A Variety of Uses

Crosspass can be used for a variety of purposes to improve the privacy and security of communication.

Sending a Password

The most obvious case for Crosspass is the sending of a password. Suppose Alice works for company Acme Inc. and she needs to email login credentials to a business client Bob. Usually in such business setting email is the method of communication of choice.

  1. Alice opens Crosspass app and creates a password share.
  2. Takes note of the Lookup ID and PIN.
  3. Composes the email as per usual, but instead of the password puts the Lookup ID and PIN for Crosspass.

Example:

Hello Bob,

Thank you for signing up with Acme!
We have now created an account for you.

Username: BobSmith
Password: Crosspass AXYZ 2475

Note: For your privacy I am sending you the password using the Crosspass app.
Please install it on your phone and retrieve the password using information above.

Thank you,
Alice

Sending an API key

Often IT businesses allow access to an API using an auth key which is unique for every client. Alice can send the API key the same way she would send a password. For example:

Hello Bob,

Thank you for signing up with Acme! We have now created an API key for you.
Use the Crosspass app to retrieve the key securely,

Lookup ID: AXYZ
PIN: 2475

Note: You will need to install Crosspass on your phone.

Thank you,
Alice

Sending a Bank Account Number

Suppose Alice wants Bob to wire her money. She uses Crosspass to create a shared note with the following information:

Beneficiary name:  Alice Doe
Bank account number:  439587382957
Beneficiary address: 123 Broadway St, Apt 1, Gotham City

Then she sends Lookup ID and PIN to Bob by email or IM.

Sending a Credit Card Number

Suppose Alice wants Bob to charge her credit card . She uses Crosspass to create a shared note with the following information:

Name on card:  Alice Doe
Credit card number:  1111 2222 3333 4444
Expiry: 01/28
CVV: 123
Billing Zip code: 12345

Then she sends Lookup ID to Bob by email or IM and asks him to install the Crosspass app. When Bob asks her for the PIN, she calls him to give him the PIN. Bob then immediately retrieves the credit card number.

Sending a Social Security Number

It is well known that Social Security numbers (in USA) and Social Insurance numbers (in Canada) are regarded as highly private. Let’s say Alice wants to send Bob her Social Security number. She would use Crosspass to create a shared note with her Social Security number and email the Lookup ID and PIN to Bob.

Sending a Microsoft Word file

Suppose Alice has a private document that she wishes to share with Bob.

  1. Alice chooses a strong password and stores it somewhere
  2. She installs the 7-zip app on or her PC or Mac
  3. She creates a new folder ForBob and places the Microsoft Word file into the folder
  4. She creates a ForBob.zip file using 7-zip, selecting AES encryption with the chosen password
  5. She sends the file ForBob.zip to Bob by email, Dropbox, or Google Drive
  6. She opens Crosspass app and creates a password share with the chosen password
  7. She notes the Lookup ID and PIN and sends them to Bob by email or IM

On the receiving end Bob does not need to install 7-zip. The received ZIP file can be decompressed in Mac and Windows, since they natively support AES decryption. Bob receives the password using Crosspass and decrypts the ForBob.zip file.

Verifying WhatsApp Encryption

Alice wants to make sure that her conversation with Bob is end-to-end encrypted.

  1. She uses WhatsApp app to view Bob’s profile.
  2. In Bob’s profile she selects Security Code in order to view a 60 digits long number.
  3. She uses Crosspass to create a shared note with these 60 digits.
  4. She receives the Lookup ID and PIN for this note.
  5. She texts the Lookup ID to Bob by WhatsApp and asks him to install Crosspass.
  6. She calls Bob on the phone and tells him the PIN.

Bob then uses the Lookup ID and PIN to retrieve the Security Code. He opens Alice’s profile in WhatsApp, then views her Security Code in the profile and verifies that it is the same as what he received by Crosspass.

Verifying Signal Encryption

Same as WhatsApp, except in Signal the “Security Code” is called “Safety Numbers.”

Sending a Bitcoin Address Anonymously

Cryptocurrencies like ZCash and Monero go to great complications in the protocol in order to hide the identity of the address owner. Other cryptocurrencies, including Bitcoin, do not have this anonymity feature.

However, this level of anonymity can be achieved with Crosspass easily for any cryptocurrency. Let’s say Alice wants to send to Bob her Bitcoin address, but she does not want anyone else except Bob to know that this address is hers.

  1. Alice uses Crosspass to create a note share with the Bitcoin address as the value
  2. She sends the Lookup ID and PIN to Bob by email or IM

On the receiving end, Bob uses Crosspass to retrieve the Bitcoin address.

Collaborating using an Encrypted Cloud Drive

Let’s say Alice and Bob wish to share files on an end-to-end encrypted cloud drive.

  1. Alice creates a Google Drive folder and shares with Bob.
  2. Bob and Alice install Google Drive on their laptops (Mac or PC), and verify that they can place non-secret files into the shared folder.
  3. Alice chooses a strong password and stores it somewhere.
  4. She installs Cryptomator app on her laptop and creates a Cryptomator Vault in the shared Google Drive folder.
  5. When Cryptomator asks her to choose a password, she uses the password which she has created.
  6. She uses Crosspass to create a password share with the chosen password as the value.
  7. She receives Lookup ID and PIN from Crosspass.
  8. She sends the Lookup ID and PIN to Bob by IM or email.

On the receiving end Bob uses Crosspass to retrieve the shared password. He installs Cryptomator on his laptop and tries to unlock the Cryptomator Vault. When Cryptomator asks him for the password, he uses the password that he has received.

Learn more

Sending an Encryption Key

An symmetric encryption key is just a long password. Therefore, Alice would send it by Crosspass the same way as she would send a password.

Verifying a Digitally Signed PDF

Alice uses Adobe to digitally sign a PDF and emails it to Bob. Bob does not trust the Adobe verification, and wants to independently verify the signature. This can be verified by comparing the Fingerprint value of the signing certificate. The Fingerprint value is a long string of letters and digits that can be found in certificate details.

  1. Bob asks Alice to send him the Fingerprint of her signing certificate.
  2. She opens the details of her certificate to view the Fingerprint value
  3. Alice uses Crosspass to create a shared note with and copy-pastes the long Fingerprint into it
  4. She receives a Lookup ID and PIN for the note from Crosspass
  5. She sends the Lookup ID and PIN to Bob

On the receiving end Bob uses the Lookup ID and PIN to receive the Fingerprint. He uses Adobe to view the detail of the signing certificate. The details show the Fingerprint value. He compares that the received Fingerprint value is the same.

Verifying a PGP key

Pretty Good Privacy (PGP) is a standard to encrypt email. Bob wants to send an encrypted email to Alice, and he needs her PGP key. When Alice creates her PGP key, the public part of the key is automatically uploaded to a public PGP server and is listed under her email address.

  1. Bob’s software downloads Alice’s PGP key from a public PGP key server.
  2. Bob asks Alice to send him the Fingerprint of her PGP key.
  3. Alice uses her PGP software to view the Fingerprint of her PGP key.
  4. Alice creates a shared Crosspass note with the Fingerprint.
  5. She receives Lookup ID and PIN from Crosspass.
  6. She emails the Lookup ID to Bob, and calls Bob to tell him the PIN.
  7. Bob uses the Lookup ID and PIN to retrieve the Fingerprint.