What is the difference between Chiffry and the other communication apps?
Chiffry is a communication platform that combines tap-proof telephone function with encrypted messaging. In addition it offers numerous security and comfort functions. In the face of our extensive safety concept for encrypted communication for all your social contacts, we offer a usual chat experience.
As single provider we offer the application with a high secure key exchange whiche based on modern elliptic-curve cryptography with 512-bit ECDH. All functions are provided with a modern end-to-end encryption.
Chiffry has been awarded with the quality label “IT Security made in Germany”. This means that the entire development of the platform takes place exclusively in our headquarters and will be financed on ourselfs resources. Our servers are located in a german data center, which is certified to ISO 27001. So we are subject to the Federal Data Protection Act – also with regard to metadata. We offers our users a comprehensible laws transparency in contrast to international competitors.
The security concepts, the selecting of the encryption method and the development of Chiffry are oriented by the BSI guidlines, which imply the fulfillment and compliance with other safety standards.
For which operating systems Chiffry is available?
Chiffry is available for Android, iOS, Windows Phone and Blackberry. Currently we are in development of a desktop version for Windows and Mac OS.
What are the diffrences between the basic, premium and business version?
The free basic version of Chiffry provides all necessary functions to interact with you contacts confidentialy. You can write text and voice messages, send videos, contacts, files and locations as well as receive. There are no disadvantages in the encryption compared with the premium or business version.
Additional to the basic functions the premium version offers the option to send files up to 10mb, larger group chats, create broadcasts, use a PIN ore Emoji lock screen with capture protection and back up or restore your chats.
The business version includes the functions of the premium version and additionally the integration of proprietary servers as well for an internal safety communication. The business and basic (or premium) version can be installed at one smartphone simultaneously. The private environment is combined with the business environment at one device and allows the separtion of two communication circles at the same time. The business version also can be customized for example with the integration of the company´s own design (White Label).
What features are planed for the future?
Currently on the roadmap / in development:
a internal Chiffry contact book
Desktop version of Chiffry
Is Chiffry funded by advertising?
Chiffry will always remain free of advertising. We are financed through the sale of premium and business version which are developted for authorities and other companies. The basic version will remain permanently free in the future.
How can you imagine this encryption? Are all data and calls encrypted?
Chiffry encrypts all data including phone calls with help of symmetrical end-to-end encryption. We orient to the most recent recommendations of the BSI and use the 256-bit AES encryption algorithm in GCM mode. This allows the establishment of a secure communication channel between different terminals and the Chiffry servers. All data are encrypted and can not even be seen by Chiffry. They are also completely deleted from our servers after the delivery of your messages .
What happens with my data?
Chiffry is a subcompany of the DIGITTRADE GmbH which is a memebr of the Federal Association for IT security TeleTrusT and carrier of the quality label “IT Security made in Germany”.
Chiffry uses exclusively own servers in Germany, which are only controled and serviced by the provider. Your total communication via Chiffry is encrypted and cannot be read nor tracked. Immediately after the delivery of the encrypted communication there is an automatic deletion on our servers.
Your communication is only for you and your contacts.
Are the metadata veiled?
On server the metadata are only stored minimally for a short timeto deliver the messages. Along with the message it will be destroyed directly after delivery or no longer than 21 days after sending.
How is the crypto key generated and exchanged with Chiffry?
Even with every data exchange the app generates a new 256 bit AES key and transfers its to the receiver with help of the elliptic-curve cryptography (512 bit ECDH).
The key exchange can be imagine simplified: When a user registrate herself/himself a new private ECDH key and a matching public ECDH key will be generated automatically in the background. This key pair is addicted fron another. The private key is stored on users device. In turn the public key is stored on the Chiffry servers. Then the exchange of the AES key is carried by the ECDA key agreement protocol.
For comparison: Online banks usually use 2048 up to 4096-bit RSA encryption. Our encryption method is for 1038 times more complex.
What does the quality label “IT Security made in Germany” of Chiffry means?
It means that the entire development of Chiffry exclusively takes place at the headquarter of DIGITTRADE and will be financed from themself. Our servers are located in a german data center, which is certified to ISO 27001. So we are subject to Federal Data Protection Act- also in terms of metadata. We offer our users a comprehensible laws transparency.
How can I contact Chiffry?
The interaction with our users is very important for us. With the number +28CHIFFRY (+28 244 33 79) we ensure direct contact with our development team to exchange notes, ideas or other wishes. Even in the independent Chiffry forum users can share their experience with the resulting community and our development team directly.
Which security guidelines are considered in your app?
The construction base of the security architecture and the choice of the encryption methods are the BSI directives TR-02102-1 and TR-03111. We also take accound to the internationally recognized standard ISO 27001. This documents a risk-concius corporate and professional management of information security in the company. In addition, our servers in germany are in an ISO 27001 certified data center.
How does Chiffry protects against ‚Man in the middle‘ attacks?
With the help of unforgeable signatures, called Chiffry certificates (512-Bit ECDSA), users can be clearly identified and an interception of messages will be avoided.
How can I protect Chiffry on my smartphone against stranger views?
