FAQ

Safester is a software and a service which offers strong end-to-end encryption for emails and files. Safester has been designed from the ground to be very easy to install and to use, and to give maximum comfort to its users. It requires no training or dedicated encryption skills.

Safester lets you exchange encrypted messages and files with other Safester users and invite non-user to open a free account for messages decryption. So you can virtually encrypt messages to anyone you’d like.

The system is closed for ease of use and added security but relies on an open encryption standard, OpenPGP, which is widely adopted and supported by security experts.

Safester operates in the cloud both for convenience and security: all your files and messages are stored encrypted on our servers.
This allows you to access your account from any PC, Android or iOS device. Encryption techniques used guarantee that your files can’t be read, even in the occurrence where one of our servers is hacked.

Standard email doesn’t provide any confidentiality. The only way to guarantee that critical pieces of information you exchange are secure is to use an end-to-end encryption solution like Safester. With such solutions, the message is encrypted from the computer it is written on to the computer it is read on. Only the sender and the specified recipients can read the message.

There are other software packages which fulfill this vital need of end-to-end encryption, but they are generally complicated to install, to configure, to learn, and to use. Safester installs in less than a minute and requires zero configuration and zero learning.

People use Safester daily to secure communications with their attorney, physician, banker, agency, client, intellectual property lawyer… And to protect themselves from unscrupulous competitors, identity thieves, dishonest network administrators amongst others.

Safester has initially been created for corporations, small businesses and professionals. A lot of efforts went into enabling all key platforms (Windows, macOS, Linux, Android, iOS) and solving for enterprise proxy and firewalls. Our goal was to provide a company and its network of clients, agents, providers a robust encryption platform, but still very easy to use.

That being said, Safester works very well for individuals alike and is a great and simple way for anyone to guarantee the confidentiality of their online communications.

Yes, you can. You just need to use the regular email address of the recipient!

When a recipient of your message doesn’t have a Safester account, we provide a simple solution in order to facilitate the exchange. Safester encrypts the message with a server master key and send an invitation to the recipient. When the recipients has signed up and created a Safester account, the message is decrypted by the server using the master key and re-encrypted for the recipient. The copy that was kept on the server is permanently deleted.

If you are not comfortable with this and want to guarantee the true end-to-end confidentiality of a particular message, we encourage you to invite your recipients directly and wait for them to have a Safester account before sending the message – you can securely store the message in the meantime in your draft folder. This way, your message is never encrypted with our master key.

All they need is to install the client software on their PC or Mac (or on their Android or iOS device) – which takes less than a minute and requires no special privileges.

Our software makes it a breeze to send an invitation to join and will even store your message as a secured draft to be sent automatically once your correspondent has created an account.

No. There is no charge on receiving emails on Safester.

The maximum size of an attachment depends on the type of account you subscribe to.

The limits are 50Mb for a Free account, 200MB for a Silver account, 1Gb for a Gold account and size is unllimited for a Platinum account.

Safester works with any type of file attachment, like pictures, movies, office documents, adobe standards, compressed archives, etc.

A shortlist of type of files you can send: jpeg, gif, png, bmp, html, doc, docx, xls, xlsx, ppt, pptx, pdf, psd, ai, mp3, mp4, mpeg, zip, rar, gzip, exe…

• A major Desktop OS :
  • Windows 64 bits: Windows 7/8/8.1/10.
  • MacOS: 10.8.3+
  • Linux 64 bits: Ubuntu 8.04+, Fedora 9+, RedHat 9, RHEL 5, SuSE 8.2, openSUSE 11.1+, Debian 5.0, etc.
• 256 MB dedicated RAM. (Recommended 512 Mo or greater) .
• 120 MB hard drive space.

There are no prerequisites on Windows :

• Installer contains all necessary and third-party software.
• Installation does not require an Administrator privileged account

There are no prerequisites on macOS:

• Installer contains all necessary and third-party software.
• Installation does not require an Administrator privileged account

Safester client software uses standard https call to communicate with the Safester Server. There are no special prerequisites in order to use Safester, just check the following guideline with your System Administrator:

1. Desktop OSWindows: “java.exe” program must be authorized to make http calls. Check your antivirus & local firewall settings in order to authorize “java.exe” to communicate through http.macOS and Linux: “java” process must be authorized to make http calls. Check your antivirus & local firewall settings in order to authorize “java” to communicate through http.
2. Corporate FirewallThe corporate firewall must authorize inbound and outbound https connections to URLs that start with: https://www.runsafester.net

Yes! Safester works behind proxy.

Yes! Safester will automatically detect your proxy settings. If you need to specifiy proxy settings, hit F2 on main login screen to specify your proxy settings.

