FAQ

Getting to know Safester

What is Safester?

Why Use Safester?

Who uses Safester?

Can I send an encrypted message to anyone?

Can I send an encrypted email to someone not registered? How?

If I send an encrypted email to non-users, what is required for them to read the message?

If I send an encrypted email to a new user, will he have to pay to decrypt my message?

Who has legal Rights to access my account?

Do you have a free version?

What is the maximum size of an attachment?

What type of attachments can I send?

Running Safester on your mobile phone or tablet

What are the requirements for running Safester on Android?

What are the requirements for running Safester on iOS?

Making Safester work on your computer and any enterprise network

What are the system requirements for Safester on Desktop?

What are the prerequisites for installing Safester on Windows?

What are the prerequisites for installing Safester on macOS?

What are the prerequisites for installing Safester on Linux?

What are the Network and Firewall prerequisites in order to use Safester in my corporation?

Does Safester work behind proxy ?

Does Safester detect my PC/Mac proxy settings?

Does Safester support proxy with authentication ?

Security and Cryptography of the Safester software and service

How are emails vulnerable?

How secure is Safester?

In a few words, what kind of encryption do you use?

Can you explain in detail the encryption techniques you use?

How does Safester public-key encryption work?

Who can decrypt my emails?

Can anyone at Safester decrypt my emails?

What is OpenPGP?

Is Safester Open Source?

How have you guaranteed that there is no backdoor in your code?

How can I make sure that the downloaded executables match the published source code?

Why do you propose your own client software? Do you have a plug-in for Outlook, X, Y, or Z ?

Private key, passphrase and email – what is stored on server and how

Do you store my private key?

How do you protect my private key storage?

Do you store my passphrase?

I lost my passphrase! How can you help?

What happens if someone steals my passphrase?

How do you store the emails on the server?

What happens if your server is hacked?

Getting to know Safester

What is Safester?

Safester is a software and a service which offers strong end-to-end encryption for emails and files. Safester has been designed from the ground to be very easy to install and to use, and to give maximum comfort to its users. It requires no training or dedicated encryption skills.

Safester lets you exchange encrypted messages and files with other Safester users and invite non-user to open a free account for messages decryption. So you can virtually encrypt messages to anyone you’d like.

The system is closed for ease of use and added security but relies on an open encryption standard, OpenPGP, which is widely adopted and supported by security experts.

Safester operates in the cloud both for convenience and security: all your files and messages are stored encrypted on our servers.
This allows you to access your account from any PC, Android or iOS device. Encryption techniques used guarantee that your files can’t be read, even in the occurrence where one of our servers is hacked.

Why Use Safester?

Standard email doesn’t provide any confidentiality. The only way to guarantee that critical pieces of information you exchange are secure is to use an end-to-end encryption solution like Safester. With such solutions, the message is encrypted from the computer it is written on to the computer it is read on. Only the sender and the specified recipients can read the message.

There are other software packages which fulfill this vital need of end-to-end encryption, but they are generally complicated to install, to configure, to learn, and to use. Safester installs in less than a minute and requires zero configuration and zero learning.

People use Safester daily to secure communications with their attorney, physician, banker, agency, client, intellectual property lawyer… And to protect themselves from unscrupulous competitors, identity thieves, dishonest network administrators amongst others.

Who uses Safester?

Safester has initially been created for corporations, small businesses and professionals. A lot of efforts went into enabling all key platforms (Windows, macOS, Linux, Android, iOS) and solving for enterprise proxy and firewalls. Our goal was to provide a company and its network of clients, agents, providers a robust encryption platform, but still very easy to use.

That being said, Safester works very well for individuals alike and is a great and simple way for anyone to guarantee the confidentiality of their online communications.

Can I send an encrypted message to anyone?

Yes, you can. You just need to use the regular email address of the recipient!

Can I send an encrypted email to someone not registered? How?

When a recipient of your message doesn’t have a Safester account, we provide a simple solution in order to facilitate the exchange. Safester encrypts the message with a server master key and send an invitation to the recipient. When the recipients has signed up and created a Safester account, the message is decrypted by the server using the master key and re-encrypted for the recipient. The copy that was kept on the server is permanently deleted.

