Home page
Cryptography, data security and confidentiality of communication
is a set of instruments, tools and solutions delivering privacy and digital data integrity. Applied appropriately within our solutions, it ensures actual information confidentiality accessible only with strict access permissions.- Cryptography and data security solutions
- Compliance
- Data security
- Network confidentiality
- Communication confidentiality
- Information privacy
Operational compliance with cybersecurity norms
Engineering and development of solutions by default compliant with current cybersecurity norms
Compliance with Polish and European policy- The General Data Protection Regulation (GDPR), EU Regulation 2016/679
- The Network Information and Security (NIS2), EU Directive 2022/2557, with the novelization of the Act on the National Cybersecurity System, a preview published on 23 april 2024, implementing NIS2 requirements
- The Act on the National Cybersecurity System, published on 5 june 2018.
- Norm ISO/IEC 27001:2022 — an outline norm on Information Security Management Systems, with key extensions
- Norm ISO/IEC 27002:2022 — Information security
- Norm ISO/IEC 27701:2019 — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management
- Norm ISO/IEC 27017:2015 — Information security for cloud services
- Norm ISO/IEC 27018:2019 — Protection of personal data in public clouds
- Norms ISO/IEC 27033-1|2|3|4|5|6|7 — Network security
- Norms ISO/IEC 27034-1|2|3|5|5-1 — Application security
- Norm ISO/IEC 27040:2024 — Storage security
- Norm ISO/IEC 27100:2020 — Cybersecurity
Advanced encryption
Advanced data encryption for server systems
Encryption systems for FreeBSD- Block device encryption
- geli — an advanced encryption systems based on the GEOM and crypto frameworks, operating as a block storage hardware abstraction layer. Fully integrated with ZFS and Boot Environments enabled bootloaders, it offers full disk encryption for the most complex scenarios, usually operating as a device provider for UFS or ZFS filesystems. Possibly the most sophisticated encryption system currently available.
- gdbe — an encryption system based on the GEOM and crypto frameworks operating as a block storage hardware abstraction layer, originally designed under a DARPA contract. Volumes encrypted with gdbe become distinguishable from volumes simply filled with random data, what qualities gdbe for very particular applications.
- Native filesystem encryption
- ZFS — encryption as a native ZFS filesystem feature compliant with the OpenZFS implementation, enabling on-the-fly encryption of ZFS datasets on physical and virtual volumes
- Block device encryption
- softraid (d:crypto) — an encryption system available as a softraid pseudodevice operating under CRYPTO dyscipline as a block device hardware abstraction layer. Integrated with the bootloader allows perfect full volume encryption, usually operating as a device provider for FFS.
- Block device encryption
- cryptsetup — an advanced encryption system based on the dm-crypt and LUKS frameworks, operating as a block device hardware abstraction layer. Advanced configurations offer full volume encryption supporting particular bootloaders. As a well developed and efficient encryption, it may be a device provider for OpenZFS or Btrfs.
- Native filesystem encryption
- ext4 — encryption as a native ext4 filesystem feature available for individual keyed file directories
- ZFS — encryption as a native ZFS filesystem (OpenZFS implementation) feature, enabling on-the-fly encryption of ZFS datasets on physical and virtual volumes
- Block device encryption
- (Oracle) ZFS — encryption of original Oracle ZFS driven by the Solaris Cryptographic Framework cryptography provider. ZFS on Solaris remains a commercial product and its closed source code is not available for an independent review<
- Hardware encryption scenarios involving self-encrypting drives, often operating as the base layer for more advanced configurations
- Self-encrypting drives with individual security schemes
- Self-encrypting drives implementing the TCG OPAL standard
- One-time and temporary encryption and ciphers
- Active software and hardware protections of encrypted systems and volumes against physical third-party interference and seizure
Confidentiality of communication
Information security and confidentiality of communication
Essential secure infrastructure- Secure environments — solutions for secure work environments
- Encryption and authentication of data — solutions for encryption and authentication
- Secure electronic mail — secure management of encrypted and authenticated electronic mail utilising third-party or open own infrastructure — solutions for encryption and authentication as well as production services and key server processes
- Secure communicators — individual or group communication over encrypted and authenticated zero-knowledge communicators utilising third-party or open own infrastructure — solutions for encryption and authentication
- Network privacy — essential VPN soltions for simpler scenarios involving secure communications between various applications and services — solutions for Virtual Private Networks and secure data transport systems, advanced computer networks, secure server systems as well as virtualisation of systems and services
- Secure programming services for Web — solutions for PHP programming services, Go programming services, code operations security as well as code data security
- Engineering of dedicated secure Web resources — solutions for WebOps
- Solutions for basic secure server systems and services — solutions for secure server systems as well as production services and key server processes
- Solutions for basic isolations and virtualisation of services — solutions for isolation of services and processes as well as virtualisation of systems and services
- Essential sharing of information
- Sharing and authentication of cryptographic keys and identities — solutions for encryption and authentication
- Private clouds — solutions for secure sharing and synchronisation of information between applications and devices — solutions for private and public clouds and secure online data sharing as well as production services and key server processes
- Secure sharing of high volumes of data — solutions for efficient high volume data sharing using secure dedicated data sharing and transfer services — solutions for secure server systems, production services and key server processes as well as private and public clouds and secure online data sharing
