover your account should you forget your passphrase.

Here’s an example of how it might look:

Creating your recovery key

You can create a recovery key by selecting “Key recovery” in the menu in the Crypho desktop or web apps. It is not possible to create recovery keys from the mobile app.

It is only possible to have one recovery key available at any time. Creating a new recovery key instantly invalidates all previously generated recovery keys.

Should you forget your passphrase or lose your two-factor authentication mechanism in the future, you will then be able to use this key to recover your account.

Crypho — End-to-end encrypted file sharing and messaging

Using Crypho

Using Crypho

Crypho is end-to-end encrypted.

Crypho is private

Core functionality

Logging in

Crypho’s login form:

Your passphrase

Two-factor authentication code

Remember me

Forgot your passphrase

Key recovery

Creating your recovery key

Contacts

Inviting a contact

The invitations menu

Received invitations

Sent invitations

Deleting a contact

Sharing files

Viewing shared files

File size limits

Groups

Chatting in groups

Muting a group (mobile only)

Creating a group

Leaving a group

Group roles

Renaming a group

Managing members

Deleting a group

Enterprise accounts

Extra features:

Managing an organizational account:

Verifying key fingerprints

Out-of-band verification

Meet in person and verify

Verify via phone

Viewing your own key fingerprint

Desktop and web

Mobile

Verifying a contact

Desktop and web

Mobile

Key changes

Security in Crypho

Download security whitepaper

Security Overview

Cryptography

Authentication & two-factor-authentication

Web app security

Mobile app security

Privacy, anonymity and metadata

Open Source software

Operational security/hosting

Responsible vulnerability disclosure

Data ownership

Video and audio chat

Image viewers

Colour identification to prevent accidental posts

Transparency Report and Warrant Canary

Transparency

Warrant Canary

Multiple email address support

Introducing Recovery Keys

Creating your recovery key