-
Description
-
Benefits
-
Features
-
System Requirements
-
How To Send Secret
-
How To View Secret
-
How To Share Secret
-
Video Demo
-
Technical Details
Secret 1-2-3™ Technical Details
Summary
The design of Secret 1-2-3™ began nearly 4 years ago, with industry-standard encryption technology. Here's a quick summary: We utilize X.509 Certificates with RSA/2048 keys. Our Secret 1-2-3 message format uses RSA/2048, SHA2 and AES256. The key size of RSA/2048 is projected by RSA and The National Institute of Standards and Technology Computer Security Division (NIST) to be sufficient until 2030.
For definitive peace of mind, all encrypt, decrypt and key generation operations take place on your local computer, and we never possess your private key or email messages.
The Sign Up Process
When you sign up for
your Secret 1-2-3 account we generate your
RSA private and public keys, and a Certificate Signing
Request (CSR) on your local computer. Your CSR is sent to our
server over an SSL connection. The Secret 1-2-3 servers
create a public certificate from the CSR and sign it with
The 123 Corporation's signature key. Your public certificate is then
published on our server. We are using industry standard
X.509 Certificates with RSA/2048 keys.
Key Management
When you click the "Send Secret" button, Secret 1-2-3 checks to
see if all of the recipients are in your Secret List™. If they
are not, Secret 1-2-3 will contact the Secret 1-2-3 servers
to lookup the recipient's public certificate. If the
certificate is found, it is downloaded to your
computer, and the public key is used to encrypt a unique AES-256
message key. When the recipient receives the
encrypted message, they decrypt it with their private key.
New User Handling
For recipients that do not have a public certificate, the message key is AES encrypted with a 32 byte one-time key. In this case, the temporary key is sent to the Secret 1-2-3 Server, and stored securely until the new recipient completes sign up. After the recipient signs up for Secret 1-2-3 they are provided this temporary key which can then be used to only decrypt one message. The temporary key is unique for each message, and can only be used to decrypt messages sent prior to the new user signing up for an account.
For added security and to reduce the risk of malicious files being sent to new users, attachments are not enabled for new users until they have completed the sign up process.