Cyphr Review

Cyphr is an encrypted messaging service from Golden Frog that is currently available for iOS and Android. The apps are free and allow you to communicate with others in a private and secure way. Golden Frog is the company behind VyprVPN, one of the most popular VPN services in the market. One of the advantages of Golden Frog and the services that it supports is that the company owns its own network of servers and it has created its own technology. Only Golden Frog handles the messages sent and received via Cyphr and there are no other parties involved. Their servers are located in Switzerland, which ensures a high level of protection, since the country has solid laws to protect personal privacy.

Secure communication with Cyphr

Before we talk about Cyphr, let’s take a look at how encrypted messaging works. Online messaging services are very popular since they allow people to stay in touch with friends, family, or work colleagues, without having to pay hefty fees. When you send a traditional SMS or MMS, your communications are sent to a mailbox that can be accessed by others, so a lot of people could end up reading your conversations. Even if you are using an instant messaging app, it should be noted that eavesdroppers could gain access to the data that is in transit and since it is not protected with encryption, they will be able to read and even modify information without your authorization. If privacy is important for you, and we are sure that it is, then you need to consider an encrypted messaging solution.

When you use an encrypted messaging service, mathematical keys of different types are generated. The types include symmetric key, which means that the the person who sends the message and the person who receives it, have the same key. The other type of key is a public key, which is the public part of the public-private key pair. The public key of the person who sends the message is used by the sender to ensure that the message can only be accessed by the person for which the message is intended. The public and the private key are related in a mathematical level, enabling the sender’s public key to be used to confirm the identity of the person who sends the message.

Then we have the Private key, which is the private element of the public – private key combination. The sender is able to use their private key to sign the message, allowing the recipient to confirm that it was sent by them indeed. The recipient uses their private key to open the message since it was sealed using their private key and only they can open it. If you use an encrypted messaging service like Cyphr, you can protect your messages from the risks that lurk online. The messages are digitally signed using your private key and the recipient’s public key is used to encrypt them. Then, the service will have to transmit the encrypted message using SSL/TLS, which stand for Secure Sockets Layer/Transport Layer Security, making sure that the metadata is encrypted to the message recipient as well. The person who receives the message, uses their personal private key to open the message. Then, they use the sender’s public key to verify the digital signature and decrypt the original message with their private key.

Because the message is signed and encrypted on the sender’s local machine before it is sent to the recipient, if an unauthorized person tries to access it, they will only see a wall of text known as hash of the original message. In addition, considering that the end message is transmitted with SSL/TLS, they will also be unable to read the metadata. If the message goes to anyone that is not the person that is meant to receive it, they won’t be able to read it since they don’t have the private key needed. If the message is modified, the hash won’t match and the recipient will recognize it, which ensures that the original message only goes to the person it is intended for. Cyphr offers a messaging solution with end-to-end encryption.

How does Cyphr protect you?

The message is encrypted on the sender’s device and it is not possible to decrypt it until it arrives to the recipient’s device. The sender has to create the encrypted message by following the below process.

  1. First of all, the sender creates the message that has to be sent.
  2. Then they sign the message with their private key to ensure that the recipient is able to verify that the message was sent using the sender’s public key.
  3. After that, the sender creates a key that can be thrown away after one time and it only works for that specific message.
  4. The sender encrypts the message and the signature with the one-time key. Then the sender searches the recipient’s public key.
  5. The sender encrypts the one-time key with the recipient’s public key.
  6. The person who sends the message, signs the encrypted one-time key with the sender’s private key to ensure that the recipient knows that they created it.
  7. The sender sends the encrypted key, as well as the encrypted message to the recipient through Golden Frog’s Cyphr servers.
  8. Considering that all of this is done on the sender’s device, there is no one on Golden Frog’s end that can access the original message until its destination is reached and decrypted by the person who is meant to receive it. In addition, since the message is encrypted using a symmetric key that is encrypted by the public key of the recipient, only the recipient’s private key is capable of accessing the key that is needed to decrypt the message. The only information stored on Cyphr’s servers is the encrypted message, the message recipient and the time stamp showing when the message reached its destination. There is no need to store the sender’s data.

To be able to receive and read the message, the recipient has to download the encrypted key and the encrypted message from Cyphr’s servers. The recipient uses their private key to decrypt the symmetric key that is encrypted. This symmetric key is used to decrypt the encrypted message. The recipient searches the public key of the person who sent the message. Then, they use the public key to ensure that the message and the encrypted symmetric key were sent by the person who is meant to have sent them. Given that the private key only exists on the intended recipient’s device, only they can read the message as long as the device is protected as it should. When the message has been successfully received, the information that was stored, is deleted from Golden Frog’s servers. RSA algorithm is used for both public key encryption and verification, while 256-bit AES encryption is applied for symmetric message encryption. The message transmission is secured with TLS to ensure that it is leaves and reaches the servers securely.

Is Cyphr worth considering?

Cyphr can be used for free and once you download the app, you just need to register an account and generate the public and private key pair to start using it. The servers are located in Switzerland and they promise to offer a high standard of protection. If you want to add security to your communications and prefer not to use WhatsApp or Facebook Messenger (which are popular but their security is questionable), Cyphr is an option that should be checked.