CCE is a multiplatform application tool which provides encryption, decryption and general data management facilities for individuals and groups. It supports encryption and decryption of files or folders using either Austrian Citizen Card (ACC) or software based keys (SBK).
The encrypted data in CCE is stored in containers, which are files based on S/MIME format, supported by common email clients like Outlook, Thunderbird and others. The application supports both asymmetric and symmetric encryption approaches.
Although CCE's usage is not limited to Austrian Citizen Card only, leveraging its advantages brings the highest level of security in comparison with other similar solutions. In the architecture of ACC, keys are stored on the smart card only and cannot be reached by other applications or parties. This is not the case with software based keys, which are often stored on local computer, thereby introducing additional security risk and point of vulnerability.
CCE is maintained by A-SIT, Secure Information Technology Center (Austria). The project started in the year 2006. Complete development took a little less than one person year.
Although the exact number of users is not available, based on the statistics from our download site, we estimate there are more than a thousand of active users. Two main user groups are:
- Since 2007 (CCE v1) public servants in ministries, to protect sensitive and classified information;
- With CCEv2 (from 2008) in addition citizens got attracted that use their eID (ACC) or a software certificates to encrypt important data.
In CCE, a file can be encrypted for different users. Therefore the recipient´s encryption certificates are used.
CCE offers several ways to retrieve the encryption certificates:
- Import from a Citizen Card
- Import from files
- Import from web service
- Retrieval from LDAP servers
Directory services, such as LDAP servers, store the certificates of their customers. In the case of Austria, there are public LDAP servers providing certificates of citizens who have activated their Citizen Card.
In the application these servers are preconfigured automatically and queries can be made to find the desired person (e.g. based on the name or part of the name). Additionally, CCE performs checks for the validity of certificates (OCSP) and issues warnings for recipients with already expired certificates.
CCE holds certificates in its certificate store. Groups of certificates can be built that contain certificates of several users. These groups are stored locally and can be organized in multiple levels of hierarchy (subgroups).
Furthermore, the groups of certificates can be imported from a web service. This case is particularly useful for larger organizations and groups. It helps to lower maintenance overhead for the cases of multiple certificates per user, expired certificates and citizen cards or different group hierarchy levels.