German English

Contact

Home Download Versions FAQ

Informations

About us Imprint Privacy policy GTC Update information

FAQ

Frequently asked questions

General

What makes Chiffry different from other communication apps?

Chiffry is a communication platform that combines tap-proof telephony with encrypted messaging and offers its users numerous security and convenience functions. Despite our comprehensive security concept for encrypted communication with your friends, relatives and colleagues, we maintain the familiar chat experience. The application is the only provider to utilise highly secure key exchange based on modern elliptic curve cryptography with 512-bit ECDH. All functions are equipped with modern end-to-end encryption. Chiffry bears the "IT security made in Germany" quality mark. This means that the entire development of the platform takes place exclusively in-house and is financed from our own resources. Our servers are located in a German data centre that is ISO 27001 certified. We are therefore subject to the German Federal Data Protection Act - also with regard to metadata. In contrast to international competitors, we therefore offer our users comprehensible legal transparency. When developing security concepts and selecting encryption methods, Chiffry is guided by the BSI guidelines, which imply the fulfilment of and compliance with further security standards.

For which operating systems is Chiffry available?

Chiffry is available for Android, iOS, Windows Phone and Blackberry. We are currently developing a desktop version for Windows and Mac OS.

What are the differences between the basic, premium and business versions?

The free basic version of Chiffry offers all the basic functions you need to communicate confidentially with your contacts. You can write text and voice messages, send and receive videos, contacts, files and locations. There are no disadvantages in encryption compared to the premium or business version.

In addition to the basic functions, the premium version offers the option of sending files up to 10MB, creating larger group chats and broadcasts (distribution lists), using a PIN or emoji lock screen with capture protection, as well as backing up and restoring chats.

The business version contains the functions of the premium version as well as the integration of the company's own servers to ensure internally secure communication.

The business and basic or premium versions can be installed on a smartphone at the same time. This means that the private and business environments are combined on one end device and allows the two communication channels to be separated at the same time. The business version can also be customised, for example by integrating your own company design (white label).

What future functions can we expect from Chiffry?

Currently on the roadmap / in development:

Encrypted memory
Conference calls
a Chiffry internal contact book
a desktop version

Does Chiffry finance itself through advertising?

Chiffry will always remain ad-free. We finance ourselves by selling the premium and business versions for public authorities and companies. The basic version will remain permanently free in the future.

Data protection and security functions

How can you imagine such encryption? And does it encrypt all data, including telephone calls?

Chiffry encrypts all data, including telephone calls, using symmetric end-to-end encryption. Here too, we are guided by the latest BSI recommendations and use the 256-bit AES encryption algorithm in GCM mode. This enables a secure transmission channel to be established between the various end devices and the encryption servers. The data can only be found there in encrypted form and cannot even be viewed by Chiffry. They are also completely deleted from our servers after delivery.

What happens to my data?

Chiffry is a sister company of DIGITTRADE GmbH. The company is a member of the Federal Association for IT Security TeleTrusT and bears the "IT Security made in Germany" quality mark. Our company only uses its own servers, which we control / maintain exclusively and which are located in Germany. All your communication via Chiffry is encrypted and cannot be read or traced. Your messages are automatically deleted on our servers immediately after delivery. This ensures that your communication is intended exclusively for you and the person you are talking to.

Is the metadata concealed?

The encrypted metadata is only available to the servers in minimal form until the message is delivered. This means that after delivery or 21 days at the latest, both the messages and the associated meta information are irrevocably deleted.

How is the crypto key generated and exchanged with Chiffry?

With each data exchange, the app generates a new 256-bit AES key and transmits it to the recipient using the letterbox principle with the help of modern elliptic curve cryptography (512-bit ECDH). The key exchange can be simplified as follows: When the user registers, a private and a matching public ECDH key are automatically generated in the background. This creates an interdependent key pair. The private key is only stored on the user's mobile device. The public key, on the other hand, is stored on the encryption servers. The AES key is then exchanged using the ECDA key agreement procedure. For comparison: Online banks generally use 2,048 to 4,096-bit RSA encryption. Our encryption method, on the other hand, is 1038 times more complex.

What does the "IT security made in Germany" quality mark mean for Chiffry?

This means that the entire development and programming of the platform takes place exclusively in Germany at DIGITTRADE and is financed from our own resources. Our servers are located in a German data centre, which is certified according to ISO 27001. We are therefore subject to the Federal Data Protection Act - also with regard to metadata - and offer our users comprehensible legal transparency.