Yes! Safester will detect if authentication is required and will thus ask for username/password.

Emails transmission standards were set more than twenty-five years ago, and are highly vulnerable to abuse. That’s why 92% of all emails are spam, and why sending a message under a false “From” is trivial. Back then email was a collaborative tool among scientists, and the emphasis was upon system robustness and interoperability rather than confidentiality. There were no High-Speed Internet, no Wi-Fi, no Laptops that could be stolen, and no way to archive your emails “in the cloud”.T wo things have fundamentally changed in the last few years: “always on” high-speed Internet, and cheap virtually unlimited storage capacity. These factors have enabled the rise of a new class of cybercriminal that can infest your servers, steal huge amount of data, and then mine the data for even minute but critical piece of information.

Not only are your emails vulnerable to eavesdropping, but they remain available virtually forever on your servers, but also on your correspondents servers. Even if you are confident in the security of your IT infrastructure, you still are dependent on your correspondents which will retain your messages for years. For more information about email privacy visit the Wikipedia page.

Most cases of email piracy never make the news, but can nonetheless be highly damaging to your organization. Today email is a collaborative tool critical to the smooth working of business, but without security, that collaboration can turn into destruction.

“It’s not only that you’re only secure as the weakest link in your network”, said Rafal Rohozinski, a member of the University of Toronto Cyber Security Research team. “But in an interconnected world, you’re only as secure as the weakest link in the global chain of information.”

We have put our all of our expertise in providing a secure system to guarantee the confidentiality of your messages. We are using the OpenPGP encryption standard with 256-bit symmetric key and 2048-to-4096-bit asymmetric keys, which most experts today agree is a best-in-class solution (more details on Safester encryption).

Safester is based on the principle of public key encryption, currently the technology that guarantees the highest level of security (as opposed to exchanging passwords, PINs or similar).

We have adopted the OpenPGP standard for our public key encryption system. It is open, widely tested and deployed and as importantly it has been reviewed and recognized by many encryption and security experts worldwide.

For maximum security, we use the double key encryption solution. The principle of public key encryption is based on the existence of a pair of keys for each user (two large numbers generated together and dependent on one another).

• The public key, which is distributed, and is accessible to everyone, which means that anyone can encrypt data for sending to the owner of that key.
• the private key, which is reserved to its owner, and is protected by a password, is the key to decrypting encrypted messages sent to the owner.

This procedure is asymmetric. Anything encrypted using the public key can only be decrypted with the private key! (Hence the name asymmetric encryption which is sometimes used to describe this technique).

Here is a simple analogy: I give you a padlock to which only I hold the key. You use it to lock a box into which you have placed a message. You can send me the box in the post. You can be sure that only I can open the box.

Another interesting characteristic of the asymmetric encryption solution with key pair under the public key system is that the public key is the only one that can decrypt something that was encrypted using the private key. Why would you use the private key to encrypt here when the public key is accessible to everyone???? This process is, in fact, the digital signature: if you can decrypt a message with my public key, you can be certain that it was encrypted using my own private key which only I can use. So you can identify me for certain, and be certain of the nature and the provenance of the data you have just received.

One of the problems with asymmetric cryptography encryption solution is the slow speed of the encryption algorithms due to the size of the keys used, which are huge in order to ensure they can resist every attack (2048 bits, i.e. a number equivalent to 2 to the power of 2048): This slow speed is just as annoying in that the message has to be encrypted using the key for every recipient, which means as many times as there are recipients!

To deal with this problem, the OpenPGP encryption solution combines the mechanisms described above with the techniques of symmetric encryption.

To be completely secure, symmetric algorithms merely require 256-bit keys, so they are much faster. These algorithms are called symmetric because the same key is used to encrypt and to decrypt. This key therefore has to be kept secret because it can be used to decrypt data it had previously encrypted. This is the limitation of this technique used on its own (a secret has to be shared – the key – and how to share it…)

So, let us recap to ensure we fully understand how OpenPGP encryption solution works:

• The message is encrypted with a symmetrical key generated at random.
• This symmetric key is encrypted using the recipient’s public key.
• The encrypted message and the encrypted symmetric key are sent to the recipient.
• The recipient is the only person able to read the message because:
• Only his private key can decrypt the encrypted symmetric key.
• Therefore the recipient is the only one to hold the “open sesame” (the symmetric key) to decrypt the message. The symmetric key allows him to decrypt the message.
• Asymmetric encryption solution has been used only to encrypt a very short amount of data (the symmetric key), so the operation is very short.

