EviCypher Features

EviCypher features secret encryption with multi-factors authentication (MFA) with configurable segmented keys. It to build new secure cyber links with your own encryption keys physically offline

Feature on Next-gen in secrets management


The specificity of EviCypher is based on the protection of keys, called secrets.

Indeed, according to the principle of Auguste Kerckhoffs, the security of a cryptosystem must be based only on the secrecy of the key. All other parameters are assumed to be known to the adversary, using the so-called “Shannon maxim”.

In fact, EviCypher uses proven, known and recognized open source encryption algorithms.

The Freemindtronic design office, designer of EviCypher, ensures proper implementation of their implementations.

EviCypher offers its user the possibility of generating, managing and using freely, in complete safety, secrets such as encryption keys, complicated passwords, pairing keys and PIN codes.

These secrets are stored encrypted, offline, in non-volatile memory with physically secure access. The only access possibility is contactless via an NFC phone serving as an interface.

EviCypher is materially and mathematically indecipherable.
EviCypher can fall into the hands of malicious people without requiring knowledge of the secret.

Secrets saved in EviCypher can be communicated and stored, without the aid of written notes, and can be freely changed at the discretion of correspondents who also own an EviCypher.

EviCypher is compatible with all digital communication systems, paper printing and SMS and MMS telecommunications.

EviCypher is an individual NFC device that fits in your pocket. Its handling and operation does not require the assistance of several people.

EviCypher is very easy to use. It does not imply special knowledge, nor knowledge of a long series of rules to be observed.

EviCypher is an individual safety and cyber security system of secrets. It is protected by international patents. Click here to find out more.

EviCypher embeds a tamper-proof anti-counterfeiting system. Each NFC device has a physically locked and permanently read-only signature by BLS12-381.

Technology patented click here to find out more. 

Consult the cybersecurity glossary produced by NICCS ® to understand the definition of words used in the EviCypher site.

Cybersecurity Glossary

Green Tech

EviCypher works for life contactless via an NFC phone acting as an interface.

The EviCypher NFC device uses the phone’s NFC signal on demand only to collect electrical energy for operation.

EviCypher operates for life, battery-free and maintenance-free.

The number of active and passive electronic components as well as the connectors and boxes in EviCypher are reduced to a minimum.

EviCypher works only contactless. In fact, it does not have a connector, screen, buttons and peripheral accessories (USB, card reader). EviCypher does not use any remote (cloud) server to store and use secrets. Secrets are kept for 40 years, with no source of electrical power.

EviCypher thus significantly reduces its environmental impact from design to use.

EviCypher can be integrated into various recyclable materials that do not block the NFC signal: ABS, PCB, wood, walls, concrete, liquid. EviCypher electronic boards are coated with a military-grade epoxy resin providing physical protection to electronic components.

In the bank card version in ABS, the components are coated by the ABS card. For the other formats of the RFID tag type in ABS with ring and metal hook, they are also recyclable. The EviCypher 200 board is made of PCB FR4 resin and fiberglass, also recyclable.

The component used in EviCypher is guaranteed by the manufacturer STMicroelectronics for 1 million error-free overwrite cycles per 64k memory address. To know more about it, click here

EviCypher offers its user error-free availability of secrets for many years. Indeed, even if you change a secret once a month, the risk of error will appear in about 229 years.

EviCypher is designed to return to factory configuration. It can therefore be resold without risk since the encrypted secrets are destroyed during the operation.

EviCypher can be transferred, loaned or resold on the second hand market. Extreme longevity estimated at 229 error-free years (read Extreme longevity errorless) significantly reduces the environmental impact of recyclable electronic devices.

EviCypher technology is designed and developed by Freemindtronic, a research and development design office specializing in safety and cyber security and expert in NFC technology.