If you are not comfortable with this and want to guarantee the true end-to-end confidentiality of a particular message, we encourage you to invite your recipients directly and wait for them to have a Safester account before sending the message – you can securely store the message in the meantime in your draft folder. This way, your message is never encrypted with our master key.

If I send an encrypted email to non-users, what is required for them to read the message?

All they need is to install the client software on their PC or Mac (or on their Android or iOS device) – which takes less than a minute and requires no special privileges.

Our software makes it a breeze to send an invitation to join and will even store your message as a secured draft to be sent automatically once your correspondent has created an account.

If I send an encrypted email to a new user, will he have to pay to decrypt my message?

No. There is no charge on receiving emails on Safester.

Who has legal Rights to access my account?

Safester is designed to protect your privacy for personal and corporate use. Needless to say it should not be used for illegal activities. We will fully collaborate with formal juridical requests for information. Your messages cannot be opened, because they are encrypted, but logs of your account usage would be provided to authorities.
 

Do you have a free version?

Yes! The FREE edition is a full version: it allows to send and receive messages, including attachments. The Inbox size is unlimited.
This allows Safester subscribers to send encrypted messages to all their contacts and make sure they are read by them without paying anything.
 

What is the maximum size of an attachment?

The maximum size of an attachment depends on the type of account you subscribe to.

The limits are 50Mb for a Free account, 200MB for a Silver account, 1Gb for a Gold account and size is unllimited for a Platinum account.

What type of attachments can I send?

Safester works with any type of file attachment, like pictures, movies, office documents, adobe standards, compressed archives, etc.

A shortlist of type of files you can send: jpeg, gif, png, bmp, html, doc, docx, xls, xlsx, ppt, pptx, pdf, psd, ai, mp3, mp4, mpeg, zip, rar, gzip, exe…

Running Safester on your mobile phone or tablet

What are the requirements for running Safester on Android?

You must have Android 5.0 or higher and approximately 25 MB of disk space.
 

What are the requirements for running Safester on iOS?

You must have iOS 8.0 or higher and approximately 125 MB of disk space.
 

Making Safester work on your computer and any enterprise network

What are the system requirements for Safester on Desktop?

  • A major Desktop OS :
    • Windows 64 bits: Windows 7/8/8.1/10.
    • MacOS: 10.8.3+
    • Linux 64 bits: Ubuntu 8.04+, Fedora 9+, RedHat 9, RHEL 5, SuSE 8.2, openSUSE 11.1+, Debian 5.0, etc.
  • 256 MB dedicated RAM. (Recommended 512 Mo or greater) .
  • 120 MB hard drive space.

What are the prerequisites for installing Safester on Windows?

There are no prerequisites on Windows :

  • Installer contains all necessary and third-party software.
  • Installation does not require an Administrator privileged account

What are the prerequisites for installing Safester on macOS?

There are no prerequisites on macOS:

  • Installer contains all necessary and third-party software.
  • Installation does not require an Administrator privileged account

What are the prerequisites for installing Safester on Linux?

Safester Linux distribution requires Java 11 installation. Many modern distributions
already include Oracle Java 11 or OpenJDK version 11. Check Java Oracle web site to get and install standard Java version: http://www.java.com.Check OpenJDK web site to get and install JDK 11: http://openjdk.java.net/.

 

What are the Network and Firewall prerequisites in order to use Safester in my corporation?

Safester client software uses standard https call to communicate with the Safester Server. There are no special prerequisites in order to use Safester, just check the following guideline with your System Administrator:

  1. Desktop OSWindows: “java.exe” program must be authorized to make http calls. Check your antivirus & local firewall settings in order to authorize “java.exe” to communicate through http.macOS and Linux: “java” process must be authorized to make http calls. Check your antivirus & local firewall settings in order to authorize “java” to communicate through http.
  2. Corporate FirewallThe corporate firewall must authorize inbound and outbound https connections to URLs that start with: https://www.runsafester.net

Does Safester work behind proxy ?

Yes! Safester works behind proxy.

Does Safester detect my PC/Mac proxy settings?