Algorithms used by Safester:

The security of Safester is guaranteed by the public key architecture implemented by our technical team. With this type of architecture of file encryption, every user owns a key pair with the following characteristic: something encrypted by one of the pair can only be decrypted by the other part of the pair. With Safester and the OpenPGP standard, you, as the user, generate your own key pair when you activate your account:

• Your public key, accessible to all other users. This allows you to encrypt messages as required.
• Your private key, of which you are the sole owner and user. This is kept confidential. It allows you to decrypt encrypted messages that have been sent to you.

This type of architecture file encryption lets you encrypt data and send it to someone without needing to share a secret (such as a password or combination of words).

The technology used by Safester is currently the most straightforward and secure way of securing email exchanges and of assuring confidentiality of documents and messages.

Public key Private key

File encryption software: protecting the private key

Only the user is able to access and use his private key.

To this end, from the moment it is generated, the private key is protected by a passphrase (a long password) which the user chooses, and is the only person to know it.

The passphrase means that the private key can be encrypted so that it cannot be used by anyone else.

Protecting the private key with the aid of a symmetric key derived from the passphrase.

Encrypting a file

The method used in Safester for email and file encryption is hybrid encryption.

A symmetric key is generated at random and this is used to encrypt the data. This symmetric key, known as the “session” key because it is used only once, is in turn, encrypted, using the recipient’s public key.

Encrypting the file

A symmetric session key (256 bits in size) is generated to encrypt the document. It is used once only. This key, which is linked to a symmetric algorithm (AES or Blowfish) makes it possible the file encryption.

Encrypting the file with a single-use symmetric key

Encrypting the symmetric key

Safester searches for the recipient’s public key on the local machine and on the Safester key servers, and uses it to encrypt the session key.

Encrypting the single use symmetric key using the recipient’s public key.

The protected session key and the encrypted document are now added to the email.

Sending the encrypted symmetric key and the encrypted data to the recipient.

Decrypting a file

When the data is decrypted, the sequence is reversed.

Decrypting the symmetric key

The protected session key was sent with the encrypted file. Safester decrypts this session key using the recipient’s private key.

Decrypting the single use symmetric key using the recipient’s private key.

Decrypting the file

Safester then uses the session key to decrypt the data.

Decrypting the file with the single-use symmetric key

To summarize:

• Data can only be decrypted with the session key.
• The session key can only be decoded by the recipient’s private key.
• The recipient’s private key can only be decoded by knowing his passphrase.

In this way, the sender and the recipient can both be certain that the data they have exchanged is confidential.

You. The recipients you include in your messages. And that’s it. There is no “backdoor” on Safester and because of the end-to-end encryption system we use, nobody other than the recipients your list in your email can decrypt one of your emails. Not even us at Safester. Not even a hacker who would manage to intercept one.

No. We can’t. Your emails are encrypted for you and the recipients of your message solely. We have no “backdoor”.

OpenPGP is an open standard for encryption based on the Pretty Good Privacy software developed by Philip Zimmermann in the 90’s. It is one of the most widely chosen quality cryptographic systems if not the most chosen.

OpenPGP relies on public-key cryptography to provide privacy and authentication in a very secure way.

Safester stores an encrypted version of your private key to give you portability. By keeping your private key (securely) on our server, we give you access to your key and thus your messages from any computer – you aren’t limited to the computer that holds your key.

First, your private key is protected cryptographically: Safester uses your passphrase to create a symmetric key which is used to encrypt your private key. The only way to decrypt your private key is through your passphrase.

Your private key in its encrypted form is only downloaded from the server upon successful login, limiting access to it. On top of this, the transfer between the Safester application and server is secured by HTTPS to prevent interceptions.

Finally, we have put a strong server infrastructure in place and are running the latest version and fixes of our software stack. This is to avoid any external access to the database where the encrypted private keys are stored.

No. Never. Your passphrase is solely used to verify your identity and generate the key to decrypt your private key. We only keep an SHA-1 hashcode in
our records to establish your identity. That hashcode cannot be used to recreate your key as a SHA-1 hash is a one-way function.

We can’t help, because the passphrase is never stored.

If you have any reason to suspect that your passphrase has been compromised in any way, we urge you to contact us so we can suspend your account to prevent any unauthorized access. We will work with you to help you set a new passphrase to re-encrypt your private key. This will replace and erase the previous encrypted version of your private key.

Emails are stored in a combination of databases and file systems. Only their encrypted form is sent, stored and retrieved on our servers because of Safester’s end-to-end encryption system.

In the occurrence where one of our servers is hacked, the confidentiality of your emails is not compromised because the only data stored there is encrypted with your keys which are secured by your passphrase.