The story so far...

One picture is worth more than a thousand words and the whole 20-year history how a lone cryptographer established a security consulting company that many years later created something that fulfils the highest security needs is summarized on the following timeline:

Timeline

Over the years Trustica has hired people from various backgrounds. We have electroengineering specialists, quality assurance experts, skilled documentation writers, graphical design and pre-press typographers and many loosely associated people that help us creating the product.

Even today we discuss the cryptographic algorithms and their implementations with many fellow cryptographers and we listen carefully to what they say. Security is not a product, it is a process. And a good cryptographic algorithms can make the process smoother.

How it works?

From the user perspective, after plugging Cryptoucan™ into a USB port - with the right software installed - everything just works. The only user interaction required is to confirm the cryptographic operations by entering the PIN when prompted.

Under the hood, the device behaves like a USB-connected SmartCard reader with permanently inserted SmartCard running an OpenPGP application. This might sound a bit complicated at first but it actually makes the experience very smooth as each link in the chain is easily supported by the operating system and application software.

Not only the communication stack over the USB is extremely simple, also only two cryptographic operations are supported by Cryptoucan™. This is a deign decision to ensure that the code is small, clean and easy to audit. Cryptoucan™ supports one algorithm for signing and authentication - the Ed25519 scheme - and one algorithm for encryption - the X25519 standard.

As you can see, there are four major protection approaches used in Cryptoucan™ design. And in spite the design being extremely focused on protecting the private keys, the device can perform all three major cryptographic operations as needed.

Protections

Instead of matrix display that radiates a lot in the radio-frequency part of electromagnetic spectrum, Cryptoucan™ contains a LED display specifically designed to minimize such data leakage.

In modern cryptoanalysis, there are well-described attacks using "side channel" information from the device. The electronic circuitry inside Cryptoucan™ contains explicit countermeasures against such attacks - be it through voltage, current or temperature variations.

Electronic and software protections aside, the device monolithic body is made from hard epoxy resin to ensure it is hard to reach the components. It is quite tamper-evident design.

Kinetis® K81 Advanced Security Microcontroller with all its secure memory and other anti-tampering protections is running the firmware at the core of the device.

Operations

Digitally Signing data means attaching a cryptographically verifiable block that can be created only by the signing person and yet it can be verified by anyone knowing the person's public key.

Encryption is a method of scrambling the data in a way that only someone with the right cryptographic key can read it.

Authentication means proving the identity of the user and verifying the will to actually perform given operation.

How can I use it?

As Cryptoucan™ handles all the required tasks of Signing, Encryption and Authentication, there are different applications used for different tasks. You can see the software compatibility information for yourself below:

Email Communication

With Cryptoucan™, you can sign your messages and your peers may easily encrypt the emails sent to you and be sure that noone else can read them.

SigningEncryption
ThunderbirdSupportedSupported
WebmailSupportedSupported
OutlookExperimental supportExperimental support

Documents & Images

Sensitive information stored on your removable flash drives or stored in the cloud is always at risk as someone unintended might gain access to it. You can easily use Cryptoucan™ to encrypt your private documents and images and rest assured noone unauthorized will get their content.

SigningEncryption
GnuPGSupportedSupported
GPGExSupportedSupported
KleopatraSupportedSupported

Setup & Configuration

Advanced security features require advanced tools. It is possible to use our dedicated application as well as others which you might be more familiar with.

Generating KeysPIN ManagementPersonalization
Cryptoucan™ ManagerSupportedSupportedSupported
GnuPGSupportedSupportedSupported
KleopatraSupportedNot supportedSupported

Remote Access

Securing your infrastructure was never easier. Servers, switches and any other SSH-enabled equipment can be configured in a way that only Cryptoucan™ can give the administrator access.

Authentication
OpenSSHSupported
PuTTYExperimental support

Didn't find what you were looking for? We've got even more plans for the future...

Future Roadmap

All the features mentioned above are just a start. There are many more possible applications that can leverage Cryptoucan™ for securing the critical bits and pieces.

Here you can get a sneak peek into our list of currently planned features:

  • Encrypted containers
  • Local system authentication
  • TLS authentication

And in the future, we will share even more about our development plans here!