Short mode No tags Decoy mode
Write your personal or shared Key, or the recipient's or signer's Lock in this box. To display the characters, check Show. As you type your Key, a text above it will tell you the strength of the Key based on simple rules. Make sure to use $ymbol$, numb3rs, caPiTals, unusual words and mispelingss. Initial capitals and numbers at start and end are not helpful and will be ignored for the strength score.
If your Key strength is worse than Medium, PassLok will be very slow.
To get information on every button as you press it, check this box: Learn Mode
For instructions on how to do things, click on each title below. Click again to hide.
1. Write or paste the shared Key in the key box, which is accessed with the Key button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Write or paste the message in the main box. Click the Lock/Unlock button. The locked message will appear in the main box, replacing the original text. Copy it and paste it into your communications program or click Email to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + or / This message can only be unlocked by someone having the shared Key.
All of this is explained in this video tutorial:https://www.youtube.com/watch?v=y6sk7I7YR0I
1. Write or paste the shared Key in the key box, which is accessed with the Key button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + or / or is missing its tags. Then click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.
All of this is explained in this video tutorial:https://www.youtube.com/watch?v=y6sk7I7YR0I
1. Fetch the recipient's Lock. He/she would have sent it accompanying an email, or in and SMS text message, or posted it publicly. You can tell it is a Lock because it comprises 87 random-looking characters, likely with PL**lok tags at either end (** is the version number). You need this Lock before you can do anything else.
2. Paste the recipient's Lock in the key box, which is accessed with the Key button. It is masked by default, so if you want to display it, check the Show checkbox. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added.
3. Write or paste your message in the main box. Click the Lock/Unlock button. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program or click Email to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + or / This message can only be unlocked by someone having the secret Key matching the Lock used to secure it.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=NqwnQY4O5MA
1. Write or paste into the key box, which is accessed with the Key button, the Key matching the Lock used to secure the message. It is masked by default, so if you want to display it, check the Show checkbox.
2. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + or / or is missing its tags. Then click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=NqwnQY4O5MA
1. Check the Short mode checkbox below the main box.
2. Write or paste your message in the main box. Message length is limited to 58 ASCII characters when locking with a Key, 38 if locking with a Lock. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. Click the Lock/Unlock button.
3. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program. The locked message, which has no tags, will fit within one SMS message (160 characters).
4. On a mobile device, the locked message will be selected and ready to be copied into the clipboard. You need to copy it manually before clicking the SMS button, which will open your SMS app.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=7d2nhjCgo3E
1. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters. As with regular-length messages, the appropriate Key must be entered in the key box prior to unlocking. Then click the Lock/Unlock button. You don't need to check the Short mode checkbox.
2. The unlocked message will appear in the main box, replacing the locked message.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=7d2nhjCgo3E
1. Write or paste your secret Key in the key box, which is accessed with the Key button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Write or paste the text to be signed in the main box. Click the signature/Verify button. A sign matching the text and the Key will be appended at the end of the text in the main box. Copy it and use it as appropriate. If you click Email the text with its signature will be placed into an email using the default program. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the signature with spaces, and punctuation other than line returns or = + or /.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=7RP8Nc2jU8U
1. Paste the lock of the person who made the signature into the key box, which is accessed with the Key button. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added.
2. Write or paste the text with its signature appended at the end in the main box. It is okay if the signature is broken up by spaces and special characters other than = + or / or is missing its tags up to the "=", but it should not be broken by carriage returns. Then click the signature/Verify button. A message above the main box will say whether or not the signature for that text has been verified.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=7RP8Nc2jU8U
1. Check the Decoy mode checkbox below the main box.
2. Follow the instructions for any kind of locking, using a shared Key or the recipient's Lock, short or regular length. This also works when making a signature. If Decoy mode is checked, a popup will ask for a Decoy Password to lock the hidden message, and the hidden message itself.
