Crypto Bone 2.0 Help Pages

privacy and secure communication
under your control

     
 

Crypto Bone Help Page : KEYS

The one important step you have to finish, before you can communicate with a contact securely is to agree on a 20 character secret (no less), exchange it with you contact in person and enter this initial secret into the Crypto Bone GUI.

This secret gives you full control over the secure communication, because this initial secret is used only on the two endpoints, your and your contact's computer. The initial secret is used to encrypt the first message. After that the encryption key is automatically changed with each message. So you can forget about key management entirely once you and your contact have registered the initial secret at the start of your message exchange.

You have to enter the full SafeWebdrop address of your contact here with a "%" sign, that separates your contact's UserName from the ServerName, on which your contact is registered. One of the features of the SafeWebdrop message exchange protocol is that it accepts the RSA public key of your contact, even if your contact had been registered on some other server that provides the SafeWebdrop service. The initial secret, that only two persons know, is used to allow the use of the contact's RSA key on your server (and vice versa).

There is no need for a contact between the two admins nor is any other public key infrastructure involved here. You and your contact alone "couple" each other with the initial secret you share.

Behind the scenes, when you register a key, you and your contact produce a hashvalue consisting of three parts, both your full SafeWebdrop addresses and the initial secret. These hashvalues are exchanged, once you enter the initial secret in the keys window of the Crypto Bone GUI. If the software on your safewebdrop server finds that your hashvalue matches your contact's hashvalue, the cross-server RSA private key is accepted and can be used for further message exchanges. So nobody else is able to register a false RSA public key, as they cannot produce the required hashvalue, because they don't know the initial secret.

But the server's administrator (on both sides) can independently decide whether or not they will accept cross-server contacts. So please make sure it is enabled, if you need to contact someone you know who is registered on another server. The message exchange between users who are registered on the same server (by one administrator, they have contacted) is enabled by default.