Blog

CTemplar secure email ARTICLE

CTemplar Checksum Implementation

Currently, all email services have a backdoor to accessing and decrypting their own user’s data. They make their code “Open Source” allowing anyone to review it. However, they do not serve users code from that “Open Source” depository. You must hope and trust you are getting the same audited “backdoor free” code. You are actually served code that is not audited and is being sent from a server that email companies do not allow to be audited. Because of this email services can serve you code with backdoors in it. Recently one End to End Encrypted email service admitted publically that it is true they can decrypt users encrypted data using this vulnerability. You can read more here

Our Solution and How to Perform a Checksum

We are implementing SRI (Subresource Integrity), which is a checksum-like verification integrated in most common browsers. It ensures that all the files the browser is loading, matches exactly what the author provided and confirms that the files were not modified. In the event the files are modified and any of the JS signatures don’t match what the author provided, the browser will refuse to load said JS file and the attack will fail.

This allows users to guarantee that our open source code shown in Github is the same code that they are receiving from our server. We are the first secure email service to have “Zero-Access” to our users data by closing vulnerability.

What is a checksum?

A checksum is a sequence of numbers and letters used to check data for data corruption or tampering. If the author of a program provides a checksum for a file, you can verify – with a checksum tool – if the file you got, is exactly the same as the author’s. For more information, you can also find it here.

How to Perform a Checksum

First, the file “index.html” starts the platform loading process and determines what is loaded, but when doing so, could pose a couple of risks:

  1. Someone/Something could modify the JavaScript files defined in the “index.html” making them harmful without the user’s knowing.
  2. Someone/Something could make “index.html” load more JavaScript files than what the authors intended, making the website harmful to the users without the user’s knowledge.

In any case, if anyone wants to manually verify if our “index.html” wasn’t tampered and is exactly the same as the one being served, we have a guide in GitHub.

Our current checksum is:

SHA-256 checksum of “index.html”:
9363508b363cc5808ab62a6e2ab65ab7426ee0584986b3677bd864441e8df8aa

The CTemplar Team

Register for the World’s Most Secure Email now!

Send unbreakable emails and protect your key professional and personal details trough next-gen encryption.
upgrade to prime