Contact PEA - Free Encrypted Address Book

Contact PEA is an easy-to-use open source address book where you can store contacts in a secure way.

Attention: Contact PEA is in alpha stage. The basic functions should work, but minor bugs are likely. Feedback is welcome: peafactory at eck.cologne

Features

Privacy Protection

Confidentiality through On-the-fly encryption: The content is decrypted only when requested and only in memory, never on disk.

Cloud Support

Save your calendars in the cloud and upload new versions using several cloud providers. All data remain encrypted during this process.

Authenticated Encryption

Protects the integrity of the data by an authenticated encryption. This guarantees that the data has not been manipulated.

Key File

Add a second factor besides the password and protect your data additionally with a key file. Store this key file wherever you want.

Additional Features

Platform independent: Runs on all systems with a Java runtime environment
Uses a memory-hard key derivation function that defends custom-hardware attacks
All source code is open source, including the libraries used

The program is small and consists of a single archive file. Installation is not required.

How it works

Contacts are organized in address books, where each address book is represented by a file. Decrypted, these files would contain contacts in the form of vCards version 4.0 according to the RFC-6350 standard.

When you open an address book, only this one is decrypted and only in memory, not on the hard disk. All others remain encrypted.

Contact Data

Contact data is sensitive data.

Creation of profiles

Contacts can serve as an identifier for creating personal profiles. Telephone numbers in particular serve as identification numbers, because in lots of countries telephone numbers cannot be created anonymously without great effort and phone numbers cannot be changed without great effort. Some still recommend changing your phone number more frequently - but all it takes is for one of your friends to save both numbers on an Android phone or iPhone, and the measure is nullified.

Merging personal data

Contacts can be used to merge data from different origins by scammers and data-collecting tech corporations. With an address book entry, for example, the phone number and address can be connected with the accounts on social networks of a person. Before such a connection, these were multiple people for the data collectors.

Fraud and harassment

Contacts are the basic material for spam, spoofing and phishing emails. Based on contact information, scammers can deceive people into revealing sensitive information, installing malware such as ransomware, or even transferring money.

Future threats

In the future, when Artificial Intelligence is more advanced, phone calls, personal mails and messages automatically generated based on contact information are likely to increase dramatically.

When we disclose contact information, we reveal information about others that we have not usually asked permission to disclose. We enable tech companies to collect data about people who don't even use those companies' services. And we have no idea or control over what these companies do with the data.

Encrypting Contacts

Entering a password every time you want to access your contacts is too cumbersome for the vast majority of people. This is not the main purpose of Contact PEA. And the main problem is with mobile phones anyway.

Backup of contact data

If we want to realize a minimum of data protection for our mobile devices, it is a good idea to store contact data only locally. This requires a bit of extra effort (see for example Elizas article), but it prevents the tech companies from automatically grabbing all the contact data - as they do by default.

With Contact PEA, not only can a backup be saved securely, but it can also be stored in the cloud - preferably using a locally stored key file. To do this, you just need to import the address book in Contact PEA and protect it with a password.

Encryption at rest

We use only a few of our contacts in daily use. Some contacts we keep for years in the unlikely case that we will eventually need them again. It makes sense to occasionally sort out these contacts from the address book and store them in another place in a safe way.

Contact PEA is a program to keep such contact data as safe as desired. The password, depending on its length, may only protect against casual fraudsters. With the key file placed on another storage medium, a second security factor can be added that meets very high security requirements.

Download Options for Contact PEA 0.2:

Key Derivation Function: Catena-Dragonfly, Argon2
Cipher (EAX-Mode): Threefish, AES-256, Serpent
Hash Function: Blake2b, SHA-3, SHA-512

How to use

Start the Jar Archive

You need OpenJDK, Java Runtime Environment (JRE) or something similar (at least 1.8). On most systems there is at least one available.
These PEAs are single Java jar archives, a file with the extension "jar". If you are familiar with jar archives, you can skip the following part.

Linux, BSD systems and Mac OS and other UNIX like systems: unpack the compressed download file (tar or unzip). Store it for example in your home folder. Change in the directory in console and type: java -jar YOUR_ARCHIVE.jar or try to double click the file unix_start_helper.sh.

Windows: Normally you can open the jar archive just by a double click. But sometimes other programs overwrites this possibility and instead unpack the jar archive. In this case you can change the default program to open a jar archive or use the terminal, change in the directory of your archive and type java -jar YOUR_ARCHIVE.jar or try to double click the file windows_start_helper.bat

Initialization: First Start

The first time you start the Contact PEA, the program will initialize. You are asked for a password and an address book name.
You can reset the password later in the menu.