I was looking for an application that would encrypt and decrypt SMS, so that the carrier, or anyone else listening in, would be unable to monitor SMS traffic. To be clear, I am referring to a shared key system for SMS traffic, not encryption of saved messages.
The real question seems to be, could a plugin be created for GO SMS or even the stock msg app that would allow this feature. It would be important to make encryption strong ENOUGH without increasing the size too much like PGP would. Also, one must consider the original developers of GO SMS (Asian dev team) and the right to create plugins for their software.
Any ideas?
Hello.
Edit August 2014: new information:
I made a new encryption tool for sms. It should be like Fort Knox
ECC SMS
This one encrypts messages with elliptic curve cryptography.
ECC is faster than RSA, need less keylenght and is used in passports, debit cards the austrian e-card and so on.
current keysize is 521 bit. It is based on the mathematical Elliptic Curve Discrete Logarithm Problem (ECDLP).
Computing power required to solve ECDLP with 521 bit key is 1.3*10^66 MIPS years.
Internal is AES256, CBC and SHA512 used.
- totaly over sms
- no textlimit
- public-key infrastructure (PKI)
- Elliptic Curve Integrated Encryption Scheme (ECIES)
- equals >15360bit RSA Encryption
- protects efficiently until year 2120
For comparison:
An 15360 bit encryption with RSA over SMS would generate much more data, so that you would need many many sms for one message.
De- and Encryption with the smartphone would last minutes, so this would be impractical.
ECC SMS needs only some seconds for encrypting and decrypting with this high security settings.
Edit: neue Thumbnails.
I was quite interested in this app until I discovered it didn't support my FroYo system
Also, no mention of how decrypted texts are dealt with. Are they written to system as plain text when decrypted thereby permitting recovery using forensic tools?
Sent from my antique Speak and Spell running Froyo.
MobiMikes said:
I was quite interested in this app until I discovered it didn't support my FroYo system
Also, no mention of how decrypted texts are dealt with. Are they written to system as plain text when decrypted thereby permitting recovery using forensic tools?
Sent from my antique Speak and Spell running Froyo.
Click to expand...
Click to collapse
Hi!
I don't know if this answers your question:
You write the Plaintext into the App.
When you press encrypt and send, the text will be encrypted with the public key of the receiver.
Then the encrypted text will be sent to the receiver.
The receiver's ecc sms app dectects that it's a encrypted sms and intercept the sms.
Then the app decrypts the sms with the private key and writes the decrypted message into sms inbox and makes an alert "new decrypted message received".
greetings
So let's get the slanging on haja
Sent from my SPH-D700 using Xparent SkyBlue Tapatalk 2
charlie95113 said:
So let's get the slanging on haja
Sent from my SPH-D700 using Xparent SkyBlue Tapatalk 2
Click to expand...
Click to collapse
slanging on haja?
jurtsche said:
Hi!
I don't know if this answers your question:
You write the Plaintext into the App.
When you press encrypt and send, the text will be encrypted with the public key of the receiver.
Then the encrypted text will be sent to the receiver.
The receiver's ecc sms app dectects that it's a encrypted sms and intercept the sms.
Then the app decrypts the sms with the private key and writes the decrypted message into sms inbox and makes an alert "new decrypted message received".
greetings
Click to expand...
Click to collapse
I dont understand,
If the encrypted SMS messages intercepted by any person who has installed this program it can be decrypted with private key third person.?
Please can you explain how start first time exchange of messages between two phones and
how can I know if the sms is authenticity from my frend or any other undesirable persons?
igorir said:
I dont understand,
If the encrypted SMS messages intercepted by any person who has installed this program it can be decrypted with private key third person.?
Please can you explain how start first time exchange of messages between two phones?
Click to expand...
Click to collapse
No, the private key of a third person does not suit with the public key of the first person.
If you create a KeyPair it consists PublicKey A1 and PrivateKey B1. A1 and B1 are dependent. You can not calculate B1 if you know A1.
Person 1's Keypair is then A1 and B1.
Person 2's Keypair would be A2 and B2.
If now someone encrypts a message with the PublicKey A1 he can not decrypt with PrivateKey B2 or any other Private Key.
Just with Private Key B1. With any other key the calculation of the message fails or the result would be a rubbish Text like the encrypted Message itself.
Every Person has his own keypair.
The Answer of your Question of first time exchange of messages:
Person A wants to write Person B. Every Person has created his own KeyPair.(1 PrivateKey + 1 PublicKey)
Person A requests the PublicKey from Person B.