3. Write or paste into the the appropriate boxes the Password and the hidden message. The length of the hidden message is limited to 152 ASCII characters in key-locked and signed modes, 87 characters in regular locked mode, 37 characters in short message mode (key-locked only), 40 characters in signatures. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. Then click OK.
4. After clicking OK, the locked message containing both the main text and the hidden text will appear in the main box, replacing the original text. If it is a signature, it will be appended to the text. Copy it and paste it into your communications program. As with regular locked messages, it is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + or /
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=XPwilrxhXG0
1. Check the Decoy mode checkbox below the main box.
2. Follow the instructions for any of the three locking modes, using a personal or shared Key, or for verifying a signature. If Decoy mode is checked, a popup will ask for a Decoy Password.
3. Write or paste into the popup box the special Password for the hidden message and click OK. The hidden message, if it exists, will appear above the main box even if the main unlocking fails. The main message will appear in the main box if the main unlocking is successful. In the case of signatures, the hidden message appears in the place normally used by the verification message, so if you still wish to verify the signature, you need to uncheck Decoy Mode and click Sign/Verify again so the verification message is displayed.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=XPwilrxhXG0
1. Start typing in the key box, which is accessed with the Key button. As you type, a text above the key box will tell you how strong the Key is, based on simple rules. If you want to see what you are typing and don't mind people peering over your shoulder, check the Show checkbox.
2. The Key will be stronger if it contains caPiTals in unusual places, numb3rs, and $ymbol$. If you use common words, mispelll them to make harder a "dictionary attack." Avoid things that refer to yourself and your family, such as birthdays or nicknames, or anything else that might be easy to guess, like: asdfg, qwerty, password, PassLok, and the like. It is a good practice to append your email address at the end of the Key, to combat the "rainbow table" attack. Alternatively, you can use anything that is not a standard dictionary word instead of your email.
3. Bear in mind, however, that you should be able to remember your Key without having to write it down. PassLok will never ask you to change your Key, so this is your chance to make a truly strong Key that you will use for a long time.
PassLok compensates for bad Keys by taking longer to do its computations. If PassLok is slow, this is likely because your Key strength is less than Medium.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=0Wdw_SKLOFk
1. Write or paste your secret Key in the key box, which is accessed with the Key button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Click the Lock/Unlock button. The lock matching that Key will appear in the main box. It is okay to strip the tags up to the "=" sign, or insert spaces, carriage returns, or special characters other than = + or / but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. The lock can be made available to anyone who wishes to secure messages to be read with the matching Key. You can also email the lock directly by clicking Email.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=_t_O2oeUb_w
1. Write or paste your secret Key in the key box, which is accessed with the Key button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Paste the Lock in the main box. Click the Make Lock button. The shared Key resulting from the Key and the Lock will appear in the key box, replacing the original Key, and the main box is cleared. This is useful to make or read a locked and signed message, since the recipient will need the sender's Lock to obtain the Key that unlocks the message, in addition to his/her secret Key. Use it as you would use a regular Key.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=nTDUYPyDHgo
1. Write or paste your secret Key in the key box, which is accessed with the Key button. It is masked by default, so if you want to display it, check the Show checkbox.
2. Paste the sender's Lock in the main box. Click the Make Lock button. The shared Key resulting from the Key and the Lock will appear in the key box, replacing the original Key. A confirming message appears in the main box.
3. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + or / or is missing its tags. Then click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=nTDUYPyDHgo
1. Make sure the key box, which is accessed with the Key button, is empty, then click the Make Lock button below the key box. If the main box is not empty, a popup message will ask if you want to proceed.
2. A random Key will appear in the key box and its matching Lock in the main box. Use them as needed. If you want the Lock to appear without tags, check the No tags checkbox first.
3. The main use of this function is to generate a short-term Key-Lock pair for instant messaging, which can be forgotten afterwards.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=Ceh3zMcn6zg
1. Make sure the main box is empty, and then click the Key button.
2. Put the Key, which must be at least 5 characters long, in the key box. If you want a new random Key, follow the steps above. Then click the Split/Join button.