Advanced confidentiality of communication
Advanced confidentiality and closed-loop operations
Secure programming for confidentiality- PHP and Go secure programming services — solutions for PHP programming services, Go programming services, code operations security and code data security
- Essential encryption and authentication — solutions for encryption and authentication
- Advanced encryption — solutions for advanced encryption
- Own server infrastructure — advanced server systems providing multi-layer encryption and advanced isolations and virtualisation of services and running completely on own hardware and within on infrastructure — solutions for secure server systems, production services and key server processes, isolation of services and processes as well as virtualisation of systems and services
- Own network infrastructure — confidential communication between own server systems and physical and virtual networks fully running on own hardware and in-house solutions — solutions for advanced computer networks, infrastructure of secure wired and wireless networks, Virtual Private Networks and secure data transport systems, secure server systems as well as engineering of non-public and anonymous networks
- Confidential server services — solutions for deep web services running on own infrastructure and operating without public footprint — solutions for secure server systems, production services and key server processes, isolation of services and processes, encryption and authentication as well as advanced encryption
- Confidential cloud and data sharing — solutions for deep web sharing and synchronisation of data running on own infrastructure and systems, and operating without public footprint — solutions for secure server systems, production services and key server processes, isolation of services and processes, encryption and authentication as well as advanced encryption
- Confidential DevOps — solutions for development instrumentation on own infrastructure providing advanced data and operations security — solutions for GitOps, WebOps, systems and services performance monitoring as well as DevOps
- Confidential electronic mail — encrypted and authenticated electronic mail running on own infrastructure or operating on anonymous networks — solutions for production services and key server processes, confidentiality of communication as well as engineering of non-public and anonymous networks
- Confidential communicators — encrypted and authenticated communicators running on own infrastructure or operating on anonymous networks — solutions for production services and key server processes, confidentiality of communication as well as engineering of non-public and anonymous networks
- Web resources for anonymous networks
- Secure programming services for specialised Web resources — solutions for PHP programming services, Go programming services, code operations security, code data security as well as WebOps
- Dedicated solutions for specialised Web resources — solutions for WebOps and engineering of non-public and anonymous networks
- Communication on anonymous networks — solutions for encryption and authentication and engineering of non-public and anonymous networks
- Communication completely secret and plausibly deniable
- One-time and temporary communication and communication with hidden origin — solutions for means of communication based on special-purpose asymmetric cryptography
- Applications for the blockchain architecture and operations on cryptocurrencies on anonymous networks — solutions for programming solutions for blockchain architecture and cryptocurrencies, security and privacy of blockchain architectures as well as engineering of non-public and anonymous networks
Encryption and authentication
Encryption and security of confidential and volatile digital data
Encryption and authentication of content, text and individual files- OpenPGP/GnuPG standard — a universal encryption and authentication system for content, text and individual files based on asymmetric cryptography, defined by the RFC 4480 and RFC 9580 standards and functioning as the de facto default system for software and code signing and encryption and authentication of electronic mail. In use for over 30 years, its security depends on the type of keys and algorithms chosen. The PGP standard encompasses direct exchange of public keys between communicating parties remaining independent on third-party trust services.
- S/MIME standard — a universal encryption and authentication system for electronic mail based on asymmetric cryptography, defined by the RFC 8551 standard. The S/MIME depends on a trusted third-party confirming the validity of certificates in use.
- Signify standard — a system of files and text authentication developed by the OpenBSD project based on asymmetric cryptography, intertwining ease of use with modern cryptography
- Operations on electronic signatures required by the eIDAS regulation — solutions for managing electronic signature standards of CAdES, PAdES and XAdES
- Programming solutions for automated and integrated management of electronic signatures — solutions for PHP programming services, Go programming services, code operations security i code data security
- Block device encryption
- Encrypting filesystems — particular modern filesystems offer encryption capability, often operating as a transparent user independent layer.
Example Apple APFS — a filesystem provided by recent versions of Apple MacOS on-tye-fly encrypting all data either as an automated Filevault component, or as a user configurable subsystem allowing more advanced configurations. Encryption capabilitys of both the Apple Silicon and the APFS filesystem may be an effective basis for a more complex data security scenario. APFS remains a closed-source commercial product. - Cryptographic containers and modular volume encryption — systems of simpler block encryption, effectively encrypting full volumes and maintaining virtualised cryptographic containers, usually open-source allowing independent security reviews.
Example VeraCrypt — a modern fork of TrueCrypt
- Encrypting filesystems — particular modern filesystems offer encryption capability, often operating as a transparent user independent layer.
