• Anonymous Communication
  • Military Grade Encryption
  • Simple user interface
  • Mobile solution

Kriptoline technical details

TECHNOLOGY

Kriptoline is a solution for secure mobile communications, allowing secure voice calls, text messages and file transfers among users within the Kriptoline system.

Our system is designed as a closed system, in the sense that, only Kriptoline users can talk securely with each other.

We aim for high security levels and that can only be guaranteed by staying inside our system.

The key concepts are:

END-TO-END ENCRYPTION

Encryption is performed directly on the end devices. Server, administrators and arbitrary third parties are not able to eavesdrop on users’ communication.

STRONG CRYPTOGRAPHY

Combination of asymmetric and symmetric encryption is used - asymmetric RSA with key length of 2048 bits and symmetric AES with key length of 256 bits. It is not possible to crack those encryptions, using current technology.

NO SIM

No SIM card is required in order to run the application. Voice calls, messages or files are transmitted over a data channel (WiFi, LTE or other data connection).

PERFECT-FORWARD-SECRECY

For voice calls and file transfer, the system provides perfect-forward-secrecy property. Encryption key is unique for every call/message/file sent and those keys are destroyed after the communication has ended.

P2P VOICE

Voice calls support P2P whenever a direct tcp/ip connection between clients is possible.

PRIVATE CONTACTS

Contacts are separated from the phone's contact list. The system uses nicknames and e-mails instead of phone numbers. Your phone number is not linked with your Kriptoline account.

There is another, secure contact list inside the application which synchronizes with the help of a server - user is able to log in using other devices and have the same saved contacts. The contact list also establishes an asymmetric trust relation. In practice this means:

  • Users can add arbitrary users to their contact lists.
  • But in order for X and Y being able to engage in a secure communication in the first place, they have to add each other to their contact lists

SYSTEM ARCHITECTURE

Our system consists of Kriptoline servers and client applications.The servers manage user login credentials and contact lists.

Users can communicate between each other, even if they both reside on a different Kriptoline server. No logs are stored, messages are kept inside of the end devices, since  private keys are never sent to the server, the keys are never known by the server.

USER IDENTITY

Each user is represented in the system by unique e-mail and password. Each user device generates its own asymmetric key-pair with the following properties:

  • Key length is 2048 bits, RSA.
  • Private key never leaves the device and it's stored in a secure way on the device being encrypted itself.
  • During the initial startup, client certificate binding the user identity and his public-private key- pair is generated by client application. The private key is solely stored on the client device while the public key is stored on both the server and the client. The certificate is then used for authentication in TLS connections (second layer of protection) and also for the encryption of all the client data stored on the client device.
  • In addition, Elliptic Curve Diffie-Hellman (ECDH) is utilized to negotiate AES symmetric encryption keys between the clients.

PASSWORD PROTECTION

User passwords are kept secret through one way hashes, only users themselves know their own passwords. Since they're never stored in plaintext form, passwords are unknown to servers, administrators and anybody else.

SECURE VOICE CALLS

Functionality and security of voice calls are ensured by a combination of several technologies and Kriptoline protocols. Encryption key is unique for every call and is destroyed after the communication has ended. No private keys are shared with the server.

In cases where direct connection is not possible (tight firewalls firewalls , symmetric NAT) RELAY servers are used for connections , but the end-to-end encryption remains intact. Because of the fact that, encryption keys are only stored on each client's side, the server can not decipher the data being transferred. As such, a relay server does not break end-to-end encryption and poses no man-in-the-middle type threats.

SECURE TEXT MESSAGES

Text messages work similarly to PGP. End-to-end encryption is used. A server can not decipher the message content. Messages are encrypted using a hybrid encyrption utilizing AES-256 and RSA. The encryption key for messages are the asymmetric RSA public key of the recipient. Thus, only the recipient client can decrypt the content by its own private key which is only known by itself.

SECURE FILE TRANSFER

File transfer protocol enables secure asynchronous file transfer between Kriptoline users utilizing strong end-to-end encryption. Arbitrary file types can be transferred between users (images, music, binary data).