Acid Cryptofiler

Acid Cryptofiler
Original author(s)	Centre d'Electronique de l'Armement
Developer(s)	ACID Technologies (France)
Operating system	Windows
Type	Cryptography

Acid Cryptofiler is a cryptographic software program designed by the department for "control of information" (Centre d'Electronique de l'Armement) of the French General Directorate of Armament (Direction générale de l'armement).^[1]^[2]^[3] It is an online storage service.^[4]^{[contradictory]} The software is now manufactured by ACID Technologies (France).^[2]

History

Acid Cryptofiler is on a list of cryptographic software approved for usage by the European Union and by the North Atlantic Treaty Organization,^[2]^[5] and is known to have been used by those organizations as well as by the European Parliament and European Commission since the summer of 2011.^[6] It was approved for usage in the EU, in version V7, on 29 September 2011.^[2]

In January 2013, as the Red October campaign was being discovered, researchers noted that the malware particularly targeted documents with .acid extensions, referring to documents processed by Acid Cryptofiler,^[2]^[6]^[4] including the file extensions acidcsa, acidsca, aciddsk, acidpvr, acidppr, and acidssa.^[7]

Overview

Acid Cryptofiler is based on the integration of government cryptographic libraries, including a CCSD API (CCSD means "Defense Security Cryptographic Layers"). It offers the following functions:

Asymmetric encryption (cf. public-key cryptography) in archive format (multi-file, multi-recipient) called Acid Archives.
Volume encryption (containers) in symmetric mode and asymmetric mode.

Acid Cryptofiler is delivered with a directory function to file public keys, that is compliant with LDAP and Active Directory.

A bunch file contains all public keys held by a user. A user can belong to different cryptographic domains (a domain is a CCSD library and a set of cryptographic parameters). Private keys are also stored in a bunch file.

The keys are generated by a centralized office under the responsibility of the chief information security officer. Before a user is given a key (or a pair of keys), he/she must be trusted by the centralized office.^{[citation needed]} In France, Acid Cryptofiler does not fit for defense classified information.^[3]^{[verification needed]}

Acid Cryptofiler was designed and developed by two military engineers of^{[citation needed]} the Direction générale de l'armement.^[3] It has been delivered since 1999 (version 4, 5, and 7).^{[citation needed]}. It runs on Microsoft Windows.^[3] The software is classified.^[8]

According to a book by Gérald Bronner, Acid Cryptofiler was so slow that sending an email took 10 minutes.^[9]^{[unreliable source?]}

References

^ "CNRS Sécurité informatique n°11 march 2011" (PDF) (in French). March 2011. Archived from the original (PDF) on August 15, 2012. Retrieved August 11, 2013.
^ ^a ^b ^c ^d ^e Zetter, Kim (14 January 2013). "Cybersleuths Uncover 5-Year Spy Operation Targeting Governments, Others". Wired. ISSN 1059-1028. Retrieved 6 September 2021.
^ ^a ^b ^c ^d Pierre, BARTHELEMY; Robert, ROLLAND; Pascal, VERON (2012-04-16). Cryptographie: principes et mises en œuvre / 2ème édition revue et augmentée (in French). Lavoisier. ISBN 978-2-7462-8816-4.
^ ^a ^b Valeriano, Brandon; Maness, Ryan C. (2015-04-27). Cyber War versus Cyber Realities: Cyber Conflict in the International System. Oxford University Press. ISBN 978-0-19-020480-8.
^ "List of approved cryptographic products (LACP) for protecting EU Classified Information (EUCI)" (PDF). data.consilium.europa.eu. 5 July 2021. Archived from the original on 2021-09-06. Retrieved 6 September 2021.
^ ^a ^b Storm, Darlene (2013-01-14). "Red October 5-year cyber espionage attack: Malware resurrects itself". Computerworld. Retrieved 2021-09-06.
^ "Unknown hackers stealing EU files for past five years". EUobserver. Retrieved 2021-09-06.
^ Walker, Danielle (15 January 2013). ""Red October" spy campaign uncovered, rivals Flame virus". Archived from the original on 9 October 2015. Retrieved 6 September 2021.
^ Bronner, Gérald (2019-03-20). Déchéance de rationalité: Les tribulations d'un homme de progrès dans un monde devenu fou (in French). Grasset. ISBN 978-2-246-81281-4.

[1] "CNRS Sécurité informatique n°11 march 2011" (PDF) (in French). March 2011. Archived from the original (PDF) on August 15, 2012. Retrieved August 11, 2013.

[:0-2] Zetter, Kim (14 January 2013). "Cybersleuths Uncover 5-Year Spy Operation Targeting Governments, Others". Wired. ISSN 1059-1028. Retrieved 6 September 2021.

[:1-3] Pierre, BARTHELEMY; Robert, ROLLAND; Pascal, VERON (2012-04-16). Cryptographie: principes et mises en œuvre / 2ème édition revue et augmentée (in French). Lavoisier. ISBN 978-2-7462-8816-4.

[:2-4] Valeriano, Brandon; Maness, Ryan C. (2015-04-27). Cyber War versus Cyber Realities: Cyber Conflict in the International System. Oxford University Press. ISBN 978-0-19-020480-8.

[5] "List of approved cryptographic products (LACP) for protecting EU Classified Information (EUCI)" (PDF). data.consilium.europa.eu. 5 July 2021. Archived from the original on 2021-09-06. Retrieved 6 September 2021.

[:3-6] Storm, Darlene (2013-01-14). "Red October 5-year cyber espionage attack: Malware resurrects itself". Computerworld. Retrieved 2021-09-06.

[7] "Unknown hackers stealing EU files for past five years". EUobserver. Retrieved 2021-09-06.

[8] Walker, Danielle (15 January 2013). ""Red October" spy campaign uncovered, rivals Flame virus". Archived from the original on 9 October 2015. Retrieved 6 September 2021.

[9] Bronner, Gérald (2019-03-20). Déchéance de rationalité: Les tribulations d'un homme de progrès dans un monde devenu fou (in French). Grasset. ISBN 978-2-246-81281-4.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]