Acid Cryptofiler

Acid Cryptofiler is a cryptographic software program designed by the department for "control of information" of the French General Directorate of Armament. It is an online storage service. The software is now manufactured by ACID Technologies.

History

Acid Cryptofiler is on a list of cryptographic software approved for usage by the European Union and by the North Atlantic Treaty Organization, and is known to have been used by those organizations as well as by the European Parliament and European Commission since the summer of 2011. It was approved for usage in the EU, in version V7, on 29 September 2011.
In January 2013, as the Red October campaign was being discovered, researchers noted that the malware particularly targeted documents with .acid extensions, referring to documents processed by Acid Cryptofiler, including the file extensions acidcsa, acidsca, aciddsk, acidpvr, acidppr, and acidssa.

Overview

Acid Cryptofiler is based on the integration of government cryptographic libraries, including a CCSD API. It offers the following functions:

Asymmetric encryption in archive format called Acid Archives.
Volume encryption in symmetric mode and asymmetric mode.

Acid Cryptofiler is delivered with a directory function to file public keys, that is compliant with LDAP and Active Directory.
A bunch file contains all public keys held by a user. A user can belong to different cryptographic domains. Private keys are also stored in a bunch file.
The keys are generated by a centralized office under the responsibility of the chief information security officer. Before a user is given a key, he/she must be trusted by the centralized office. In France, Acid Cryptofiler does not fit for defense classified information.
Acid Cryptofiler was designed and developed by the Direction générale de l'armement.. It runs on Microsoft Windows. The software is classified.
According to a book by Gérald Bronner, Acid Cryptofiler was so slow that sending an email took 10 minutes.