Person A encrypts Message M1 with PublicKey from Person B.
Person A encrypts Message M2 with PublicKey from Person B.
Person A encrypts Message M3 with PublicKey from Person B.
.
.
.
Person B and only Person B can decrypt the Message M1,M2,.. with his PrivateKey.
Is this satisfying for you?
Greetings.
(attachment added)
jurtsche said:
No, the private key of a third person does not suit with the public key of the first person.
If you create a KeyPair it consists PublicKey A1 and PrivateKey B1. A1 and B1 are dependent. You can not calculate B1 if you know A1.
Person 1's Keypair is then A1 and B1.
Person 2's Keypair would be A2 and B2.
If now someone encrypts a message with the PublicKey A1 he can not decrypt with PrivateKey B2 or any other Private Key.
Just with Private Key B1. With any other key the calculation of the message fails or the result would be a rubbish Text like the encrypted Message itself.
Every Person has his own keypair.
The Answer of your Question of first time exchange of messages:
Person A wants to write Person B. Every Person has created his own KeyPair.(1 PrivateKey + 1 PublicKey)
Person A requests the PublicKey from Person B.
Person A encrypts Message M1 with PublicKey from Person B.
Person A encrypts Message M2 with PublicKey from Person B.
Person A encrypts Message M3 with PublicKey from Person B.
.
.
.
Person B and only Person B can decrypt the Message M1,M2,.. with his PrivateKey.
Is this satisfying for you?
Greetings.
(attachment added)
Click to expand...
Click to collapse
Ok, it's clear,
But what happens if:
Person A requests the PublicKey from Person B.
Person A recive PublicKey from Person B but also the person C intercept mesage from person B,
and then Person C can encrypt SMS with PublicKey from person B and infiltrate in sms exchange between Person A and Person B
Am I right ?
igorir said:
Ok, it's clear,
But what happens if:
Person A requests the PublicKey from Person B.
Person A recive PublicKey from Person B but also the person C intercept mesage from person B,
and then Person C can encrypt SMS with PublicKey from person B and infiltrate in sms exchange between Person A and Person B
Am I right ?
Click to expand...
Click to collapse
Yes, Person C could encrypt a message with PublicKey from Person B, but what should Person C write to Person B?
This is not useful for Person C.
Person C could instead just make a KeyRequest to Person B if he wants to know the PublicKey of B
The Public Key is called Public Key because the Key is and should be Public, thats how public-key infrastructure works.
greetings
thanks,
I've now installed ECC SMS lite on two phones,
galaxy S3 I9305 ROM 4.1 JB and sony xperia J ROM 4.0 ICS and have smaill bug on Xperia J
when recive encrypted mesage Xperia J apps stop ruuning and moment llater recive and decrypt my crypted mesage from galaxy s3.
All mesage recived on my galaxy S3 is OK
igorir said:
thanks,
I've now installed ECC SMS lite on two phones,
galaxy S3 I9305 ROM 4.1 JB and sony xperia J ROM 4.0 ICS and have smaill bug on Xperia J
when recive encrypted mesage Xperia J apps stop ruuning and moment llater recive and decrypt my crypted mesage from galaxy s3.
All mesage recived on my galaxy S3 is OK
Click to expand...
Click to collapse
Okay, this is because the extreme heavy encryption.. (like 16k bit RSA)
The calculation of the message needs some power.
That is one reason why not enough calculation power on earth exist to bruteforce the keys.
Your S3 with Quad Core has much power.
The single cored Xperia J needs some time with 1GHz.. that causes a little UI-lag at receiving.
hmmm, i will look, if i can multithread it at receiving too, that this UI lag doesn't appear on slower phones.
Just for information: With 16k RSA it would take 64 times longer than with same much more efficient algorithm at ECC SMS's ECIES.
greetings
Ok, I understand
I have another question,
All mesage between two phone go from viber mesage, but I want go sms mesage.
How set this?
igorir said:
Ok, I understand
I have another question,
All mesage between two phone go from viber mesage, but I want go sms mesage.
How set this?
Click to expand...
Click to collapse
Interesting.
This is normally not possible. I installed Viber and there is a point in properties in english like "answer free with Viber instead of SMS".
But Viber should not be able to interrupt outgoing SMS
Maybe your Viber just shows SMS from inbox?
greets
you're right, my Viber just shows SMS from inbox, and all is Ok,
What is difference between paid version and free version?
