Chiasmus (software)

Chiasmus is offline encryption software published by the Federal Office for Information Security for computers with Windows operating systems (95, 98, 2000, ME, NT from 3.5.2, XP, Vista, 7, 8, 10) and Linux . With Chiasmus it is possible to encrypt individual files or entire directories. The algorithm used is a block cipher .

commitment

Chiasmus may only be used where there is a public interest in its use. The program can be used free of charge by public administration departments. Other bodies that meet the terms of use can obtain the program from the BSI. Version 1.7 of Chiasmus is approved for the encryption of classified information of the lowest level of secrecy "VS-ONLY FOR SERVICE USE".

When using the software, you can generate keys yourself (or have them generated), but you can also use keys from communication partners that were previously exchanged. The key is exchanged either by importing it from a file or by entering it on the keyboard.

During the installation, no entries are made in the start menu, registry or other system directories, nor are system drivers or DLLs installed. With this type of installation, however, no integration into third-party applications such as Office products, Explorer or mail clients is possible. The encryption and decryption process must be carried out separately by the user for each requirement.

The Chiasmus encryption was integrated in the BSI software GSTOOL . The GSTOOL thus also offered the possibility of Chiasmus encryption including a tool-supported key generation, but there was no compatibility with Chiasmus for Windows . The implementation of Chiasmus in GSTOOL was considered insecure, as ECB was used as the encryption mode and, due to errors in the creation of the keys, the key length was effectively less than 31 bits. This enabled attackers to decrypt files encrypted with GSTOOL in minutes. Since the BSI also released Gpg4win, Version 3.x and Gpg4KDE in November 2019 for the transmission and processing of national classified information up to the level of confidentiality VS-ONLY FOR SERVICE USE (VS-NfD) for the S / MIME and OpenPGP protocols, GnuPG can use the Replace NfD common software Chiasmus. With OpenPGP and S / MIME, you don't need a separate key for every communication.

In the case of lower levels of secrecy, the CHIASMUS cryptographic algorithm has been replaced by AES.

properties

According to the BSI, the software uses a proprietary, undisclosed symmetrical encryption algorithm that uses 128-bit keys to encrypt 64-bit blocks in CBC mode. No statement is made about the type of padding used.

The output takes place in an ASCII-text-compatible output format. Depending on the setting, the file name of the file to be encrypted is retained, the extension .xiareplaced or supplemented by the extension . From Jahresbericht_2010.docis so Jahresbericht_2010.doc, Jahresbericht_2010.xiaor Jahresbericht_2010.doc.xia.

When decrypting, depending on the setting, the name of the cipher file is retained, the extension .xiaremoved (if available) or replaced by a freely selectable extension.

See also

• Dragonfly (cryptography)

Web links

• Chiasmus for Windows / Linux - page at the BSI
• Reverse Engineering of Chiasmus Presentation slides by Felix Schuster

Individual evidence

1. ↑ Insecure encryption at GSTOOL , janschejbal.wordpress.com, article from September 11, 2013
2. ↑ "Pgp4win can be used for official secrets"
3. ↑ "SINA through the ages"