Freemindtronic does everything to reduce the impact on the environment from the design, manufacture and end use of products. To learn more about Freemindtronic’s Green Tech DNA, click here

Use Cases

With EviCypher you can encrypt everything with your own symmetric AES256 and asymmetric RSA4096 encryption keys: mail, SMS, MMS, files as well as all your means of communication.

Use EviCypher’s Passwordless feature not only to log into your internet accounts but also any other application that uses a web browser interface.

Also, automatically log into all computer systems without entering or remembering a password or any other knowledge-based secret.

Randomly generate a complicated password (up to 48 characters) which will be saved encrypted in your EviCypher. Then, connect automatically without contact, without having to know it, nor to enter it on the keyboard.

EviCypher’s anti-phishing system, automatically backs up your original favorite websites and / or web interface to allow automatic login.

With EviCypher you can natively encrypt all your written communication means with the keys that you have generated. Thanks to various specific extensions such as the one developed for the Thunderbird mail client, the EviCypher encryption and decryption system is integrated.
In fact, you can encrypt your emails locally and or on your email server. Thus, all your messages always remain encrypted even in the event of corruption of your messaging services.
Decryption is only possible with the right key saved in your EviCypher.

Use your own secret keys to auto-encrypt your data storage utilities (SED Self Encrypting Drives / FDE Hardware-based full disk encryption).

Likewise, use your secret keys to encrypt data storage media such as USB sticks and external or internal drives, via software of your choice such as Bitlocker.

Simply encrypt any file types you want with your own encryption keys. Then back them up to any local, removable storage media of your choice such as USB drives, SD card, external HD / SSD, phone, as well as any online storage.

Store encrypted in AES256, on any fixed, removable or online media, your SSH keys thanks to the EviCypher encryption function from a computer or an NFC phone.

You can individually protect your SSH keys by adding until 9 cumulative, physical trust criteria. All the trust criteria you have determined must be met to be able to use your SSH key. This has the effect of making it impossible to use your SSH key without using your NFC EviCypher device.

Store your secret codes for accessing and/or administering your IoT in encrypted form. Also use the Passwordless function to connect to your IoTs. An ideal solution for ensuring maintenance, especially remotely.

Advantageously, the addition of trust criteria considerably increases the authentication of the person authorized to access your secret codes. The simplicity of sharing your secret codes via a QR code encrypted in RSA 4096, offers you extreme mobility completely secure from end to end from an NFC EviCypher device

The patented EviCypher encryption system is designed not to expose the user as an investigative journalist or international investigator operating in hostile territory. Each country is sovereign in terms of the right to the protection of sensitive data. Voluntarily withholding data from police authorities when crossing borders, for example, can be very risky.
Take the example of a French editor who assigns a journalist to investigate in a country at risk of corrupting sensitive data. The editor-in-chief creates an encryption key with a trust criteria, a geographical area in France. In fact, the decryption of the data encrypted with this key by the journalist can only be carried out in the defined geographical area. The reporter crosses the border with an empty EviCypher. The journalist creates an RSA 4096 key, and sends his public key by SMS to the editor. The latter sends his slave AES key to a geographical area unknown to the journalist. The journalist then encrypts his sensitive data with the editor’s encryption key.

The journalist can then remove the encryption key from his EviCypher to cross the border with an empty EviCypher. Even if the editor’s key was intercepted, it can only be used in the area defined and known only to the editor. Thus, at no time is the journalist exposed to lies and he is unaware of the criteria of trust defined by the chief reactor.

The patented EviCypher encryption system is designed to give humans their own sovereignty over physical and digital control over their secrets and sensitive private data. The unique features of the two invention patents embedded in EviCypher are that humans can generate their own encryption keys. These are stored encrypted offline in an NFC Air Gap device. 

