Technical Details

Technical Details


Illustrating how a compromised mail server puts risk in exposing attachments to an attacker

A typical messaging session steps.
1. Sender uploads attachments to the mail server. 
2. Copy of attachments sits on the sender's mail server.
3. Message is transmitted over to receiver's mail server.
4. Receiver downloads attachments from the mail server.

If an attacker gets hold of either the network connection or mail server, including your messages, attachments also get compromised - exposing all the sensitive information. Ideally end-to-end encryption methods such as OpenPGP or SMIME are good in providing complete security. However complications in setting up and using them made them not suitable for mainstream.

With Drop and Lock, we are trying to get the balance in providing security and convenience. Talking to many users and personal experience lead us to start with attachments. 



Illustrating how locked/encrypted files are secure even after attacker gets control of mail servers. As a user, you have the total control.

Once attachments are locked with a password, sender needs to share the password through a different medium such as SMS or voice mail. 

Encryption Architecture and Basics:

We are using open standards which are well adopted in many tools and utilities. Following is a simple table with algorithm and its purpose. 


Algorithm Purpose
SHA1/2 (RFC 3174) Hashing
HMAC-SHA1/2 (RFC 2104) File authentication
AES 128/256 (FIPS 197) Encrypting file contents
PBKDF2 (RFC 2898) For key strengthening


Supported file formats and messaging systems:


Drop and Lock supports all file formats and all messaging systems. As the user is creating a copy of original file, lock file can be treated as any other attachment while using your preferred messaging system.

Lock/Encrypted file format:




Every locked file contains three major sections. Header - which contains info such as version name, salt and extra meta data. Encrypted file contents - this section contains your encrypted versions of original attachments. Footer - Authentication signature.

-----
Doc version: 1.1