The Opolis Message Security Architecture –
Explained Simply ....
The purpose of this brief paper is to explain in basic terms what happens when an Opolis E-Mail is created, subsequently sent and then read by the authorised Recipient.
To start with, Opolis uses a so-called Onion Security Model whereby a total of 5 layers are set on top of each other. The purpose of this architecture is to make the main message of the Opolis E-Mail absolutely secure, but also during transmission all related information to the message, such as by whom and when the message was sent. That is also why only Opolis Users can only send secure Opolis E-Mails among each other, as outside Opolis this security mechanism could not be maintained.
I. Logging into Opolis
Precondition to using Opolis is that each Opolis User has already successfully created an Opolis Secure E-Mail Account. When logging into Opolis via the Opolis Secure Mail Client, an Opolis User is authenticated vis-a-vis the Opolis Secure Mail Server on the basis of a unique Log In Name (with at least 8 characters) and a Password (with at least 8 characters).
- The chosen and actually typed in Password will be extended to at least 16 characters and repeatedly hashed by the Opolis Secure Mail Client.
- Both, the Log In Name and the processed Password are both encrypted with the Public Key of the Opolis Secure Mail Server. This Public Key of the Opolis Secure Mail Server is already embedded in the Opolis Secure Mail Client. This measure guarantees that the actual typed in Password, which is needed to decrypt the secret individual Private Key of each User
- is never transmitted over the public Internet,
- is never transmitted to Opolis in its function as a Service Provider (who therefore cannot read any of the User's E-Mails),
- is never stored on any local PC, and
- never leaves (and is only used on) the local PC.
In the course of a (successful) Log In Procedure the Opolis Secure Mail Server “accepts” the Opolis User upon which this Opolis User´s personal Public Key and the encrypted (!) personal Private Key are transferred from the Opolis Secure Mail Server to the Opolis Secure Mail Client.
- Using these two Keys for encryption ensures - based on best knowledge of technical standards - an extremely high level of security for any Opolis User. Currently the Public and Private Keys in use are 1.024 Bits long. Keys of such length have (yet) never been hacked.
Having received these two Keys the Opolis Secure Mail Client decrypts the transmitted personal Private Key with the actual typed in Password. From that moment onwards the Opolis Secure Mail Client “knows” the following Keys:
- is never transmitted over the public Internet,
- is never transmitted to Opolis in its function as a Service Provider (who therefore cannot read any of the User's E-Mails),
Now the Opolis Secure Mail Client is able to process every Server Request and Response according the following consecutive procedure:
II. The Opolis Onion Security Model
(Sending and Receiving Opolis E-Mails)
The Opolis User sends an Opolis E-Mail with the Opolis Secure Mail Client to the Opolis Secure Mail Server:
- Layer 1: The (naked) Message is created
The Opolis User creates a (naked) Message composed of Subject (i.e. header), Message Content (i.e. main text body) and various Attachments with the Opolis Secure Client Message Editor. Such a message can either be a New Message or a Reply, Forward or Resend Message.
- Layer 2: The (naked) Message is encrypted with the Public Key of the Recipient
With pressing the Send button but prior (!) to transmitting the Message to the Server, the Subject, Message Content and the Attachments are all encrypted with the personal Public Key of the respective Recipient. Hence only the Recipient – and nobody else - will be able to decrypt the Message (composed of Subject, Message Content and Attachments). No other party will ever be able to “open” this Layer 2!
- Layer 3: The required message delivery data is wrapped around Layer 2
Layer 3 is composed of the required message delivery data to send the Message correctly and embeds among others: name of the Sender; name of the Recipient; time Message sent. This information is in such format that it can be read and interpreted by the Opolis Secure Mail Server.
- Layer 4: Both, the encrypted Message and the required message delivery data are encrypted with the Public Key of the Opolis Secure Mail Server
All the previous Layers 1 – 3 are bundled and encrypted with the Public Key of the Opolis Secure Mail Server. Please Note: The Opolis Secure Mail Server will only be able to read the required message delivery data (Layer 3), but will not be able to access any data or information of the actual Message (Layer 1 and Layer 2) which had previously been encrypted via the Public Key of the Recipient.
- Layer 5: As a final Layer transmission and check-sum information is wrapped around all present Layers to ensure the authenticity of the complete, bundled Message
Transmission and check-sum information embed data to ensure that the encrypted message is physically correctly transmitted and can be properly “assembled” again.
Only now is the Opolis E-Mail ready to be physically sent to the Opolis Secure Mail Server.
The Opolis Secure Mail Server receives an Opolis E-Mail from an Opolis User:
- Step 1: The Opolis Secure Mail Server receives the bundled Message and reads and interprets the transmission and check-sum information (Layer 5).
- Step 2: Layer 4 of the bundled Message is decipherable with the Private Key of the Opolis Secure Mail Server and gives access to Layer 3.
- Step 3: The information of Layer 3 (required message delivery data) is stored on the Opolis Storage Systems.
- Step 4: The data of Layer 2 (the encrypted Message) - which is not readable by the Opolis Secure Mail Server - is stored unmodified on the Opolis Storage Systems.
- Step 5: The Opolis Secure Mail Server confirms Step 1 – Step 4 to the Opolis Secure Mail Client. Only now is the Message deemed “delivered” by the Sender and ready to be received by the actual Recipient.
Opolis Secure Mail Server sends an Opolis E-Mail to an Opolis User
This process is initiated by the authorised Recipient pressing the 'Get Message' button aiming to receive inbound Opolis E-Mails.
- Step 1: The Opolis Secure Mail Server receives the bundled Message (which contains the “Get Message” request) and reads the transmission and check-sum information of Layer 5.
- Step 2: Layer 4 of the bundled Message is decipherable with the Private Key of the Opolis Secure Mail Server and gives access to Layer 3
- Step 3: The data of Layer 3 (required message delivery data and - in this case - the request for a Message) is read by the Opolis Secure Mail Server and the matching encrypted Message from Layer 2 is loaded from the Opolis Storage Systems.
- Step 4: Layer 3 with the required message delivery data will be wrapped around Layer 2.
- Step 5: With the creation of Layer 4 the encrypted Message (Layer 2) and required message delivery data (Layer 3) are encrypted with the Public Key of the actual Recipient of the Message.
- Step 6: In creating Layer 5 the transmission and check-sum information is wrapped around all present Layers (Layers 1-4) to ensure the authenticity of the complete, bundled Message.
The Opolis User receives an Opolis E-Mail via the Opolis Secure Mail Client from the Opolis Secure Mail Server
- Step 1: The Opolis Secure Mail Client receives the bundled Message and reads the transmission and check-sum data (Layer 5).
- Step 2: Layer 4 of the bundled Message is decipherable with the Private Key of the actual Recipient of the Message and gives access to Layer 3.
- Step 3: The data of Layer 3 (required message delivery data) is read and processed by the Opolis Secure Mail Client.
- Step 4: Layer 2 of the Message bundle is decipherable with the Private Key of the actual Recipient of the Message and gives access to Layer 1.
- Step 5: Access to Layer 1 has been granted to the Recipient and Subject, Message Content and Attachments are shown together with the required message delivery data and various additional information.
Every Client-/Server Request-/Response is done according to this procedure to maximize the level of protection for Opolis Users.