How does SimpleumSafe work?

We think it could be very useful for you as a (potential new) user of SimpleumSafe to know the basic concepts of SimpleumSafe. Do not worry, this will not be too technical.

Goals of SimpleumSafe

The aim of SimpleumSafe is that you can easily and without technical knowledge protect your data with the help of a strong encryption from unauthorized access.

Hand on heart, who is able to configure his Mac or iPhone so that he is really safe?

And then there are always some serious security problems with macOS and iOS. What should you do about it? Also using a cloud, such as iCloud brings many benefits, but how safe is it and who can see all the data there?

In addition, there are the legal conditions for the protection of data, especially in the professional environment (keyword privacy).

For these reasons, SimpleumSafe has implemented a completely separate security layer with minimal attack surface.

Core objectives

  • Easy understanding and use of the user interface
  • All file contents and file information (such as file name) are encrypted
  • No decryption of files unless explicitly requested
  • Editing documents and previews encrypted throughout
  • Implementation of the “technical organizational measures” (TOM) of the GDPR
  • Full integration with the Apple file workflow environment such as sharing, service, clipboard, and drag-and-drop
  • The synchronization and all synchronization data are encrypted throughout
  • Add an extra level of security to the Apple operating system
  • Exclusive use of proven encryption technology

Concept

SimpleumSafe offers a complete own security level. It will display its own file system and provide its own Finder. Within this closed system, the data always remains encrypted. SimpleumSafe is like a safe in the real world: everything you put in the safe is instantly and continuously encrypted.

Password

A Safe within SimpleumSafe is created with a password. Here, a random encryption key is created and this is in turn encrypted with the password and stored. The password itself is not saved.

When opening the safe, an attempt is made to decrypt the file with the encryption key. If this is successful, then the password was correct otherwise wrong. However, it is not possible to derive the password in reverse, neither from the encrypted files nor in any other way, since it is never stored.

Encryption

When a file is imported into SimpleumSafe, the file contents of the file are encrypted and saved as a file in the safe. The file name of the encrypted data is a unique random number and contains neither the original file name nor any other information about the original file information.

The file name and other imported file information is stored encrypted with additional organization data in a database.

Location of a safe

A safe should always be stored locally on the Mac or iPhone / iPad and in no case even be in the cloud. Although this is easily possible and the safe is fully encrypted, but it contains a database that is not suitable for simultaneous access, or through the synchronization of the cloud provider confused and thus can make the safe unusable.

SyncDescription@3x Created with Sketch. Encrypted Synchronization data in the cloud local Safe local Safe

Secure temporary cache (macOS only)

To use the preview function of macOS, as well as to safely edit files from the safe, the file is copied into an “encrypted temporary memory”. This file then starts the preview or the associated program for editing. Thus the file always remains encrypted.

After you have changed the file, it is immediately imported back into the safe. After closing the editing program, the file is deleted from the encrypted temporary storage.

The encrypted temporary storage is rendered unusable after exiting SimpleumSafe. Each time you start SimpleumSafe, a new encrypted temporary memory is created.

Note

The “encrypted temporary cache” is limited to 100 GB. This is indirectly due to the limitations of so-called sandboxing for apps in the Apple Mac App Store.

Synchronization

SimpleumSafe has its own technology for the synchronization of encrypted data and does not require special servers. For this purpose, a synchronization directory is created in which the safe records all information about changes to the safe (add, change, delete) and then on another device, these recordings are re-played. All file information stored in the safe is encrypted at all times during synchronization.

The key itself used for encryption and decryption is not synchronized. Therefore, even if the synchronization data from the cloud were stolen, it would be unusable, even in the case where the password is known.

The synchronization takes place in two steps. First, the metadata is synchronized. These are e.g. file name, size, creation and modification date, ….

This means that if a large amount of data is being synchronized or the connection is slow, it may already be possible to see these file names and folders on another device, but the actual data has not yet been transferred. (This concerns in particular the today used iCloud synchronization, on whose transmission SimpleumSafe has no direct influence). In this case, the file names are still gray. In a second step, the file contents are synchronized and the file names are then black again.