Closed group communication
No.1 BC: Mail communication is possible only between people, who have active No.1 BC card and installed No.1 BC: Mail application. To communicate securely, users should exchange their public keys.
Why exchange public keys
By sending your public key you authorize other users to send you encrypted emails. People, who do not have your public key will not be able to send you emails via No.1 BC: Mail.
Find Key Requests option under menu icon.
To send a new request select Request Key button
Enter recipient’s address and send your key request
Sending public key
Initial launch of the application generated a pair of asymmetric RSA-2048 keys on-card. Public key is sent to other users to encrypt emails. Public keys may be sent to as many users as you need, also, public key may be accepted from as many users as you need. Private key (used only for decryption) always stays locked on-card and is never copied outside of the card. Each No.1 BC: Mail user has own unique private key which is always kept secret and protected with PIN.
Latest received requests will appear on top of the list under Incoming tab. Red asterisks * will also alert about new key requests.
When you open incoming request, it will show 3 options. Reject option will delete request. Select Accept to communicate securely with this person.
Storing public keys
If receiver opts to Accept key request the System saves received public key to database and sends out own public key in return. As a result both users have public keys of each other.
As a final step of key exchange process request initiator also receives the public key as a confirmation that another user agreed to communicate securely.
To be short...
In No.1 BC: Mail public key exchange looks something like this:
No.1 BC: Mail uses hybrid encryption method to encrypt mails. Every time for email encryption the System generates random symmetric-256 key and encrypts mail message. Asymmetric public key (RSA-2048) which was obtained previously on key request stage will encrypt a random message key. See details below.
Send encrypted mail
Write the message, which you would like to encrypt and send. You will be requested to enter your PIN. By entering PIN you confirm your ownership of No.1 BC card and initiate a chain of encryption processes.
When PIN is confirmed the System generates one-time random symmetric key, which will encrypt only the mail you just wrote.
Random one-time key
Each new email will have a new random symmetric key. It eliminates any attempt to read emails if someone tried to compromise encryption.
The System uses random encryption key, processes data and returns encrypted mail.
System searches public key repository for the key, which is associated with the person, who is going to receive the mail.
Encrypting random symmetric key
One-time message encryption key is locked (encrypted) with the mail receiver’s public RSA key. Only matching private key can unlock the package.
Only intended receiver
Architecture of No.1 BC: Mail is designed the way so only intended user may read the mail which was addressed to that user. No one else can gain access to decryption process or read the message.
Newly arrived email
Latest emails are always displayed on top. Select the mail you would like to read in your inbox.
It shows some abracadabra “as is” until you decrypt the message
Select Decrypt from available mail options
System will request to enter PIN from No.1 BC card
Arrived package of encrypted data
To confirm that you are truly intended receiver of the mail, you need to access decryption functions of the private key which is locked on-card.
Private RSA key is generated on-card and is never copied outside of the card or elsewhere. When you enter your PIN the card uses private key, launches decryption functions and unlocks required one-time message key
Released message key
Unlocked (decrypted) symmetric key is used to decrypt the actual message, which is then translated on-screen as plain text.
This chain of complex data transformation ensures that the message written on one end will be read only by intended receiver on the other end.
Core No.1 BC: Mail features
- Private key locked on-card is used only for decryption
- To launch private key decryption user needs to enter PIN. 3 wrong attempts to guess PIN number locks the card and erases all data.
Real digital privacy
No.1 BC: Mail makes mail interception useless and keeps private information private. Not only does it use strong encryption aglorithms, but also eliminates unauthorized access to encryption and decryption processes by requesting to enter PIN.