Scope of CRYPTO-SMS is the secure messaging through SMS.
PLEASE NOTE: due to the length of the keys and the messages, one single SMS (160 chars) cannot handle them in a single sending.
So a typical key exchange involves 8 SMS, while a encrypted message is composed by 4 SMS.
Take this in consideration if you have a “pay for SMS” plan.
Summary of main features:
Application MUST work without network (except for ADs :-) ). It is ONLY SMS based.
Securisation of the messaging is granted using a public key RSA algorithm; in order to grant an acceptable level of security, key length is 2048 bits.
All the operation of encrypting and decrypting messages are done in background, without user intervention.
En el para evitar un ataque de "hombre en el medio", se le pedirá un código de confirmación de solo voz como seguridad adicional para confirmar la clave pública compartida
Application store the key pairs in local database.
Personal Key can be encrypted by a password if needed, to prevent a thief stealing the phone to access it (optional).
Password to unlock the key DB could be a traditional numeric one, or a gesture password (only for Android 3.0+).
User can backup and restore Local database of friend keys.
Every key is associated with a phone number.
Conversations are stored in local database in encrypted form, and decrypted run-time.
User can delete the messages by one touch.
No reply / acknowledgment is expected in CRYPTO-SMS.
Encrypted SMS are not deleted automatically (will be added in future releases).
To operate:
At first startup the application asks if main screen and personal key need to be protected by password
First step to begin to send/receive messages is to exchange the public keys with your friends. To do that, send your key to your friends, choosing a different challenge for every friend. To be communicated by voice or face to face. Once the key received from other counterpart, it must be activated using the challenge.
Once the key is activated, it appears in the list of friends when you press on the write message button.
NOTE for export:
To comply with US law, product has been self-classified as ECCN 5D002 and can exported without an encryption registration.
Los productos clasificados como ECCN 5D002, se exportan bajo la excepción de TSU en EAR 740.13 (e), que se aplica al software que contiene o diseñado para su uso con software de cifrado que está disponible públicamente como código abierto.
Exception TSU further provides that <>
Application uses standard RSA library from Java:
Documentation: http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
Source code: http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/javax/crypto/Cipher.java
Leer más