The latter connects, on demand, to a computer system via EviCypher technology. Humans use EviCypher to encrypt sensitive data without contact from any NFC phone or computer. He can add trust criteria to the secrets he shares encrypted via the public key (RSA 4096) of his correspondent’s EviCypher device. Then, they can freely encrypt, without contact, in AES256, all sensitive data, files and texts. They can use all their usual means of communication including SMS and MMS. Finally, each secret is encrypted in AES256 with segmented keys (administrator password, pairing key, phone ID and the signature of the anti-counterfeiting system). Read the article « Anti counterfeit system » to learn more on the subject.

Human can also add up to 9 cumulative physical trust criteria. This makes it impossible to use secrets without meeting all the criteria of trust. Finally, these criteria can only be modified by the administrator of the system. This provides absolute security and protection of access to secrets stored in the NFC device.


Let’s take the example of a French editor who assigns a journalist to investigate a country at risk of corruption of sensitive data. The editor-in-chief creates an encryption key linked to a geographical area. In fact, the data encrypted with this key by his journalist can only be decrypted in this geographical area in France. The journalist crosses the border with an empty EviCypher. In case of a check, the EviCypher is empty. The journalist creates an RSA 4096 key, and sends his public key to the editor by SMS. The latter sends his AES key, which is linked to a geographical area unknown to the journalist. The journalist then encrypts his sensitive data with his EviCypher using the editor’s encryption key. The journalist can then delete the encryption key from his EviCypher and cross the border again with an empty EviCypher. Even if the editor’s key is intercepted, it can only be used in the area defined and known by the editor. Thus, at no time is the journalist exposed to deception on the one hand, and has knowledge of the trust criteria defined by the editor-in-chief on the other.

The user of an EviCypher device is not dependent on computer systems or NFC phones serving as a terminal. The user can freely pair his device with an NFC phone and then delete it. Likewise, it can freely add and delete the pairing of the NFC phone with the extension for web browsers.

The fundamental operating principle of EviCypher technology is to leave no traces, neither in a computer nor in the NFC phone. Thus, EviCypher is designed to be used freely on any computer or NFC phone. Secrets are only stored encrypted in the memory of EviCypher’s NFC device. In addition, EviCypher natively embeds a telephone fleet manager.


EviCypher includes end-to-end protection systems against espionage in particular. Passordless functionality and remote encryption of text and data on the same local network via your EviCypher helps reduce the spy attack surface.

This is because secrets can be used without the need to provide an EviCypher to an intern, temporary worker or subcontractor. It is indeed possible to control the use of its secrets from end to end from an NFC device. This can be done even remotely, on any computer or phone, without the need to transmit secrets in the clear. Likewise, you can use an EviCypher without physically accessing the secrets.

As a reminder, each secret can also have up to 12 physical trust criteria. This has the effect of considerably reducing the surface area of ​​proximity and / or remote espionage. Finally, sensitive data encrypted in AES256 and / or RSA 4096 is resistant to any form of espionage, since the encryption keys are physically in the NFC EviCypher device.

Advantageously, thanks to the Passwordless function of EviCypher, you can use other encryption software such as TrueCrypt or VeraCrypt since the secret encryption keys are stored encrypted in your EviCypher.

With the Passwordless function and the virtual Bluetooth keyboard encrypted in AES218, manage up to 200 connection profiles to divestments of operating systems of all types of computer.

This solution also allows very low-level management of administrator and user access control profiles via the computer’s Bios as well as the self-encryption of SED / Opal2.0 storage units.


EviCypher 100 storage capacity: Up to 100 secrets and a pair of RSA 4096 keys

EviCypher 200 storage capacity: Up to 200 secrets and 2 pair of RSA 4096 keysEviCypher 200 storage capacity: Up to 200 secrets and 2 pair of RSA 4096 keys

Storage encryption: AES-256, CBC mode

Data encryption: AES256 SHA256

Encryption secret sharing: RSA 4096 bits 

Communication encryption: ECC 256-512 bits

Bluetooth InputStick virtual keyboard encryption: AES128

Random Number Generator (TRNG): 40 kbit/s

Type of secrets you can store: Passwords, identifiers, encryption keys symmetric and asymmetric, notes and pairing keys (EviCypher, EviToken, EviKey and EviDisk)

Type de secrets : Mot de passe, identifiant, clés de chiffrement systémique et asymétrique, notes, clés d’appairages (EviCypher, EviToken, EviKey, EviDisk)

Life expectancy (MTBF, MTTF): 1,000,000 rewrites at a temperature of 25 ° C per memory address are guaranteed to be error free. This is information that you can consult freely in the technical documents of STMicroelectronics, manufacturer of NFC components.

