X-IM: Encrypted Instant Messaging
XIM: Encrypted Instant Messaging Download the Free X-IM Software Now X-IM Features - Standard and Pro Versions Our security and encryption technology explained. Help section for X-IM Software. Advertising Opportunities Our Privacy Statement




erikmartin.com

X-IM's Public Key Infrastructure

Each member of the secure network generates two unique key-pairs, an encryption pair and a signature pair. Each of these key-pairs contains a private key and a public key. The private keys are encrypted and stored locally. The public keys are securely transmitted to the X-IM server, and from there shared with anyone who wishes to securely communicate with you. After the X-IM Server authenticates your public keys, it attaches its own digital signature to them. This allows any user who wishes to communicate with you to know that the public keys being used are your genuine public keys and have not been tampered with, or substituted with someone else's public keys.

In practice, if A is sending a message to B on the X-IM system, then the following steps will take place:

  1. A receives B's signed public keys from the X-IM server.
  2. A verifies the X-IM signature of B's public keys.

    3. (steps 1 and 2 do not have to be repeated for each message)

  3. A encrypts the message using B's public encryption key
  4. A signs the encrypted message using A's private signature key. (A is uniquely able to perform this "private key operation".)
  5. The signed encrypted message is transmitted from A to B (the transfer of which is enclosed in a completely separate layer of encryption)
  6. B receives A's signed public keys from the X-IM server.
  7. B verifies the X-IM signature of A's public keys.

    8. (steps 6 and 7 do not have to be repeated for each message)

  8. B verifies A's signature on the received message using A's public signature key.
  9. B decrypts the received message using B's private encryption key. (B is uniquely able to perform this "private key operation".)

Thus the message was transmitted from A to B, with A knowing that only B can read it, and B knowing that only A could have sent it.

As with almost all implementations of public key cryptography, X-IM uses a hybrid symmetrical/asymmetrical system. The public/private key encryption described above is the asymmetrical part. The operations required for this would be too time consuming to apply to large messages. Therefore, instead of using this method to encrypt and sign the message itself, it is used to encrypt and sign a symmetrical key. A symmetrical key, or session key, is a unique key which is randomly generated for each message, and both encrypts and decrypts the entire message. Therefore, the entire security of the message resides in the security of the session key. Therefore in the example above, A generates a random session key, encrypts the message with it, then encrypts, signs and transmits the key to B according the the steps above, and also transmits the actual encrypted message. Since A knows that only B can decrypt the session key, he knows that only B can read the message. Since B knows that only A could have sent the session key, he knows that only A could have sent the message.

In practical terms, performing these steps with X-IM simply involves A typing a message and clicking a "send" button, and B seeing the message show up from A. The rest is done by X-IM behind the scenes in a matter of milliseconds.






Download |  Features |  Our Encryption |  X-IM Cryptosystem Overview |  Support |  Contact/About Us |  Advertise |  Press Releases |  Privacy Statement |  Reseller Program

© Copyright 2003-2004 X-IM Software.     X-IM and X-IM: Encrypted Instant Messaging are trademarks of X-IM Software.