How can I get in touch with Chiffry?

Meeting our users is very important to us.
Via Chiffry +28 CHIFFRY (+28 244 33 79)
we ensure direct contact with our development team and at the same time enable the exchange of comments, ideas and wishes on the user side. Users can also share their experiences directly with the resulting community and our development team in the independent Chiffry forum.

Which security guidelines are taken into account in your app?

The BSI guidelines TR-02102-1 and TR-03111 serve as the basis for the structure of the security architecture and the selection of encryption methods. We also take into account the globally recognised ISO 27001 standard, which documents risk-conscious corporate governance and professional management of information security within the company. In addition, our servers are located in Germany in an ISO 27001-certified data centre.

How does Chiffry protect itself against man-in-the-middle attacks?

By using forgery-proof signatures, so-called cipher certificates (512-bit ECDSA), users can be clearly identified and interception of messages is prevented.

How can I protect Chiffry on my smartphone against unauthorised access?

In addition to a possible PIN lock screen, the Chiffry premium version includes an emoji lock screen. The selection of 25 different emoji images offers significantly more input options compared to the classic 8-digit PIN. In total, the number of possible combinations increases by a factor of 1,525. In addition, the implemented capture protection prevents the access code from being spied out by telltale fingerprints on the smartphone display. Each time a code is requested, the arrangement of the emoji is renewed, thus preventing the creation of input or impression patterns.

Is the entire source code accessible and viewable?

The source code is not publicly accessible. For customers of the Chiffry Business version, we offer the opportunity to carry out a code audit on site. This requires both an NDA and a serious interest in purchasing. By disclosing the source code, Chiffry GmbH would publish its entire capital and thus run the risk of the software being copied at will.

How long are my messages stored on the Chiffry servers?

Your encrypted messages, including metadata, are deleted immediately after they have been successfully delivered to the recipient. Messages are also automatically deleted after 21 days if they are not delivered. Our servers are located in Germany and are therefore subject to the Federal Data Protection Act.

Guides and problem solutions

How do I register?

Install Chiffry in the relevant app store and then start the app. Make sure you have an active internet connection via WLAN or your mobile phone provider. On the registration page of the app, enter your phone number and tap register. A confirmation code will be sent to you by SMS to verify your mobile phone number and registration. After successful verification, the registration is finalised and the contact list is opened.

I have no contacts in my list

Chiffry only shows the contacts that already have Chiffry installed. Tap on the Options button in the Contacts menu and on Match contacts. If a Chiffry user is not found, check that the phone number in your address book is correct.

Can access to the smartphone's address book be prevented or is access necessary at all?

Yes, access can be prevented. Consequently, no contact names are then displayed. For contacts to be displayed in this case, it is first necessary to receive a message from the person in question. We are currently planning a Chiffry internal contact book, which works completely independently of the normal contact book.

Can someone else register with Chiffry using my phone number?

As soon as another device tries to register with Chiffry using your mobile phone number, only you will receive the registration link by SMS. The other device cannot be registered without this link.

What do the different send status icons mean for outgoing messages?

Message is being sent

Message has arrived on the server and is forwarded to the contact

Message has been delivered

Message has been read

Message could not be delivered (e.g. if you have an old certificate)

In which countries is Chiffry available?

Are messages read via the Chiffry channel?

First of all: Yes, we read the Chiffry channel regularly and look forward to every post. Unfortunately, due to the large amount of feedback, we are currently unable to answer every message personally. However, we assure you that all suggestions for improvement will influence our further development and we will answer frequently asked questions in this FAQ. If your questions are not answered by this FAQ or the manual, which can be found in the download area, please contact info@chiffry.de and you will receive an answer within a very short time. We would also like to recommend the forum of a user in which we participate: http://www.chiffry-forum.de/

My Chiffry certificate is only valid for one year, what happens after that?

The certificate has a maximum lifespan of one year to ensure the security of communication. One month before it expires, it is automatically renewed and communicated to your call participants so that your communication is not interrupted.

What does the lock screen type Emoji (Capture Protection) mean?

The emoji input method utilises the easier memorisation of images that are used as a proxy to authenticate the user. These image sequences can be memorised more easily during input by constructing short stories. With the help of the larger number of input options (25 emojis), a multiplication of possible combinations (1525x) is achieved compared to conventional 8-digit PINs. In addition, the implemented 'Capture Protection' helps to prevent the access code from being spied out by telltale fingerprints on the smartphone display. For this purpose, the position of the emojis is changed each time the code is requested, rendering a print pattern on the display unusable.