For more information see “NFC Datasheets” below.


The duration of saving secrets without the need for electric power is 40 years.

Each time you use your EviCypher, the backup of encrypted content secrets is revitalized for a further 40 years without any power source.

EviCypher’s energy source comes from energy harvesting via the NFC signal of the NFC phone with which it is paired.

Consult the technical documents of the components used in the manufacture of EviCypher products. ISO / IEC15693 NFC components are industrial grade and operate between -40° C to + 85° C. EviCypher uses secure 64Kbit capacity eprom memory. It uses the NFC signal energy recovery system emitted by the NFC phone with which it is paired. EviCypher uses two types of technology which has resistance against invasive brute force attacks including 32-bit passwords for the M24LR64E-R and 64-bit passwords for the ST25DV64K. Understood that even if the passwords are corrupted, the secrets contained in the eprom memory are encrypted in AES256 with segmented keys of physical origin defined in part by the user and / or the administrator of EviCypher. Understood that the signature system and other parameters are permanently locked in read-only manner. So even if the component passwords are corrupted tampering with locked NFC memories is physically impossible.

Consult the technical document of the component used for products dedicated to companies, independent professionals, Architects, design office, IT department and information system not classified Defense.

Datasheet NFC M24LR64E-R STMicroelectronics 

Consult the technical document of the component used for products dedicated to state services, intelligence, Defense, banking services, health services, and sensitive classified enterprise, investigative journalist, sensitive organization, international investigator, judicial organization, IT services and Defense classified information system.

Datasheet NFC ST25DV64K STMicroelectronics

EviCypher is a product that simultaneously offers two types of protection and security, one is physical and the other is digital.

EviCypher is an NFC Air Gap device that only connects on demand to computer systems via an NFC phone using as a terminal. Secrets stored in EviCypher’s secure non-volatile memories are end-to-end encrypted from the device. Otherwise, EviCypher is a passive product. It needs the NFC signal sent by an NFC phone it is paired with to become active.

In fact, this excludes any form of remote cyber attack.

EviCypher is designed to resist invasive and non-invasive attacks as well. Indeed, the secrets stored in the eprom memories are encrypted in AES 256 with segmented keys of physical origin. Up to 9 different cumulative trust criteria can be added for each stored secret. These are in addition to the 4 other native physical trust criteria such as the pairing key, the anti-forgery signature, the password defined by the administrator of EviCypher.

EviCypher also offers the user the possibility of adding up to 5 cumulative trust criteria of non-modifiable physical origin to exchange secrets encrypted with the public key RSA 4096 of another EviCypher. This makes it possible to impose the conditions of access to a shared secret. All the trust criteria must be met to authorize access to secrets and their use. For this, EviCypher also embeds a generator with auto backup of RSA 4096 keys. The private keys are also encrypted in the device in AES 256 by segmented keys with addition of confidence criteria of physical origin.

The public keys of the RSA keys are used to exchange secrets in an encrypted manner between 2 EviCypher devices. Exchanges can be carried out by any means of communication. They can also be printed. Finally, they can be shared in real time by QR Code display between phones, or contactless via the Beam NFC Android function.

EviCypher is an easy-to-use tool, with individual sovereignty, capable of effectively resisting any attempt to corrupt your secrets. This is fundamental to increase tolerance to attacks. It is also a system that keeps a set of crucial features functioning well despite malicious behavior.

