<Security>

FortKnoxster is a cyber-security company offering a complete Crypto Suite™ of private and secure messaging, calling, crypto wallet and cloud storage worldwide for everyone, including businesses. FortKnoxster uses strong end-to-end encryption with advanced blockchain technology and zero-knowledge principles to protect its user’s online privacy. 

FortKnoxster aims to be the most secure and privacy-oriented all in one peer-to-peer encrypted communication and blockchain platform. FortKnoxster protects your online privacy and financial transactions by encrypting all of your communication and data, using cutting-edge security and technologies.

Privacy Features by Default

Blockchain Integration

To take your security to the next level, we have spiced up our end-to-end encryption using the Binance Smart Chain to secure communications by storing a cryptographic hash of user’s public identity and keys in a decentralized smart contract.

Privacy by Design

Your privacy is our priority. The FortKnoxster platform is designed to honour the security and privacy of all users. What happens in FortKnoxster stays in FortKnoxster. Oh – did we mention, that there is absolute no annoying ads or spam?

Zero-Knowledge Architecture

Zero-knowledge architecture means that only you have access to your encrypted communication and data and only you know its content. No one else — not even FortKnoxster can see your messages, files and other private information.

Confidentiality

FortKnoxster uses advanced public key cryptography with strong 256-bit AES encryption. Only the intended recipients have access to the encrypted communication and data.

Integrity

All encrypted messages and files are verified for message authenticity to avoid man-in-the-middle tampering attacks and hacks.

Digital Signature

All messages are digitally signed with the senders’ private key and the senders’ identity is cryptographically verified by the receiver before decrypting the messages.

End-to-End Encryption by Default

All calls, messages and files sent and received in FortKnoxster are end-to-end encrypted by default. When you create a FortKnoxster account, several cryptographic keypairs are generated on your local device to encrypt and decrypt messages and files. The private keys are protected with encryption keys derived from your password which is only known to you and nobody else. When you connect with your contacts or other FortKnoxster users you exchange public keys securely, so that this person can encrypt messages to you and decrypt messages from you.

Zero-Knowledge Authentication

FortKnoxster uses a zero-knowledge authentication scheme in which the user’s password never leaves the user’s device, keeping you in control of your private keys and confidential security information. FortKnoxster never transmit or store passwords in plain text, as these are protected with a hash-based encryption for zero-knowledge authentication.

Secure Identity & Key Exchange

Your identity in FortKnoxster starts with a locally generated cryptographic keypair using elliptic curve cryptography, which is then protected via a password.

Secure Financial Transactions

Sending, storing and receiving cryptocurrencies or tokens within the FortKnoxster crypto wallet is safe from attack. Your private keys are never exposed. Transactions are only processed when initiated and confirmed by the owner of the wallet private keys.

How does FortKnoxster Protect my Crypto Wallet?

FortKnoxster is built with a non-custodial wallet, giving you full control over your funds without the use of a server. The private keys are stored in an encrypted manner on your device protected with your wallet PIN code and/or fingerprint. Only you have access to your crypto wallet. Your money is under your control, and cannot be accessed by anyone without the private key. Therefore, if you lose your secret (mnemonic) phrase, you will never be able to restore access to your funds. So, keep your private keys somewhere safely offline.

How are my Private Keys Protected?

Your private keys can only be accessed by you and nobody else – not even FortKnoxster. 

FIPS 140-2 Compliant Encryption

FIPS 140-2 is a mandatory standard for the protection of sensitive or valuable data at Government and military level systems. FortKnoxster uses FIPS 140-2 compliant encryption for securing customer data and communication at rest and in transit.

Peer-to-Peer Message Encryption Protocol

FortKnoxster has developed a unique peer-to-peer encryption message protocol between users’ client devices and FortKnoxster’s crypto nodes, to protect against MITM attacks and prevent unauthorized account access, besides the TLS layer. All critical user actions such as fetching contacts and their public keys, account synchronization and user settings (like account recovery, password change and two-factor authentication), are both encrypted and cryptographically signed bidirectionally between the user device and the crypto nodes.  

Client-Side Integrity Protection

FortKnoxster clients apply cryptographic authentication using AES-GCM with AEAD, to ensure data integrity and authenticity, and to avoid tampering. The key is only known to the user’s client and those they share the file with, not the server.

Does FortKnoxster Encrypt Metadata?

YES, besides end-to-end encrypting messages and files, FortKnoxster also end-to-end encrypts meta data such as subject in an inbox message, unlike regular S/MIME or PGP email encryption services, where the subject is NOT encrypted.
Further, file meta data such as file name, file type and even the plain file size in any files attached to inbox messages, chat messages or file storage are also end-to-end encrypted. Additionally, in our file storage folder names, these are also end-to-end encrypted.
Underlining the meaning of end-to-end encryption, that only you and the intended recipients have access to the encrypted data, no one else — not even FortKnoxster.

Account Security

To protect users from any kind of account attacks, FortKnoxster enforces various security measures and offer the following account security features:

  • Two-factor authentication – adds an extra layer of protection to your account by entering both your password and also a security code (an OTP) during login.
  • Zero-knowledge authentication – your password is never sent to the server.
  • Web application firewall (WAF) – filtering web requests with rate limits to protect against malicious attacks.
  • Automated account blocking – when Brute Force attacks or other abuses are detected.
  • Account recovery – regain access to your FortKnoxster account with your recovery key.
  • Digitally signed web requests – prevents MITM attacks with private key and ensures only you can make changes to your account.
  • Change password – protect your account by re-encrypting your private keys and locking out other devices. 

Transport Layer Security

All communication between the client devices (desktop browsers, Android app, iOS app) and the servers are layered with an extra separate strict encryption channel. Only TLS 1.2 and TLS 1.3 are supported and is configured with the strongest cipher suites available, such as ECDH with elliptic curve 25519 and RSA 3072-bits, including a 4096-bit Diffie-Hellman parameter for DHE cipher suites.
The strong TLS configurations enable HTTP Strict Transport Security (HSTS), OCSP Stapling, Forward Secrecy and protect against all known attacks such as Beast, Heartbleed, Poodle and many more.

Open Source

Our source codes are open sourced on GitHub and allows security researchers to fully evaluate our end-to-end encryption implementation in our desktop web app and native mobile apps for iPhone/iPad and Android devices.

FortKnoxster Crypto Web
Cross-browser cryptographic library implementing the Web Cryptography API for FortKnoxster’s end-to-end encryption and peer-to-peer message encryption protocol.

FortKnoxster Crypto Apps
Cross-platform common cryptographic library implementing OpenSSL for FortKnoxster’s end-to-end encryption and peer-to-peer message encryption protocol for iOS & Android Apps.

Security Auditing

All FKX token related smart contracts have all been security audited prior to deployment on the Ethereum blockchain.

Bug Bounty Program

As security and privacy is our bread and butter, we at FortKnoxster look forward to working with the security community to find security vulnerabilities in order to keep our users and business safe. If you are a security researcher, white hat hacker or developer and want to report a vulnerability, please visit FortKnoxster’s Bug Bounty Programme.

</Security>