Build-in security

UWORK.X is an end-to-end encrypted communication platform. This means that all data in UWORK.X is encrypted before being sent. The data is always stored encrypted on the OCULD Solutions GmbH servers. This also applies to the separately stored keys. Therefore, OCULD Solutions GmbH has no access to the keys and cannot read or use users’ data for their own purposes (e.g., for profiling, advertising, etc.). However, this also means that a forgotten master key cannot be restored.

“Based on our security audit, we as auditors can attest that UWORK.X provides secure end-to-end communication through encryption. We see no immediate need for improvements or adjustments in the audited areas.  We do not have observed any weaknesses or security vulnerabilities in the implementation of the encryption mechanisms or procedures used.”

“Based on the security testing of the software, we can sum up that OCULD Solutions GmbH provides a level of security that is progressive and innovative compared to the state of the art in similar messaging services.”

Courtesy translation of an excerpt from the Public Security Report of Evolution Security GmbH

How does it work in detail?

Each user has a key pair. This consists of a private and a public key. We call this private key a master key. It is the most important key in the system, because that is the only way to decrypt all received data. In idle state, this master key itself is encrypted and secured with another password.

When creating a file, chat message, U-Mail, task, or any data with UWORK.X, a separate key is generated for each item to encrypt the content. To enable the recipients to read this data, they need the key for the respective data record. Now the public key comes into play. The public key encrypts the actual key of the data and only the owner of the matching private key can access it and thus decrypt the data.

Trust the math - but what about the client software?

The mathematics of cryptography is over 5000 years old. Already in ancient Egypt around 3000 BC the application of encryption algorithms has been demonstrated.

We only use established algorithms, which are considered by leading experts to be the safest.

The main challenge with encryption software is always the client. OCULD undertakes everything possible to make the UWORK.X client secure. For example, this means that we regularly have our software reviewed by external security experts for penetration testing. Vulnerabilities are discovered during development and fixed before release. To make sure that UWORK.X is safe, we have implemented various security mechanisms, disabled vulnerable standard features, and follow best practices in software development.

For those who are interested in technical details

  • For the key pair we use RSA 4096.
  • For symmetric encryption, AES-256 is used in CBC and other modes.
  • Passwords are never used directly, but treated first with PBKDF2.
  • Integrity checks are handled with SHA512, SHA256, SHA128, or MD5, depending on the importance of the data.
  • Perfect Forward Secrecy is implemented everywhere, this means every single chat message, every U-Mail, every task and every other item has its own key, which is newly generated every time.
  • All data is signed for non-repudiation, this means the authenticity of the sender or creator of a data record is ensured for each individual data element.