In free version encryption is very strong and crypted message using much character in SMS.
example; word " I'm going home " use two regular SMS space 160 character.
igorir said:
you're right, my Viber just shows SMS from inbox, and all is Ok,
What is difference between paid version and free version?
In free version encryption is very strong and crypted message using much character in SMS.
example; word " I'm going home " use two regular SMS space 160 character.
Click to expand...
Click to collapse
paid supports the developer
no ads, no popup in sms write page and no waiting if you use it often.
Yes minimal Messagelength is 2 SMS. This is because of the heavy encryption.
For comparision:
If you would RSA encrypt at same security level (with a 15000+ bit key), the message with just one word would need 20+ SMS and encrypting would take some minutes.
WOW, it's very strong encryption
What is the ratio the length of the key, for same security level between RSA and ECC?
igorir said:
WOW, it's very strong encryption
What is the ratio the length of the key, for same security level between RSA and ECC?
Click to expand...
Click to collapse
The ratio is not constant. so i show you this table:
greetings
added CDMA2000 support (for verizon/sprint customers).
jurtsche said:
added CDMA2000 support (for verizon/sprint customers).
Click to expand...
Click to collapse
This app is very promising especially with regard to the level of encryption and speed of encryption.
However as someone pointed out on google play reviews and was not responded to -
The fact that the app auto decrypts the received encrypted message and write it as plain text to phone memory is a potential risk, as then even if the user then deletes this plain text message from the phone, it can still be resurrected with forensic tools from the phone memory.
A solution will be - for the app to show the decrypted message within ECC SMS only and not write to the phone sms database.
...and also access to any database within ECC SMS should be encrypted.
Can you comment on this please.
Thanks
b00b said:
This app is very promising especially with regard to the level of encryption and speed of encryption.
However as someone pointed out on google play reviews and was not responded to -
The fact that the app auto decrypts the received encrypted message and write it as plain text to phone memory is a potential risk, as then even if the user then deletes this plain text message from the phone, it can still be resurrected with forensic tools from the phone memory.
A solution will be - for the app to show the decrypted message within ECC SMS only and not write to the phone sms database.
...and also access to any database within ECC SMS should be encrypted.
Can you comment on this please.
Thanks
Click to expand...
Click to collapse
Hi boob,
first point: pgp and ecc sms are here to protect the transmission of the sms messages and not the security of your phone.
also, if the message would be saved in a ECC SMS's database, it would be the same piece of memory.
second point:
if your phone is not secure, any secure transmission will not be.
then there is no way to make the phone secure.
if you need a password to enter the ecc sms message memory, an spy app could just log you keyboardinput.
in the case - there would be a clean phone:
there are many problems with an encrypted database - why?
if you get a sms message, how would the message be saved in this encrypted database without knowing the password?
so, you would have to enter the password everytime to allow ecc/pgp sms the encrpytion of the message in the database.
else, if you have a "save password" option - once more every thing is somewhere on the memorycard and useless.
do you understand?
PS: In Android 4.2+ (4.4) there is no way to save the messages in sms inbox anymore.
so i will have to do some work anyway to make pgp/ecc sms work fine there.
greetings
play.google.com/store/apps/details?id=com.kstych.SecureIM
Do you care if your messages are scanned/read/provided to the highest bidder or the authorities without ever asking or even notifying?
SecureIM is the first Secure-Chat application which is built to protect you from any possible or potential leak of privacy. These days organizations spy on our chats to target ads and Governments in the name of security, however there is no excuse of not demanding and having access to privacy when we want.
SecureIM secures your communication in 2 ways
1. Secure Transmission :- A chat message will be encrypted and only readable on the device it is sent to/from.
2. Single Use Keys :- The Keys generated while messaging are discarded when the application is closed, which means it is impossible to decode a message once the app is reloaded.
The application is extremely simple to use, no need to bother about the complexities of encryption and underlying privacy details, rest assured your messages will always be out of reach from snoopers.
This app uses Public Key Cryptography, each session generates its own private/public keys.
Keys are never stored but kept in memory until the app is running.
So it'll support XMPP?
Or just gtalk?
supports xmpp
Sleepy! said:
So it'll support XMPP?
Or just gtalk?
Click to expand...