Yes! Safester will automatically detect your proxy settings. If you need to specifiy proxy settings, hit F2 on main login screen to specify your proxy settings.

Does Safester support proxy with authentication ?

Yes! Safester will detect if authentication is required and will thus ask for username/password.

 

Security and Cryptography of the Safester software and service

How are emails vulnerable?

Emails transmission standards were set more than twenty-five years ago, and are highly vulnerable to abuse. That’s why 92% of all emails are spam, and why sending a message under a false “From” is trivial. Back then email was a collaborative tool among scientists, and the emphasis was upon system robustness and interoperability rather than confidentiality. There were no High-Speed Internet, no Wi-Fi, no Laptops that could be stolen, and no way to archive your emails “in the cloud”.T wo things have fundamentally changed in the last few years: “always on” high-speed Internet, and cheap virtually unlimited storage capacity. These factors have enabled the rise of a new class of cybercriminal that can infest your servers, steal huge amount of data, and then mine the data for even minute but critical piece of information.

Not only are your emails vulnerable to eavesdropping, but they remain available virtually forever on your servers, but also on your correspondents servers. Even if you are confident in the security of your IT infrastructure, you still are dependent on your correspondents which will retain your messages for years. For more information about email privacy visit the Wikipedia page.

Most cases of email piracy never make the news, but can nonetheless be highly damaging to your organization. Today email is a collaborative tool critical to the smooth working of business, but without security, that collaboration can turn into destruction.

“It’s not only that you’re only secure as the weakest link in your network”, said Rafal Rohozinski, a member of the University of Toronto Cyber Security Research team. “But in an interconnected world, you’re only as secure as the weakest link in the global chain of information.”

How secure is Safester?

We have put our all of our expertise in providing a secure system to guarantee the confidentiality of your messages. We are using the OpenPGP encryption standard with 256-bit symmetric key and 2048-to-4096-bit asymmetric keys, which most experts today agree is a best-in-class solution (more details on Safester encryption).

In a few words, what kind of encryption do you use?

Safester is based on the principle of public key encryption, currently the technology that guarantees the highest level of security (as opposed to exchanging passwords, PINs or similar).

We have adopted the OpenPGP standard for our public key encryption system. It is open, widely tested and deployed and as importantly it has been reviewed and recognized by many encryption and security experts worldwide.

Can you explain in detail the encryption techniques you use?

For maximum security, we use the double key encryption solution. The principle of public key encryption is based on the existence of a pair of keys for each user (two large numbers generated together and dependent on one another).

  • The public key, which is distributed, and is accessible to everyone, which means that anyone can encrypt data for sending to the owner of that key.
  • the private key, which is reserved to its owner, and is protected by a password, is the key to decrypting encrypted messages sent to the owner.

This procedure is asymmetric. Anything encrypted using the public key can only be decrypted with the private key! (Hence the name asymmetric encryption which is sometimes used to describe this technique).

Here is a simple analogy: I give you a padlock to which only I hold the key. You use it to lock a box into which you have placed a message. You can send me the box in the post. You can be sure that only I can open the box.

Another interesting characteristic of the asymmetric encryption solution with key pair under the public key system is that the public key is the only one that can decrypt something that was encrypted using the private key. Why would you use the private key to encrypt here when the public key is accessible to everyone???? This process is, in fact, the digital signature: if you can decrypt a message with my public key, you can be certain that it was encrypted using my own private key which only I can use. So you can identify me for certain, and be certain of the nature and the provenance of the data you have just received.

One of the problems with asymmetric cryptography encryption solution is the slow speed of the encryption algorithms due to the size of the keys used, which are huge in order to ensure they can resist every attack (2048 bits, i.e. a number equivalent to 2 to the power of 2048): This slow speed is just as annoying in that the message has to be encrypted using the key for every recipient, which means as many times as there are recipients!

To deal with this problem, the OpenPGP encryption solution combines the mechanisms described above with the techniques of symmetric encryption.

