| Acid Cryptofiler | |
|---|---|
| Original author | Centre d'Electronique de l'Armement |
| Developer | ACID Technologies (France) |
| Operating system | Windows |
| Type | Cryptography |
Acid Cryptofiler is a cryptographic software program designed by the department for "control of information" (Centre d'Electronique de l'Armement) of the French General Directorate of Armament (Direction générale de l'armement).123 It is an online storage service.4 The software is now manufactured by ACID Technologies (France).2
History
Acid Cryptofiler is on a list of cryptographic software approved for usage by the European Union and by the North Atlantic Treaty Organization,25 and is known to have been used by those organizations as well as by the European Parliament and European Commission since the summer of 2011.6 It was approved for usage in the EU, in version V7, on 29 September 2011.2
In January 2013, as the Red October campaign was being discovered, researchers noted that the malware particularly targeted documents with .acid extensions, referring to documents processed by Acid Cryptofiler,264 including the file extensions acidcsa, acidsca, aciddsk, acidpvr, acidppr, and acidssa.7
Overview
Acid Cryptofiler is based on the integration of government cryptographic libraries, including a CCSD API (CCSD means "Defense Security Cryptographic Layers"). It offers the following functions:
- Asymmetric encryption (cf. public-key cryptography) in archive format (multi-file, multi-recipient) called Acid Archives.
- Volume encryption (containers) in symmetric mode and asymmetric mode.
Acid Cryptofiler is delivered with a directory function to file public keys, that is compliant with LDAP and Active Directory.
A bunch file contains all public keys held by a user. A user can belong to different cryptographic domains (a domain is a CCSD library and a set of cryptographic parameters). Private keys are also stored in a bunch file.
The keys are generated by a centralized office under the responsibility of the chief information security officer. Before a user is given a key (or a pair of keys), he/she must be trusted by the centralized office. In France, Acid Cryptofiler does not fit for defense classified information.3
Acid Cryptofiler was designed and developed by two military engineers of the Direction générale de l'armement.3 It has been delivered since 1999 (version 4, 5, and 7).. It runs on Microsoft Windows.3 The software is classified.8
According to a book by Gérald Bronner, Acid Cryptofiler was so slow that sending an email took 10 minutes.9
References
References
- "CNRS Sécurité informatique n°11 march 2011" (PDF) (in French). March 2011. Archived from the original (PDF) on August 15, 2012. Retrieved August 11, 2013.
- Zetter, Kim (14 January 2013). "Cybersleuths Uncover 5-Year Spy Operation Targeting Governments, Others". Wired. ISSN 1059-1028. Retrieved 6 September 2021.
- Pierre, BARTHELEMY; Robert, ROLLAND; Pascal, VERON (2012-04-16). Cryptographie: principes et mises en œuvre / 2ème édition revue et augmentée (in French). Lavoisier. ISBN 978-2-7462-8816-4.
- Valeriano, Brandon; Maness, Ryan C. (2015-04-27). Cyber War versus Cyber Realities: Cyber Conflict in the International System. Oxford University Press. ISBN 978-0-19-020480-8.
- "List of approved cryptographic products (LACP) for protecting EU Classified Information (EUCI)" (PDF). data.consilium.europa.eu. 5 July 2021. Archived from the original on 2021-09-06. Retrieved 6 September 2021.
- Storm, Darlene (2013-01-14). "Red October 5-year cyber espionage attack: Malware resurrects itself". Computerworld. Retrieved 2021-09-06.
- "Unknown hackers stealing EU files for past five years". EUobserver. 14 January 2013. Retrieved 2021-09-06.
- Walker, Danielle (15 January 2013). ""Red October" spy campaign uncovered, rivals Flame virus". Archived from the original on 9 October 2015. Retrieved 6 September 2021.
- Bronner, Gérald (2019-03-20). Déchéance de rationalité: Les tribulations d'un homme de progrès dans un monde devenu fou (in French). Grasset. ISBN 978-2-246-81281-4.