The lessons of the crypto leak from Crypto AG

Before we try to answer the question, the following terms must be clear and understandable to all.

• Encryption is a process by which a message is modified so that only authorized parties can access it. The message in plain text is modulated with an encryption algorithm that can only be read if it is decrypted first (Source: https://en.wikipedia.org/wiki/Encryption).
• Algorithm is an instruction for the encryption, according to which scheme the process must be executed. In other words, a collection of rules (Source: https://www.tynker.com/blog/articles/ideas-and-tips/how-to-explain-algorithms-to-kids/). An algorithm is therefore not the encryption key, but the instruction for creating the key.
• A certificate ensures that the information is true and is certified by an independent third party (Source: https://gravitational.com/blog/ssh-certificates-explained/).

How did the crypto leak happen?

How the security leak got into the encryption machine of Crypto AG is not explained in the Washington Post report. However, it is known that Crypto AG protected its secrets well. The foreign governments could not rely on external certification, because the systems and algorithms were proprietary, in other words not accessible to the public (Source: https://www.aargauerzeitung.ch/leben/spionage-thriller-um-die-schweizer-crypto-ag-so-funktioniert-verschluesselung-136373113, german only). This secrecy was supposed to guarantee their security, but this wasn't the case.

Conclusion - Trust Frama RMail

At Frama-RMail we focus on transparency with regard to certificates and encryption technology. Because it is not the encryption algorithm itself that is the secret, but the adaptation by the user, as with Frama-RMail.

Frama RMail uses 3DES (triple DES) algorithm validated by Microsoft CryptoAPI 2.0 NIST FIPS-140-2 to check the integrity of the e-mail when sending e-mails via Secure PDF. If the email has been tampered, the sender will receive a verification error message instead of a receipt authentication. In addition, Frama RMail uses cryptographic certificate standards with public keys to substantiate trustworthiness. If direct delivery by e-mail is not possible (See article «Solving the encryption issue with TLS 1.2»), the message is encrypted as PDF 256-bit AES, which is salted with a unique encryption key. The PDF is attached to the e-mail.

Conclusion: When it comes to data protection, you should always look for external verifiability of encryption systems, certificate standards and their distribution, such as NIST FIPS-140-2. In addition, Frama RMail provides secure and confidential digital mailings that comply with the General Data Protection Regulation (GDPR Article 5 Paragraph 1f, Article 32).