To be completely secure, symmetric algorithms merely require 256-bit keys, so they are much faster. These algorithms are called symmetric because the same key is used to encrypt and to decrypt. This key therefore has to be kept secret because it can be used to decrypt data it had previously encrypted. This is the limitation of this technique used on its own (a secret has to be shared – the key – and how to share it…)

So, let us recap to ensure we fully understand how OpenPGP encryption solution works:

  • The message is encrypted with a symmetrical key generated at random.
  • This symmetric key is encrypted using the recipient’s public key.
  • The encrypted message and the encrypted symmetric key are sent to the recipient.
  • The recipient is the only person able to read the message because:
  • Only his private key can decrypt the encrypted symmetric key.
  • Therefore the recipient is the only one to hold the “open sesame” (the symmetric key) to decrypt the message. The symmetric key allows him to decrypt the message.
  • Asymmetric encryption solution has been used only to encrypt a very short amount of data (the symmetric key), so the operation is very short.

Algorithms used by Safester:

Asymmetric Symmetric
Name Size of key Name Size of key
RSA 2048, 3072, 4096 AES 256
DSA/Elgamal 2048, 3072, 4096 AES 256
 

How does Safester public-key encryption work?

The security of Safester is guaranteed by the public key architecture implemented by our technical team. With this type of architecture of file encryption, every user owns a key pair with the following characteristic: something encrypted by one of the pair can only be decrypted by the other part of the pair. With Safester and the OpenPGP standard, you, as the user, generate your own key pair when you activate your account:

  • Your public key, accessible to all other users. This allows you to encrypt messages as required.
  • Your private key, of which you are the sole owner and user. This is kept confidential. It allows you to decrypt encrypted messages that have been sent to you.

This type of architecture file encryption lets you encrypt data and send it to someone without needing to share a secret (such as a password or combination of words).

The technology used by Safester is currently the most straightforward and secure way of securing email exchanges and of assuring confidentiality of documents and messages.

*: Public Key Infrastructure (PKI)

File encryption? : the public key File encryption? : the private key
Public key Private key

File encryption software: protecting the private key

Only the user is able to access and use his private key.

To this end, from the moment it is generated, the private key is protected by a passphrase (a long password) which the user chooses, and is the only person to know it.

The passphrase means that the private key can be encrypted so that it cannot be used by anyone else.

File encryption? : the private key File encryption

 

Passphrase for file incryption

File encryption : Pass key
Protecting the private key with the aid of a symmetric key derived from the passphrase.

Encrypting a file

The method used in Safester for email and file encryption is hybrid encryption.

A symmetric key is generated at random and this is used to encrypt the data. This symmetric key, known as the “session” key because it is used only once, is in turn, encrypted, using the recipient’s public key.

Encrypting the file

A symmetric session key (256 bits in size) is generated to encrypt the document. It is used once only. This key, which is linked to a symmetric algorithm (AES or Blowfish) makes it possible the file encryption.

File encryption : plain file File encryption

 

File encryption : encrypted file
Encrypting the file with a single-use symmetric key

Encrypting the symmetric key

Safester searches for the recipient’s public key on the local machine and on the Safester key servers, and uses it to encrypt the session key.

File encryption : single use key File encryption

 

File encryption? : the public key

File encryption : key
Encrypting the single use symmetric key using the recipient’s public key.

The protected session key and the encrypted document are now added to the email.

File encryption : keyFile encryption : sending data and keyPKI Encryption File encryption File encryption : sending encrypted mail
Sending the encrypted symmetric key and the encrypted data to the recipient.

Decrypting a file

When the data is decrypted, the sequence is reversed.

Decrypting the symmetric key

The protected session key was sent with the encrypted file. Safester decrypts this session key using the recipient’s private key.

File encryption : key File encryption

 

File encryption : single use key
Decrypting the single use symmetric key using the recipient’s private key.

Decrypting the file

Safester then uses the session key to decrypt the data.

File encryption : encrypted file File encryption

 

File encryption : plain file
Decrypting the file with the single-use symmetric key

To summarize:

  • Data can only be decrypted with the session key.
  • The session key can only be decoded by the recipient’s private key.
  • The recipient’s private key can only be decoded by knowing his passphrase.

In this way, the sender and the recipient can both be certain that the data they have exchanged is confidential.