3. A popup asks for the number of parts required to retrieve the original. Write the number, which must be between 2 and 255, and click OK. The parts appear in the main box and a message confirms it. If you need more parts (the number required won't change), click Split/Join again for each additional part. Copy the parts one by one and send/store them as needed. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces and punctuation other than = + / or line returns.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=2VTWnN4lZHw
1. Paste all the necessary Key parts in the main box. Make sure that each part is unique and occupies one line, and different parts are in different lines. You need as many parts the number entered when the Key was split, which is written at the end of each PL**p tag. Having more parts than the minimum is OK, so long as they belong to the same set and are not corrupt. They don't need to be placed in any particular order.
2. Click the Key button, and then the Click the Split/Join button. If all goes well, the reconstructed Key appears in the key box, otherwise nothing happens. Likely problems include: insufficient number of parts, incomplete or corrupt parts, parts belonging to different sets.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=2VTWnN4lZHw
1. Check that the item is in the main box.
2. Click the More button in order to reveal the button dealing with email, which is above the text box.
3. Click the Email button. If so configured in the device, a window appears containing the item and some explanatory text. You only need to supply the recipient's email address and a subject line before clicking the Send button. If you do not want any explanatory text, check the No Tags checkbox in the main screen before clicking More.
4. This only works for sending messages, not for receiving them. If you receive a PassLok-locked message, you must copy it into the clipboard and then paste it into the main box of PassLok, so it can be unlocked.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=J7waoNX9UPA
1. Check that the item to be sent is in the main box.
2. Click the More button in order to reveal the button dealing with text messaging, which is labeled SMS.
3. Click the Select button so the text can be selected.
4. Then click the Copy label as it appears on screen. The item is copied to clipboard.
5. Now you can click the SMS button. A window appears with the default Texting app.
6. Touch the input box and then paste the clipboard. Send he message in the usual way.
7. To unlock a locked message received by texting, you must copy it to clipboard, and then paste it in the main box of PassLok.
If you use Short Mode to lock a message, steps 2 and 3 are automatic.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=J7waoNX9UPA
1. Check that the item to be converted into fake text is in the main box.
2. If you wish to make text that is not English, you will have to change the cover text using the process described in the next item.
3. Click the More button in order to reveal the buttons dealing with the stealth functions. The Words button replaces each character of the text with a word from the cover text; the recipient of the message thus encoded must have the same cover text. The Spaces button encodes the text into the spaces of the cover text; the recipient does not need to have the original cover text, but it takes seven times more words than the other mode.
4. Click either the Words button of the Spaces button. The contents of the main box are converted into text using the current cover texty and displayed in the main box, replacing the previous contents.
5. You can now email the fake text, which to an email scanner will be nearly indistinguishable from real text. You can change the punctuation and merge or split lines without changing the encoded material. If you used Spaces encoding, you should be careful not to add or delete any spaces within the encoded text, but it is OK to add more text to complete the sentences, which may contain additional spaces.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=WXYpdDlVem4
1. Check that the fake text is in the main box.
2. If the fake text was encoded with the Words method, you will have to load the cover text used to do the encoding using the process described in the next item.
3. Click the More button, then click either the Words button or the Spaces button. If successful, the fake text in the main box is converted back into the original item and displayed in the main box, replacing the fake text.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=WXYpdDlVem4
To display the current cover text (which is the default cover text after reloading PassLok), click the More button, and then the Cover button with the main box empty.
To change the cover text (this is necessary to make fake text in a language that is not English):
1. Copy a sufficiently long text (must have at least 70 different words) and paste it into the main box.
2. Click the More button, and then the Cover button.
3. If the change is successful, the main box goes blank. If the change is unsuccessful, a message above the window will say why. Typically, failure to change the dictionary is due to not having a sufficient number of different words. Use a longer text and try again.
