Scope of CRYPTO-SMS is the secure messaging through SMS.
PLEASE NOTE: due to the length of the keys and the messages, one single SMS (160 chars) cannot handle them in a single sending.
So a typical key exchange involves 8 SMS, while a encrypted message is composed by 4 SMS.
Take this in consideration if you have a “pay for SMS” plan.
Summary of main features:
Application MUST work without network (except for ADs :-) ). It is ONLY SMS based.
Securisation of the messaging is granted using a public key RSA algorithm; in order to grant an acceptable level of security, key length is 2048 bits.
All the operation of encrypting and decrypting messages are done in background, without user intervention.
ในการป้องกันเพื่อป้องกันการโจมตี“ คนที่อยู่ตรงกลาง” รหัสการยืนยันเสียงเท่านั้นจะถูกถามว่าเป็นการรักษาความปลอดภัยเพิ่มเติมเพื่อยืนยันคีย์สาธารณะที่ใช้ร่วมกัน
Application store the key pairs in local database.
Personal Key can be encrypted by a password if needed, to prevent a thief stealing the phone to access it (optional).
Password to unlock the key DB could be a traditional numeric one, or a gesture password (only for Android 3.0+).
User can backup and restore Local database of friend keys.
Every key is associated with a phone number.
Conversations are stored in local database in encrypted form, and decrypted run-time.
User can delete the messages by one touch.
No reply / acknowledgment is expected in CRYPTO-SMS.
Encrypted SMS are not deleted automatically (will be added in future releases).
To operate:
At first startup the application asks if main screen and personal key need to be protected by password
First step to begin to send/receive messages is to exchange the public keys with your friends. To do that, send your key to your friends, choosing a different challenge for every friend. To be communicated by voice or face to face. Once the key received from other counterpart, it must be activated using the challenge.
Once the key is activated, it appears in the list of friends when you press on the write message button.
NOTE for export:
To comply with US law, product has been self-classified as ECCN 5D002 and can exported without an encryption registration.
ผลิตภัณฑ์ที่จัดเป็น ECCN 5D002 จะถูกส่งออกภายใต้ข้อยกเว้น TSU ใน EAR 740.13 (E) ซึ่งใช้กับซอฟต์แวร์ที่มีหรือออกแบบมาเพื่อใช้กับซอฟต์แวร์เข้ารหัสที่เปิดเผยต่อสาธารณะในฐานะโอเพ่นซอร์ส
Exception TSU further provides that <>
Application uses standard RSA library from Java:
Documentation: http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html
Source code: http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/javax/crypto/Cipher.java
อ่านเพิ่มเติม
