CryptoSMS

Scope of CRYPTO-SMS is the secure messaging through SMS.

PLEASE NOTE: due to the length of the keys and the messages, one single SMS (160 chars) cannot handle them in a single sending.

So a typical key exchange involves 8 SMS, while a encrypted message is composed by 4 SMS.

Take this in consideration if you have a “pay for SMS” plan.

Summary of main features:

Application MUST work without network (except for ADs :-) ). It is ONLY SMS based.

Securisation of the messaging is granted using a public key RSA algorithm; in order to grant an acceptable level of security, key length is 2048 bits.

All the operation of encrypting and decrypting messages are done in background, without user intervention.

ในการป้องกันเพื่อป้องกันการโจมตี“ คนที่อยู่ตรงกลาง” รหัสการยืนยันเสียงเท่านั้นจะถูกถามว่าเป็นการรักษาความปลอดภัยเพิ่มเติมเพื่อยืนยันคีย์สาธารณะที่ใช้ร่วมกัน

Application store the key pairs in local database.

Personal Key can be encrypted by a password if needed, to prevent a thief stealing the phone to access it (optional).

Password to unlock the key DB could be a traditional numeric one, or a gesture password (only for Android 3.0+).

User can backup and restore Local database of friend keys.

Every key is associated with a phone number.

Conversations are stored in local database in encrypted form, and decrypted run-time.

User can delete the messages by one touch.

No reply / acknowledgment is expected in CRYPTO-SMS.

Encrypted SMS are not deleted automatically (will be added in future releases).

To operate:

At first startup the application asks if main screen and personal key need to be protected by password

First step to begin to send/receive messages is to exchange the public keys with your friends. To do that, send your key to your friends, choosing a different challenge for every friend. To be communicated by voice or face to face. Once the key received from other counterpart, it must be activated using the challenge.

Once the key is activated, it appears in the list of friends when you press on the write message button.

NOTE for export:

To comply with US law, product has been self-classified as ECCN 5D002 and can exported without an encryption registration.

ผลิตภัณฑ์ที่จัดเป็น ECCN 5D002 จะถูกส่งออกภายใต้ข้อยกเว้น TSU ใน EAR 740.13 (E) ซึ่งใช้กับซอฟต์แวร์ที่มีหรือออกแบบมาเพื่อใช้กับซอฟต์แวร์เข้ารหัสที่เปิดเผยต่อสาธารณะในฐานะโอเพ่นซอร์ส

Exception TSU further provides that <>

Application uses standard RSA library from Java:

Documentation: http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html

Source code: http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/javax/crypto/Cipher.java