Click to collapse
yes, the app uses XMPP below the encryption layer, and so any XMPP server is supported, however this version is binded to login to Google talk server
Thanks
Hufu is a next generation encrypted messenger that combines best-in-class message encryption seamlessly with an intuitive user interface. Unlike the mainstream encrypted messaging applications, Hufu encrypted messages pass from your mailbox directly to the recipient's mailbox, removing the possibility for the software provider to compromise your communication security directly, by, e.g., MITM attack, or blocking your IP from accessing the server, or indirectly by collecting your metadata.
__________________________________________
HIGH STRENGTH END- TO-END ENCRYPTION
All messages are encrypted before they leave your phone and not decrypted until they reach the receiver's phone, encryptions are implemented using highly secure and efficient industry-standard algorithms(128 bits AES-GCM for symmetric encryption, and 2048 bits RSA for public key encryption ). Keys are stored locally in an encrypted database, with each page encrypted using a separate key. Additionally, connections to the mail servers are protected with SSL/TLS whenever possible.
__________________________________________
COMPLETE AND PROVABLE PRIVACY PROTECTION
Ciphertexts or plaintexts, all of your data belong to you! Hufu never connects to any server run by us(which can be easily proven by wiretapping your own connection or scrutinizing the code), thus there is no
possibility we collect or store your data without your permission, or violate your privacy in any other way. All private chat messages are deleted from your mailbox 24 hours after they are received/sent.
__________________________________________
MINIMALISTIC DESIGN AND INTUITIVE UI
Completely private chat has never been easier as Hufu makes encrypted messaging a seamless experience in a decentralized environment. The UI is designed under the principle of KISS(keep it simple, stupid), the number of UI elements are kept to a minimum but tuned to improve user's operational security awareness. Setting up is a breeze, all cryptographic processes happen under the hood and are unnoticeable. It should take less than minutes for a user completely new to Hufu to set up his Email account and start using Hufu.
__________________________________________
ROBUSTNESS
Any IMAP-supported mailbox can in theory be used with Hufu, making it nearly impossible to censor all Hufu encrypted messages, and the serverless and open source nature of Hufu allows it to function independent of the status of our business.
__________________________________________
MINIMUM PERMISSIONS
Device & app history
* retrieve running apps
Identity
* find accounts on the device
Photos/Media/Files
* access USB storage filesystem
* modify or delete the contents of your USB storage
* read the contents of your USB storage
__________________________________________
OTHER
* close other apps
* full network access
* view network connections
* control vibration
* use accounts on the device
__________________________________________
Precautions:
1. Avoid using on rooted devices, rooting could potentially allow malicious memory snapshotting/key recording programs to be installed without the user's consent, and breach Hufu's security.
2.If you are using any third-party software to manage your processes, please make sure that Hufu is allowed to run in the background, otherwise the retrieval of your messages may be delayed.
https://play.google.com/store/apps/details?id=com.wikimediacom.clipboard.encrypt
1. Why do I need to encrypt?
I often need to transmit sensitive information, personal information on the network. But often SMS, eMail is not encrypted transmission, that is, this information will be exposed to the transmission.
In addition, my common Messenger, Facebook, WhatsApp, Wechat, Line, Telegram dialogue information is operator control, that is, personal conversation information is a risk of leakage.
I often need to store sensitive information and personal information on my mobile phone. But these files are stored in plain text, that is, they will be exposed to risk.
2. What is Clipboard Encrypt
A tool to encrypt and decrypt sensitive information, all apps can use it when editing text.
3. How to use Clipboard Encrypt
The usage is very simple, set the password for encryption and decryption, after opening the function:
* If it is plain text: long press text -> select text -> copy -> paste to achieve encryption
* If it is ciphertext: long press text -> select text -> copy -> paste to achieve decryption
* The ciphertext looks like {{ciphertext}}
4. When to use Clipboard Encrypt
* The SMS sender and receiver agree on the password, the sender encrypts when composing, and the receiver decrypts after receiving the message.
* The eMail sender and receiver agree on the password, the sender encrypts when composing, and the receiver decrypts after receiving the message.
* The sender and receiver of the Messenger agree on the password, the sender encrypts when composing, and the receiver decrypts the message after receiving it.
* Encrypt when composing text, decrypt when restoring text
5. Is Clipboard Encrypt safe?
Clipboard Encrypt uses the standard AES encryption algorithm.
It uses AES with a random salt and random IV. The salt and IV (which are not considered sensitive information) are saved at the beginning of the data.
6. What is AES
AES is based on a design principle known as a substitution–permutation network, and is efficient in both software and hardware. Unlike its predecessor DES, AES does not use a Feistel network. AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.