parallax background

The lessons of the crypto leak from Crypto AG

Hund,welcher in eine Decke gewickelt ist und müde aussieht.
Power Nap Day
10. March 2020
Teaser Frama Home Office Initiative
Frama Home Office Initiative
19. March 2020
The Washington Post recently revealed the spying of several countries by the West German secret service BND and the CIA. Foreign governments paid the USA and West Germany good money for encryption machines with security holes from the company Crypto AG. Their most secret messages were then read by the CIA and the BND. How could this happen?

Before we try to answer the question, the following terms must be clear and understandable to all.

How did the crypto leak happen?

How the security leak got into the encryption machine of Crypto AG is not explained in the Washington Post report. However, it is known that Crypto AG protected its secrets well. The foreign governments could not rely on external certification, because the systems and algorithms were proprietary, in other words not accessible to the public (Source:, german only). This secrecy was supposed to guarantee their security, but this wasn't the case.

Conclusion - Trust Frama RMail

At Frama-RMail we focus on transparency with regard to certificates and encryption technology. Because it is not the encryption algorithm itself that is the secret, but the adaptation by the user, as with Frama-RMail.

Frama RMail uses 3DES (triple DES) algorithm validated by Microsoft CryptoAPI 2.0 NIST FIPS-140-2 to check the integrity of the e-mail when sending e-mails via Secure PDF. If the email has been tampered, the sender will receive a verification error message instead of a receipt authentication. In addition, Frama RMail uses cryptographic certificate standards with public keys to substantiate trustworthiness. If direct delivery by e-mail is not possible (See article «Solving the encryption issue with TLS 1.2»), the message is encrypted as PDF 256-bit AES, which is salted with a unique encryption key. The PDF is attached to the e-mail.

Conclusion: When it comes to data protection, you should always look for external verifiability of encryption systems, certificate standards and their distribution, such as NIST FIPS-140-2. In addition, Frama RMail provides secure and confidential digital mailings that comply with the General Data Protection Regulation (GDPR Article 5 Paragraph 1f, Article 32).


Comments are closed.