Who can decrypt my emails?

You. The recipients you include in your messages. And that’s it. There is no “backdoor” on Safester and because of the end-to-end encryption system we use, nobody other than the recipients your list in your email can decrypt one of your emails. Not even us at Safester. Not even a hacker who would manage to intercept one.

Can anyone at Safester decrypt my emails?

No. We can’t. Your emails are encrypted for you and the recipients of your message solely. We have no “backdoor”.

What is OpenPGP?

OpenPGP is an open standard for encryption based on the Pretty Good Privacy software developed by Philip Zimmermann in the 90’s. It is one of the most widely chosen quality cryptographic systems if not the most chosen.

OpenPGP relies on public-key cryptography to provide privacy and authentication in a very secure way.

Is Safester Open Source?

All the so-called “client” code executed on phones and tablets is open source and published on GitHub.
(Safester’s source code for Windows, macOS and Linux is being finalized and will be published very soon in OpenSource on GitHub.)

How have you guaranteed that there is no backdoor in your code?

The absence of a backdoor is guaranteed by the fact that all client source code and encryption is open source and published. Therefore, source code can be freely examined by experts in order to verify its quality and security.
The presence of a backdoor or malicious action would be very easy to detect.

How can I make sure that the downloaded executables match the published source code?

The executable code installed on your Android phone or iPhone/iPad is not scrambled. The source code can be obtained from the executable by using the simple reverse engineering techniques available to any modern developer.
(Safester’s source code for Windows, macOS and Linux is published on GitHub.)

Why do you propose your own client software? Do you have a plug-in for Outlook, X, Y, or Z ?

The reason why Safester is a standalone piece of software is that it’s the best way to both guarantee strong encryption and immediate ease of use for all. Internet browsers are susceptible to security threats and having our own software removes any risk that would exist with a web/browser based solution.

We don’t provide plug-in to for email clients software, because it’s much cleaner, easier, comfortable and secure for users to use a dedicated secured environment:

  • There is no technical mess between the email software and the plug-in, no settings and /or complicated rules to decide which message should be encrypted or not, etc.
  • It’s easier for the user to send an encrypted message. (In fact, he has nothing to learn!),
  • There is no risk to mess between clear and encrypted sends,
  • All sensitive messages are centralized, stored encrypted online with strong OpenPGP cryptography and can be accessed from any modern computer.

Private key, passphrase and email – what is stored on server and how

Do you store my private key?

Safester stores an encrypted version of your private key to give you portability. By keeping your private key (securely) on our server, we give you access to your key and thus your messages from any computer – you aren’t limited to the computer that holds your key.

How do you protect my private key storage?

First, your private key is protected cryptographically: Safester uses your passphrase to create a symmetric key which is used to encrypt your private key. The only way to decrypt your private key is through your passphrase.

Your private key in its encrypted form is only downloaded from the server upon successful login, limiting access to it. On top of this, the transfer between the Safester application and server is secured by HTTPS to prevent interceptions.

Finally, we have put a strong server infrastructure in place and are running the latest version and fixes of our software stack. This is to avoid any external access to the database where the encrypted private keys are stored.

Do you store my passphrase?

No. Never. Your passphrase is solely used to verify your identity and generate the key to decrypt your private key. We only keep an SHA-1 hashcode in
our records to establish your identity. That hashcode cannot be used to recreate your key as a SHA-1 hash is a one-way function.

I lost my passphrase! How can you help?

We can’t help, because the passphrase is never stored.

What happens if someone steals my passphrase?

If you have any reason to suspect that your passphrase has been compromised in any way, we urge you to contact us so we can suspend your account to prevent any unauthorized access. We will work with you to help you set a new passphrase to re-encrypt your private key. This will replace and erase the previous encrypted version of your private key.

How do you store the emails on the server?

Emails are stored in a combination of databases and file systems. Only their encrypted form is sent, stored and retrieved on our servers because of Safester’s end-to-end encryption system.

What happens if your server is hacked?

In the occurrence where one of our servers is hacked, the confidentiality of your emails is not compromised because the only data stored there is encrypted with your keys which are secured by your passphrase.