How do I delete my Chiffry account?

Your Chiffry account can be deleted within the app in the settings. In the settings, click on "Profile" and then on "Manage data". Here you have the option of irrevocably deleting your account. Please note that you will only be able to log in again with your phone number after 24 hours. If you have already removed the app from your device, please contact us by e-mail with your previously registered telephone number and we will delete your account

Android

There is a new Chiffry update, what should I do?

You can download the updates via the Google PlayStore or at http://get.chiffry.de. You can overwrite an existing Chiffry installation with the latest version. It is not necessary to uninstall the old version.

What requirements must my smartphone fulfil in order to install Chiffry?

You need a smartphone with the following features:

Android version 2.3.3 or higher
your own mobile phone number with SIM card
Active Internet connection via WLAN or via your mobile phone provider
To register your telephone number with Chiffry, you must be able to receive SMS.

What is Google Cloud Messaging and what is it used for in Chiffry?

Google Cloud Messaging (GCM) is a service provided by Google that maintains a constant connection from a Google server to the smartphone. The manufacturer of an app can send a notification to the app installed on the smartphone. This can then be analysed by the app. The Chiffry app requires an active connection to the Chiffry server so that messages can be delivered properly. Some users experienced delays in the delivery of messages. Reasons for this included the app being deliberately closed via the task manager or energy-saving apps or energy-saving modes integrated in Android systems being used (consciously/unconsciously). We have implemented GCM to ensure stable message delivery. If this option is activated, only a token is sent that identifies Chiffry on the respective smartphone. No further information is sent, neither message content nor personal data. How GCM works in Chiffry:

only the above-mentioned token is transmitted via GCM to "wake up" the app
a GCM push is always executed if the app has no connection to the Chiffry server and new messages for the user are received on the Chiffry server

Example: User A wants to start a conversation with user B. Chiffry is not active in the background for user B due to energy-saving options. User A sends a message for B to the Chiffry server. The encryption server notices that there is no active connection to B. A push is then sent to B via GCM to start the Chiffry app. The encryption process starts on B's smartphone and the message is transferred directly from the encryption server to the app. A and B start a joint conversation and exchange a series of further messages. These are all transmitted directly between the encryption server and the app, i.e. there is no further GCM push activity. Meta data: Google could only record when and how often the Chiffry server sends a push to a user. However, this push does not provide any information about who the Chiffry user is in contact with or how many messages are exchanged at what time.

How can push notifications be activated on Huawei and Honor?

The EMUI of Huawei Android uses very aggressive power saving methods. These Huawei proprietary features make it very difficult for the Chiffry app (and other instant messaging services) to be accessible in the background. Please follow the steps below:

Go to Settings -> Settings -> Battery manager -> Protected apps and search for the app (Chiffry) and protect it. By protecting this application, Huawei's software recognises that this application is not closed in the background.
Go to Settings -> Apps -> Advanced -> Ignore optimisations and search for the application (Chiffry) and click on Ignore. Don't be fooled by the misleading name. It simply means that the application will continue to run because you are telling the battery optimisation function to ignore this app.
Go to Settings -> Notification panel and status bar -> Notification manager and search for the app (Chiffry) and activate "Allow notifications" and "Display with priority". Priority activation is required to ensure that you receive notifications.
Now restart your smartphone.

Android 8
If you have a device with Android 8 or newer, you must also allow unrestricted access to data. To do this, go to: Settings -> Apps -> Settings -> Special access -> Unrestricted data access, select (Chiffry) and allow access.

iOS

What are Chiffry coins?

Chiffry Coins are an internal Chiffry currency for purchasing the premium version in iOS. Each coin is worth one month and is credited to the user account as premium time immediately after purchase.

Chiffry GmbH

+49 (0) 345/ 2317352

info@chiffry.de

shop.chiffry.de

Chiffry GmbH © 2023

How to reach us:

Phone: +49 (0) 345/ 2317352 Fax: +49 (0) 345/ 6138697 E-mail: info@chiffry.de Contact us

Infomations:

Home GTC Privacy policy Imprint About us

All about Chiffry:

Download Update information Versions FAQ

Social Media / Shops:

Facebook Youtube Linkedin DIGITTRADE Shop Chiffry Shop