4. The recipient of your messages turned into fake text must have the same cover text in order to retrieve a text encoded with the Words method. One way to ensure this when using a non-English language is to display the default cover text, copy it into a translation utility such as Google Translate, and then use the translation as the new cover text.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=WXYpdDlVem4
1. Paste the lock in the main box. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added.
2. Click the More button, and then click the ID button above the main box. The unique ID of that lock will be displayed in the main box, replacing the Lock. It is useful to verify the authenticity of a lock by means of a phone call, video message, etc., in which at least one of the parties reads the ID.
All of this is explained in this video tutorial: https://www.youtube.com/watch?v=FtNtflnM5zk
If you obtained a native version of PassLok from an app store (Apple, GooglePlay) the following does not apply, but rather you are trusting that the app store has not tampered with the code submitted by the author. If you want to make sure that a native copy of PassLok is tamper-free, you should download the authentic html version as described below, and then test it against the native PassLok by locking messages in one app and unlocking them in the other, both ways. You can also check that the same Key produces the same Lock in both versions, and that signatures made by either one can be verified by the other.
To check the integrity of an html version of PassLok:
1. Load PassLok from one of the authorized sources listed below, or from storage (local or cloud) if previously saved as html as described in step 4 below.
2. Direct your browser to "view source". Each browser does this differently, but most non-mobile browsers have this capability. Typically, you load the source on a separate tab by typing CTRL-u (Windows) or option-cmd-u (OSX). On the page displaying the source, select all (CTRL-a or cmd-a), then copy to clipboard (CTRL-c or cmd-c). Alternatively, you can get the source from PassLok's GitHub repository at: https://github.com/fruiz500/passlok
3. Back in the PassLok page, make sure the main box is clear, then paste the clipboard into it (CTRL-v or cmd-v). Click the ID button. The self-ID will be displayed in the main box, replacing the previous contents.
4. For better security, you can do a SHA256 of the source code using an external program or online utility. In this case you may need to paste the clipboard into a text or html editor so you can save it as a file (html or txt). DO NOT save the code using the "save" command from the browser menu, since this command tends to modify the source page before it saves it. A copy of PassLok saved this way will still run, but its SHA256 will be different. If your operating system is Windows, do not use the built-in Notepad program, since it cannot save text with the appropriate encoding (UTF-8, no BOM). Be sure there are no extra spaces at top and bottom, since this would affect the result. Then obtain the SHA256 of this file using the external utility.
5. Click the button below and look at the ID for this version of PassLok, shown below. If this ID and the one obtained in step 3 or 4 are the same, the program has not been tampered with.
All of this is explained in this video tutorial (for v1.4): https://www.youtube.com/watch?v=SYCed3jTtTU
PassLok provides excellent security, since it is a self-contained piece of code that does not rely on a server for its functionality. Therefore:
1. We'll never give your secret Key to anyone. We cannot do anything concerning your Key because we just don't have it.
2. We'll never give you or anyone else a conterfeit Lock made from any Key. We just don't run key servers. PassLok has functions to help you to authenticate Locks, but this is still your responsibility.
3. We'll never weaken the cryptography methods contained within PassLok at the request of a third party, private or public. This also means no backdoors will ever be added. We'd rather shut down than be forced to do this, which would betray the very essence of PassLok.
Since the html version of PassLok is a piece of human-readable writing, we consider it an expression of free speech, protected by the laws of many countries. Tampering with it in unauthorized ways will violate free speech and copyright protection laws.
On the other hand:
The biggest vulnerability of PassLok is how easy it is to view, and consequently modify the html code. As mentioned above, we will never weaken the underlying cryptography, but others might. Even though we are taking pains to ensure that PassLok is delivered to you in the most secure way compatible with our budget, you should still make sure that you have obtained the genuine code.
The method described in the next item, to verify the integrity of PassLok in html form, is less than perfect but it works in most situations. Once you are sure that your copy of PassLok is pristine, you can save it and run it as many times as you want from its storage location without having to connect to the page server again.
PassLok contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using PassLok.