GSMK CryptoPhone 400 User manual
Main CryptoPhone Screen
You can always return to the main
CryptoPhone Screen by pressing the
Home button below the screen.
Check your CryptoPhone Number
Your personal
CryptoPhone number
can be found at
Settings
About.
Write it down, so you can give it to your
contacts. This number does not change,
no matter what SIM card you put into
the phone, even if you use a WLAN.
Enable Data connection
Please note that the CryptoPhone 400
will establish a data connection to stay
online (so that you can be reached) and
transmits more data when you make or
receive a call.
Using the CP400 over the mobile phone
network (3G, EDGE or GPRS) without an
affordable data plan can result in high
charges. When you are roaming in a
foreign network, even higher charges
may occur.
To avoid those costs it is strongly
recommended to use contracts with
data flat rates. When abroad, please
obtain a local prepaid contract with a
reasonable data plan from the country
you are traveling to.
To enable / disable the data connection,
press the Windows button (below the
screen), then the icons for Settings
Connections Comm Manager and
toggle the switch next to Data
Connection.
Connect to Secure Network
To connect your
CryptoPhone to the
secure network, press
the Status icon in the
Main screen.
It will show an animation while it tries
to connect. If your CryptoPhone is
connected to the secure network, the
icon will show a green checkmark.
Note: Sometimes when switching
between mobile network and WLAN,
the CryptoPhone application may not
notice the change immediately. It may
be required to switch the phone off and
back on again, after a network change.
If the phone is in WLAN only mode and
goes to standby, incoming calls may not
be properly signaled.
Storing Contacts
Each contact stored in the Secure
Storage area consists of one
CryptoPhone number and up to two
GSM numbers.
The first is the CryptoPhone Number,
which always starts with +807.
This number can be used to initiate
secure voice calls. Like your CryptoPhone
number, it always stays the same, even if
your partner uses another contract or is
online via WLAN. CryptoPhone Numbers
can not be used to send secure SMS.
The GSM numbers are used for sending
secure SMS. They are the normal mobile
phone numbers of your contact.
Use the secondary GSM number to keep
track of your contact's local prepaid
number while he traveling abroad, etc.
To add a new contact,
press the Contacts
button, then select
NewContact from Menu.
Enter the name and the corresponding
CryptoPhone number for the contact
you want to call securely.
You will recognize valid CryptoPhone
numbers by the prefix +807. Note that
they can not be reached from the
normal telephone network.
Optionally, enter up to two GSM phone
Read the descriptions of each level and
then choose the level most appropriate
for you. The recommended Security
Level is High. While you can always
select another Security Level by cold
booting later (see 12), doing so will
erase all data stored on the phone.
Set Passphrase for Secure Storage
The Secure Storage contains your
encrypted SMS and your secure contacts.
After booting up, the phone will ask you
to set the passphrase for the Secure
Storage. The strength of protection of
the Secure Storage depends entirely on
how random your passphrase is.
A passphrase of at least 16 characters
is recommend, consisting of a mix of
letters, numbers and special characters.
For instance, use the initial letters from
the words of a poem you remember
well and replace some of the letters
by numbers.
Select Security Level
The first step to configure your
CryptoPhone is to use the Security
Profile Select tool to select the
operating system Security Level.
The operating system of your
CryptoPhone has been hardened against
a number of known attacks.
To further reduce the likelihood of new
and unknown attacks, the higher
Security Levels disable more applications
and services. The systems Security Level
controls this balance between
convenience and security.
1
2
3
4
5
6
7
12
...
C
M
Y
CM
MY
CY
CMY
K
CP400_Quickstart-Guide-Seite1.pdPage 1
Quickstart Guide
www.cryptophone.de
IP
GSMK CryptoPhone 400
Send a Secure SMS
Before you can exchange secure SMS
with a contact, you need to complete a
key exchange. To initiate the key
exchange go to Contacts, highlight the
name of your contact and select
"Manage Keys" from the menu.
You can now initiate the key exchange
by pressing the Invite button.
For each key exchange, five SMS will be
sent and received, containing the public
key material. After key exchange is com-
pleted, you will be asked to verify the
new SMS key by either a phone call or
other means. The six letters of the
cryptographic fingerprint of your key
are shown in the display. Read out the
three letters that are shown under
"You say" and verify that the letters
your partner reads out are the same as
shown under "Partner says".
You now can exchange
encrypted SMS with
your partner using the
New Message icon.
The SMS key is kept in the Secure
Storage and is used to generate session
keys for your future encrypted SMS
exchanges with this partner. It can be
renewed from the"Manage Keys" menu.
Lock the Secure Storage
To lock the Secure
Storage press the Lock
icon. Then press the
Lock Storage button.
Emergency erase
In case a capture of your phone by
unfriendly elements is imminent, you
can use the emergency erase function.
It overwrites all key material and sub-
sequently the rest of the flash memory
of the phone. You can access this
function from the Lock screen.
Note that an emergency erase will take
several minutes.
Reset
To reset your CryptoPhone, remove the
battery, re-insert it and switch on the
phone again.
Cold Boot
If you want to switch to a different
Security Level (see 1) or reset your
phone to factory state, so that a new
empty Secure Storage is created, you
need to cold boot your phone. Please
note that all data stored on the phone
will be no longer available. The data is
not securely overwritten in memory like
with an Emergency erase and can in
theory be reconstructed by forensic
methods (which does not affect the
encryption of the Secure Storage).
To cold boot your phone you need to
take out the battery and re-insert it.
Then hold Volume Up and Down
simultaneously while briefly pressing
the Power button. Then follow the
instructions on the screen.
the same as shown under "Partner says".
If they do not match, you should not
consider the line secure.
The quality indicator icon changes color
depending on the delay and overall
quality of the connection. If it stays
orange or red, try to change to a
location with better network coverage.
If it stays red and your call has dropouts
or otherwise bad audio, try calling again
and try to find better network coverage.
Call quality can be sub-optimal in fast
moving vehicles.
numbers of your contact, if you want to
exchange secure SMS.
You can edit the contacts later.
Make A Secure Call
Press the Contacts button, select the
contact and either press the Dial button
or choose "Call Secure" from the Menu.
If your partner is available, you will hear
a ring tone. When he picks up, you will
hear a special tone sequence, indicating
the cryptographic key exchange is in
progress, and "Key Exchange" is shown
in the display.
After key exchange is completed, six
letters are shown. This is a cryptographic
fingerprint of the unique session key
used during your secure call. When in
call, read out the three letters that are
shown under "You say" and verify that
the letters your partner reads out are
9
10
11
12
13
81
...
C
M
Y
CM
MY
CY
CMY
K
CP400_Quickstart-Guide-Seite2.pdPage 2
Table of contents