In the premium version Chiffry includes in addition to a PIN lock screen a Emoji lock screen. This offers an selection of 25 differnt emoji pictures instead of the classic 8-digit PIN numbers and enables more input options. The possibilty of combinations rises up to the 1,525-fold. In addition, the implemented Capture Protection protects against spying out the access code by telltale fingerprints on the smartphone screen. With each code request Chiffry changes the arrangement of the emoji and so does any relief pattern on the smartphone display will be unuseable.
Is the entire source code accessible and visible?
The source code is not publicly available. For customers of the Chiffry Business version we offer the opportunity to do a code audit in our headquarters. In this case a NDA and a serious interest of buying is necessary.
With the disclosure of the source code the Chiffry GmbH would public their entire capital and risk, that the software would copied by anyone.
How long will my messages stored on the Chiffry servers?
Your encrypted messages including meta data will be deleted immediately after they have been successfully delivered to the recipient. If messages are not picked up by the receiver for 21 days, it will automatically deleted. Our servers are located in Germany and are a subject to the German Data Protection Act.
How can I register?
Download and install Chiffry and launch the app. Please pay attention to an active internet connection via WiFi or your wireless service provider.
On the registration page, enter your phone number and tap register. To verify your cell phone and registrate you will receive a confirmation code by SMS. After successful verification, the registration is completed and opens the contac
I have no contacts in my list
Chiffry only displays the contacts who have already installed Chiffry. Tap the option button in the menu and then click synchronize contacts. If a contact, which Chiffry has installed, is not found, check the phone number in your address book.
Is it possible to prevent the access to the adress book of the smartphone? Is it necessary to access?
Yes, the access can be prevented but no names of the contacts will displayed. So contacts only apear in Chiffry if you receive a message at first. We are planning a Chiffry internal contact book, which is completely independent from the normal contact book.
Can someone else register with my phone number on Chiffry?
If another device is trying to register with your mobile phone number when Chiffry only do you get the registration link by SMS. The other device cannot register without the link.
“What do the different transmit status symbols mean for outgoing messages?
In which countries chiffry is available?
+1 Canada / USA
+298 Faroe Islands
+852 Hong Kong
+7 Russian Federation
+378 San Marino
+381 Serbia and Kosovo
+94 Sri Lanka
+44 United Kingdom
Do you read messages of the Chiffry channel?
At first: Yes, we read the Chiffry channel regularly and are happy about every message
Due to the high amount of messages, it’s not possible for us to answer every message personally. However we assure you that all suggestions affect our development and we will answer frequent questions in this FAQ. If your questions won’t be answered by this FAQ or by the manual which you can found in the download section, please write directly to email@example.com and you will receive an answer as soon as possible.
In addition we would like to recommend the forum of a user in which we participate: http://www.chiffry-forum.de/
My Chiffry certificate is valid for only one year, what happens next?
The maximum lifetime of the certificate of one year is used for the communication security. A month before it would expire, it will be automatically renewed and communicated to your callers, thus there is no break in your communication.
What does the lock screen type Emoji (Capture Protection) is about?
The emoji input method uses lighter retention of images which are used to represent the user during authentication. These image sequences can be easily memorized with help of constructed stort stories.
With using the input options of 25 emoji images you get more possibilities of combinations compared with the conventional 8-digit PINs.
In addition the implemented ‘Capture Protection’ helps against access code spying by telltale fingerprints on the screen of your smartphone. For this, the position of the emoji changes with on every request and thus makes an imprint pattern on the screen useless.
There is a new Chiffry update, what should I do?
The updates you can download via the Google PlayStore or on http://get.chiffry.de. You can overwrite an existing Chiffry installation with the latest version. Uninstallation of the old version is not necessary.
What requirements need my phone to install Chiffry?
You need a smartphone with the following features:
Android Version 2.3.3
own mobile phone number with a SIM card
active internet connection via WiFi or through your wireless provider
To register your phone number at Chiffry you must be able to receive SMS.
What is Google Cloud Messaging and what is it used for in Chiffry?
Google Cloud Messaging (GCM) is a hosted Google service that keeps a steady connection from a Google server to the smartphone. In this case, the manufacturer of an app can send a notification to the installed app on your smartphone. These can then be used by the app.
per GCM will be only above-mentioned Token transfered as an app ‘wake up’
a GCM push will always be executed when the app is not connected to Chiffry server and received new messages for the user on the server Chiffry
So messages can be delivered correctly, the Chiffry app requires an active connection to Chiffry server. Some users had partially delays in message delivery. Reasons were, among other things, that the app was closed via Task Manager or energy-saving apps respectively system integrated power saving modes (consciously / unconsciously) were used. In order nevertheless to enable a stable message delivery, we have implemented GCM. If this option is enabled, only a token is sent that identifies a smartphone with installed Chiffry. In this case, no further information is sent, neither message content nor personal data.
Functionality of GCM in Chiffry:
User C wants to start a conversation with user B.
User B’s Chiffry is through energy-saving options not running in the background.
User C sends a message to B on the Chiffry server.
The Chiffry server notices that there is no active connection to B.
Thereupon, the server sends a push via GCM to B to start the Chiffry app.
On the smartphone from B launches the Chiffry process and the message is transmitted to the app directly from the Chiffry server.
C and B join the conversation and exchange a series of further messages.
These are all transferred directly between the Chiffry server and the app, ie there are no other GCM push activities.
Google could only be detected when and how often the Chiffry server sends a push to a user.
This push is neither shed light on whom the Chiffry user exchanged messages with nor the amount of messages.