Secvoice‎ > ‎English‎ > ‎

Cryptographic specifications.

Only for experts.

Communication between our Clients and our Communication Server.
  1. All communication between our communication servers and our clients is encrypted.
  2. Authentication using HMAC - SHA-256 with a cryptographic key of 128 bits.
  3. Key exchange with Elliptic Curve Cryptography of 256 bits.
  4. Symmetric encryption using AES 128 bits mode CBC with random IV.
  5. Protection against replay attacks.
Communication between our clients ( Voice ).
  1. All voice communication between our clients is encrypted.
  2. Authentication using our server authentication ( HMAC - SHA-256 with a cryptographic key of 128 bits ).
  3. Voice authentication.
  4. Voice encryption with authentication HMAC - MD5 with a cryptographic key of 128 bits.
  5. Key exchange with Elliptic Curve Cryptography of 256 bits.
  6. Voice encryption using with AES 128 bits mode CBC with random IV.
  7. Protection against replay attacks.
Communication between our Clients and our Authorization Server.
  1. All communication between our authorization servers and our clients is encrypted
  2. Authentication and encryption using RSA 4096 bits.
  3. Deployment of a HMAC Cryptographic Key of 128 bits
  4. Symmetric encryption using AES 128 bits mode CBC with random IV.
  5. Protection against replay attacks.

Server protection.

  1. Protection against possible robbing of authentication keys ( server hijacking ).
    1. Authentication keys deployed by an Authentication Server.
    2. Source 128 bits authentication keys not deployed in Communication Server.
    3. Authentication keys used in Communication Server can be changed at any moment.
  2. Server can run only with authorized IP address.
Password protection
  1. SHA-256 hash stored.
  2. 128 bits password salt.
  3. 10.000 iterations before store.