- Encrypting stack filesystems — solutions for stack filesystems operation at the user level, most often used to securing particular pools of data
Example eCrypFs for Linux or EncFS available on several platforms - Cloud-optimised data encryption — encryption systems by design optimised for deployments in third-party clouds and data exchange systems
Example gocryptfs or cryfs available on several platforms
Virtual Private Networks and secure data transport systems
Solutions ensuring secure communication between secure severs systems and networks
High performance secure IPSec links- IPSec for Linux/Unix systems and specialised networking hardware
- IPSec deployments along other encapsulation and tunneling protocols
- Solutions for advanced computer networks, secure server systems, virtualisation of systems and services as well as isolation of services and processes
- Optimisation, configuration and multiplex operation of access servers
- Wireguard links for secure networks and mobile clients
- Asymmetric cryptography based anonymous (or blind) wireguard links
- Special purpose wireguard solutions for secure servers systems
- Solutions preventing wireguard protocol blacklisting
- Solutions for advanced computer networks, confidentiality of communication and advanced communications confidentiality
- Virtualisation and ssh deployment as special purpose VPNs
- Secure data transport for server systems and specialised networking hardware
- Ssh as a secure authentication system for network resources
- OpenVPN based virtual private networks and links
- Cisco AnyConnect based virtual private networks and links
Private and public clouds and secure online data sharing
Engineering, deployment and management of private and public cloud services
Private clouds- Resource readiness for private clouds — solutions for advanced computer networks, secure server systems, production services and key server processes, virtualisation of systems and services, isolation of services and processes, Virtual Private Networks and secure data transport systems as well as advanced filesystems and data storage
- Solutions for private clouds and data sharing within organisations — solutions for advanced computer networks, Virtual Private Networks and secure data transport systems, encryption and authentication as well as advanced encryption
- Secure private clouds — solutions for Virtual Private Networks and secure data transport systems, confidentiality of communication as well as advanced communications confidentiality
- Non-public and deep web secure private clouds — solutions for engineering of non-public and anonymous networks
- Programming services for private clouds infrastructure — solutions for PHP programming services and Go programming services
- Resource readiness for public clouds — solutions for secure work environments, secure server systems, production services and key server processes, virtualisation of systems and services, isolation of services and processes, Virtual Private Networks and secure data transport systems as well as advanced filesystems and data storage
- High performance clouds and public access to high volumes of data — solutions for advanced computer networks and advanced filesystems and data storage
- Programming solutions for public clouds — solutions for PHP programming services and Go programming services
- Solutions for GitOps and WebOps
Engineering of non-public and anonymous networks
Engineering, deployment, security and optimisation of services for the non-public Internet (deep web) and the hidden Internet (darkweb)
Deep web networks- Engineering of server systems and work environments for deep web operations — solutions for secure work environments, advanced computer networks, secure server systems as well as Virtual Private Networks and secure data transport systems
- Engineering of specialised deep web services — solutions for production services and key server processes, private and public clouds and secure online data sharing, virtualisation of systems and services, isolation of services and processes, Virtual Private Networks and secure data transport systems, confidentiality of communication, advanced communications confidentiality, encryption and authentication, advanced encryption as well as advanced filesystems and data storage
- Engineering, cryptography and management of The Onion Router (TOR) anonymous network
- Engineering, cryptography and management of The Invisible Internet Project (I2P) anonymous network
- Deployment and optimisation of servers systems for anonymous network operations — solutions for secure server systems, virtualisation of systems and services, isolation of services and processes, production services and key server processes, encryption and authentication, advanced encryption as well as WebOps
- Deployment and optimisation of secure work environments for anonymous networks operations — solutions for secure server systems, virtualisation of systems and services as well as Virtual Private Networks and secure data transport systems
- Deployment and optimisation of secure anonymous network dedicated services — solutions for PHP programming services, Go programming services, code operations security, code data security, WebOps, secure server systems, production services and key server processes, virtualisation of systems and services, isolation of services and processes, security and privacy of blockchain architectures as well as programming solutions for blockchain architecture and cryptocurrencies
Security and privacy of blockchain architectures
Solutions for blockchain architectures in programming and work environments
Blockchain architecture engineering basics- The blockchain concept as effective information storage
- Dependency of the blockchain architecture on Internet and information exchange networks
- Dependency of the blockchain architecture on processing power and hardware resources
- Blockchain architectures as concept of information certainty
- Privacy of blockchain transactions
- Applicability of public and transparent blockchains
- Applicability of blockchains completely private
- Applied cryptography of existing blockchains
- Blockchains as core architectures of cryptocurrency engineering
- Cryptography of particular cryptocurrencies
- Analysis of cryptocurrency transactions
- Blockchain architectures as distributed database
- Blockchain architectures as distributed registry or event ledger
- Engineering of systems based on blockchain architectures
- Programming services involving blockchain technology — solutions for programming solutions for blockchain architecture and cryptocurrencies, PHP programming services, Go programming services, code operations security as well as code data security
- Programming services introducing programmatic support for cryptocurrencies — solutions for programming solutions for blockchain architecture and cryptocurrencies