Each secret can have up to 9 cumulative trust criteria of physical origin: 3 geolocations, 3 BSSID addresses, phone ID, Password or Barcode/QR Code to be accessible. An ideal solution to manage teleworking.

The trust criteria can be imposed in such a way that their modifications are physically and numerically impossible. It is thus possible to control end-to-end from an EviCypher device the conditions of use of secrets.

Secrets are physically stored encrypted in the non-volatile memory of the EviCypher NFC device. Secrets are used encrypted from EviCypher.

The sharing of secrets between EviCypher NFC devices can be done in different ways, in airplane mode, simply with the phone’s NFC activated. The secret is shared via an encrypted Qrcode, displayed on the screen, without contact via the NFC Android Beam or by web cam.

Share encrypted secrets through EviCypher’s RSA 4096 key manager. Secrets are encrypted with the recipient’s public key. An encrypted QR code is made accessible and / or visible by various means for the recipient (web cam, printout, SMS, MMS, email, online file). The latter scans the encrypted Qr Code and the secret is automatically stored encrypted in its EviCypher device. Advantageously, this operation can be carried out in a corrupt environment and even under the gaze of malicious people.

Use complicated and complex passwords to automatically connect to your accounts on the internet and/or web interface (example: administration router), without writing or memorizing the username and/or password.

Everything is done contactless via the freely downloaded Android application for NFC phones and via a browser extension based on Chromium, Opera and Firefox from Mozilla. This automatic connection can be carried out on all the browsers of the computers present on the same network and paired with an NFC telephone. Thus, it is possible to make automatic remote connections in the local network with a single EviCypher device.

Your secrets, including your sensitive data, always remain encrypted, even if the information system and/or the computer system is corrupted. EviCypher is an individual sovereignty tool that allows you to take control of your sensitive data.

You always remain secure and protected against many forms of attack, espionage, loss, theft and corruption of information systems and computer and telephone systems.

EviCypher has no backdoor.

EviCypher products do not collect any data either on EviCypher or on their users and administrators. No information is requested. It does not use any remote server to save the secrets.

The principle is that the user remains anonymous from end to end, from the device and its use via a computer and or an NFC phone with which he is paired.

Each EviCypher manufactured receives a unique signature ECC BLS12-381 of authenticity achieved by the tooling. This signature is physically tamper-proof in read-only mode. This verifies that your EviCypher device is genuine.

In addition, each EviCypher is individually tested before receiving the signature. This is a guarantee of manufacturing quality and security of EviCypher devices.

Finally, the pairing keys are automatically destroyed after delivery of the devices. In fact, Freemindtronic is not able to provide the pairing keys of EviCypher in the event of loss.

EviCypher works with Freemindtronic’s FMT application developed for Android NFC phones

Freemindtronic’s FMT extension compatible with EviCypher works on all Opera, Mozilla Firefox web browsers as well as Chromium-based browsers (chrome, Brave, Edge).

EviCypher is compatible with all Windows, macOS, Linux, BSD operating systems

EviCypher is also compatible with the Thunderbird email client through the extension of Freemindtronic.

It allows contactless encryption of messages and attachments with your own AES256 encryption keys.

Thus the mails are always displayed encrypted. They are decrypted if the right AES key and the correct trust criteria are validated.

  • EviCypher Card : 86 × 54 x 1 mm
  • EviCypher Tag : 35 x 27 x 6 mm
  • EviCypher Card is around 0,2 oz (6 gr)
  • EviCypher Tag is around 0,3 oz (9 gr)

EviCypher works between  – 40°F and + 185°F (- 40° C et + 85° C)

EviCypher NFC devices comply with FCC, CE and RoHS standards

EviCypher is in compliance with the regulations on the protection of private data, notably with the European directives NIS & RGPD but not only.

If you want to know more, read the Freemindtronic article on this subject. Click here

To read other articles on compliance with European directives, laws and decrees of French origin click here