StreamSec 2PCube is a firewall
friendly secure messaging service with 128 bit security, designed
specifically as a StreamSec Tools support tool. The source code for the
client is available for StreamSec Tools Enterprise subscribers.
The communication between the clients and the
server is directed via HTTP on port 80. The data sent over the HTTP channel
is in turn protected by 128 bit TLS (TLS-RSA-DHE-RC4-SHA). This means that
the transport protocol is TLS over HTTP, contrary to regular HTTPS which is
HTTP over SSL/TLS.
Each client registers by sending a
Certification Request to the server. The server authenticates the request by
comparing it to the corresponding entry in the StreamSec Tools customer data
base. The client must use the issued Client Certificate for each subsequent
request sent to the server.
The communaction between two clients is
directed via the server and is encrypted a second time. The keys for this
channel are established by the means of an Ephemeral Diffie-Hellman 3072/256
key exchange, authenticated by the Client Certificates. The bulk encryption
method is AES-128-CTR with HMAC-SHA256. The plain text contents of the
communcation between two clients is at no point known to the server.