Please rate PrivateSky!

Hi Wilders crew,

I've been a long time lurker on the board, but this is my first official post. My name is Brian Spector, I'm a long time crypto geek, working in infosec for about 20 years.

Last week we launched a new service called PrivateSky, which is a end to end, browser to browser encryption service, for free. Our first product is the PrivateSky for Internet Explorer add-in. Yes, we will come out with Firefox and Chrome soon.

I'd love to see what the board thinks about what we are doing, and if so, what we could improve.

I hope this is the appropriate place to post this, if I'm violating policy (checked, couldn't find anything), then please do let me know and I will delete this.

You can get the free PrivateSky Internet Explorer add-in at:

https://privatesky.me

What does it do?

CertiVox's PrivateSky SaaS is a major innovation in secure inforamtion exchange. The PrivateSky for Internet Explorer Connector add-in is a whole new approach to securing confidential information posted to the web, and anyone can use it. The PrivateSky for IE add-in doesn't require multiple passwords, certificates, or complicated processes to learn. It's simple browser to browser encryption that just works. Use it to encrypt your webmail, Facebook posts and messages, LinkedIn messages and even blog posts. PrivateSky uses the AES encryption algorithm, that means it is super safe!

Enough with the marketing schpeel, here's what we really do:

We operate an encryption key management server in the cloud. Our software connects to our key server to get everyone who enrols what we call a SkyKey. You can think of this like a private key. However, we are using a new form of key agreement called non-interactive authenticated key agreement, based upon bilinear pairing mathematics. No, this is not identity based encryption, this is non-interactive key agreement. It's heady stuff, but it has suffered through 20 years of cryptanalysis and is secured by the DLP.

Now, the thing is, there is no public key. There is only one key, your SkyKey. But, this enables you to create "connection keys", which are regular AES 192 bit keys. The analogy I always use is this: Suppose every time you made a friend on Facebook, a worldly unique AES key was created between you and your friend, and could only be created between you and your friend.

That's what we've managed to do, but in your browser. Oh, and there is a boatload of key protection, rotation, etc., going on in the background.

Again, love to get some feedback. I'm the chief bottle washer at the moment so I can't promise to respond to feedback immediately, but will try my best.

Thank you for giving it a shot and please let 'er rip, the good, bad and ugly.

Cheers,
Brian

 

So in order to use this service, each party has to be a participant with your service. So you can send an email to a friend encrypted if that friend is also using your service....if I am understanding you correctly. But how can you post to a blog or Myspace using this service?

A concern tat people will have is what information can *you* potentially extract from people's communications?

 

Hi, we can't see ANY information you post, as long as you don't give us access to it, that's the beauty of it. You use your webmail, facebook, etc. and as long as we don't have access to it, we don't break the theoretical boundary of being able to re-generate the encryption key.

We're not like Hushmail in that you use our service for transport, we just give you the ability to create and re-create the right encryption keys to secure and view the information you send and receive.

The primary key agreement process itself works like this: If you have the primary private key (SkyKey) you can create the decryption key through the ID input. So if I send something to you, it would be (my SkyKey + your ID "JangoCuni") = unique AES key. To decrypt, you use (your SkyKey + "my ID") to get the same unique shared secret (AES Key). Of course, you use the shared secret value to encrypt the content encryption key.

To answer your question: To encrypt, simply highlight the text, push the apply PrivateSky button in your toolbar, input the receipients email addresses into the Circle of Trust dialog, and then click accept. That's it.

To decrypt, just click the apply PrivateSky button in your toolbar. It happens automatically.

Cheers,
Brian

 

I should mention that it is true, both parties have to be using the service. BUT, the receiving party can sign up AFTER the sender encrypts information for them. This solves that nasty issue of pre-enrolment which is common to PKI. I just need an ID string that represents what your account WILL be at some future date, when you come and register on the service.

Cheers,
Brian

 

Always interested in freeware, but not Internet Explorer or Silverlight.

 

Coverage: http://www.pcmag.com/article2/0,2817,2388080,00.asp?kc=PCRSS05079TX1K0000992

 

This looks potentially really useful. The review is informative as well. Thanks.

 

is this available for chrome or firefox?

 

Not yet.

 

In what mode is the AES used, and how do you address message integrity?

I don't see any information supporting this press release's quote, stating the PrivateSky can:

(My apologies if this is publicly available somewhere and I just didn't see it.)

 

We use authenticated encryption modes of AES.