Chapter 14. Cryptographic Software
Prev		Next

Chapter 14. Cryptographic Software

Ammonit uses certain standard cryptographic software to protect sensitive measurement data. None of the algorithms are developed by Ammonit. All cryptographic software used on Meteo-42 is free software. Its source code is available for everybody to study and check for security problems.

Currently the following is encrypted:

Access to Meteo-42 via web interface over HTTPS with high-grade encryption using the RSA 2048 bit or Elliptic Curve Cryptography (ECC) 256 bit key.
All data sent and received via the Meteo-42 web interface, e.g. data download
Data upload via SCP to AmmonitOR or your own server, using an Elliptic Curve Digital Signature Algorithm (ECDSA) 256 bit key.
Emails and attached CSV files sent by Meteo-42 (optional)
Live data publishing to our or your own server, using the XMPP protocol with ECC 384 bit certificate
Complete system hard disk of the CECS (AES-256)
All source data pages on MARS (AES-256), from version 2.3.0 onwards

	Note
	There is no encryption, when data is uploaded via FTP to a server. Moreover, the data stored on Meteo-42 is not encrypted. But only computer specialists with inside knowledge could be able to access the data.

Table 14.1. Cryptographic Software

Software or Protocol	Description	Used Algorithms
HTTPS	All access to the user interface of the data logger is done via HTTPS, a combination of HTTP with SSL/ TLS, as implemented in OpenSSL.	RSA (2048 bits), ECC NIST Curve P-256 (256 bits)
SSH	The connection to the AmmonitConnect server (the Ammonit one or any AmmonitConnect server of your choice) is performed with an SSH reverse tunnel.	RSA (2048 bits), ECDSA NIST Curve P-256 (256 bits)
OpenPGP (GnuPG)	The international standard OpenPGP, specifically the GnuPG implementation, is used to digitally sign and encrypt measurement data.	RSA (2048 bits), ECC NIST Curve P-256 (256 bits)
XMPP	Meteo-42 live data can be published to our server using the XMPP, which is an open communication protocol designed for instant messaging. The communication is encrypted using the TLS certificate.	ECC NIST Curve P-384 (384 bits)

Prev		Next
Chapter 13. Electrical Connection Plans	Home	Chapter 15. Maintenance and Care