CryptoSMS

Âmbito de cripto-SMS é o seguro de mensagens através de SMS.

PLEASE NOTE: due to the length of the keys and the messages, one single SMS (160 chars) cannot handle them in a single sending.

So a typical key exchange involves 8 SMS, while a encrypted message is composed by 4 SMS.

Take this in consideration if you have a “pay for SMS” plan.

Summary of main features:

Application MUST work without network (except for ADs :-) ). It is ONLY SMS based.

Securisation of the messaging is granted using a public key RSA algorithm; in order to grant an acceptable level of security, key length is 2048 bits.

All the operation of encrypting and decrypting messages are done in background, without user intervention.

In order to prevent a “man in the middle” attack, a voice only confirmation code will be asked as additional security to confirm the shared public key

Application store the key pairs in local database.

Personal Key can be encrypted by a password if needed, to prevent a thief stealing the phone to access it (optional).

Password to unlock the key DB could be a traditional numeric one, or a gesture password (only for Android 3.0+).

User can backup and restore Local database of friend keys.

Every key is associated with a phone number.

Conversations are stored in local database in encrypted form, and decrypted run-time.

User can delete the messages by one touch.

No reply / acknowledgment is expected in CRYPTO-SMS.

Encrypted SMS are not deleted automatically (will be added in future releases).

To operate:

At first startup the application asks if main screen and personal key need to be protected by password

First step to begin to send/receive messages is to exchange the public keys with your friends. To do that, send your key to your friends, choosing a different challenge for every friend. To be communicated by voice or face to face. Once the key received from other counterpart, it must be activated using the challenge.

Once the key is activated, it appears in the list of friends when you press on the write message button.

NOTE for export:

To comply with U.S. law, product has been self-classified as ECCN 5D002 and can exported without an encryption registration.

Products classified as ECCN 5D002, are exported under the TSU exception in EAR 740.13(e), which applies to software containing or designed for use with encryption software that is publicly available as open source.

Exception TSU further provides that <>

Application uses standard RSA library from Java:

Documentation: http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html

Source code: http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/javax/crypto/Cipher.java