Lock mode: Anon. Signed PFS

Short mode No tags Decoy mode




Show

This is your master Key, which you must memorize and never write down anywhere. As you type your Key, a text above it will tell you the strength of the Key based on simple rules. Make sure to use $ymbol$, numb3rs, caPiTals, unusual words and mispelingss. Initial capitals and numbers at start and end are not helpful and will be ignored for the strength score.

If your Key strength is worse than Medium, PassLok will be very slow.

To display the characters, check Show.

To display the matching Lock in the main screen, click the Make Lock button. If this box is empty when the button is pressed, a random Key and its matching Lock will be generated instead.

Enter Decoy Password


Enter Hidden Message

Enter Decoy Password

The Hidden message will appear in the main window

Enter the number of parts needed to retrieve the item (between 2 and 255)


To get information on every button as you press it, check this box: Learn Mode

For instructions on how to do things, click on each title below. Click again to hide.


I don't know how to start. Please help

PassLok is an app that locks messages, files, etc. so that only those possessing the appropriate Keys can unlock them and read them. It is very powerful, combining AES encryption with elliptic curves at the strongest levels defined by standards, and including several ways to hide the result from prying eyes. All processing occurs on your device with no server involved, so your privacy cannot be compromised by third parties. But great power means a lot of buttons.

Fortunately, only three buttons are essential to get started. They are highlighted in blue:

Keys opens a screen where you can enter the shared Key or Lock that is needed to lock or unlock the contents of the main box.

Lock/Unlock, as its name says, locks the plain message in the main box, or unlocks it if it was locked. The appropriate Key or Lock must have been entered previously by means of the Keys button.

master Key opens a dialog where you can enter your secret master Key, which is needed for most advanced functions in PassLok. It is also needed to unlock messages locked with your personal Lock, which is not secret. To display this Lock, click the Make Lock button.

With these three buttons, you can get started locking and unlocking messages with very high security. Here's a video that shows this: https://www.youtube.com/watch?v=3wrhfzU4DFc


Save PassLok on my device, so I don't have to download it again

PassLok is designed to save its code within the browser, so it only gets downloaded again if the code has changed. If PassLok has reached your device once from its source server, it works even if the device gets disconnected from the Internet. Still, you can make it behave even more like an app, this way:

1. If you are using a computer, you can direct the Browser to save the code to a local file via the "Save as..." command from the browser menu. Then you can place a link or shortcut to that file on your desktop. Even better than the "Save as..." command is to direct the browser to display the source (Ctrl-U or cmd-ctrl-U does it, on most devices and browsers), and then save the page that appears with the "Save as..." command. This is is because this command saves the code as interpreted by the browser, rather than the original code.

2. From an iOS device, it is as easy as loading PassLok on Safari, and then selecting "Add to Home Screen" from the box and arrow icon at the bottom of the screen.

3. On Android, the same is typically achieved by first making a bookmark of the PassLok page, then tap-holding on the PassLok bookmark and selecting "Add to Home Screen." On some versions you can also tap-hold on the desktop screen and select "Add to Home Screen" followed by "Shortcut", "Bookmark", and selecting PassLok from the list. Newer versions of Android have still more direct ways to do this.


Lock a message with a shared Key, to be unlocked with the same Key

1. It does not matter which of the radio buttons below the main box is selected, since they do not apply to this mode.

2. Write or paste the shared Key in the large box that is accessed with the Keys button. If the Key was previously stored, you can search for it by typing in the top box the name associated with the Key. When you type "Enter", the stored Key is decrypted for you to see. For a stored Key to function, your secret master Key must have been entered by clicking the Keys button, followed by master Key.

3. To lock a message so it can be read by several people, place their respective shared Keys in the box, one per line. If a Key was previously stored, you can write the name associated with that Key, instead.

4. Write or paste the message in the main box. Click the Lock/Unlock button. The locked message will appear in the main box, replacing the original text. Copy it and paste it into your communications program or click More, and then Mail to open your default email program. It is okay to strip the tags up to the "=" sign, but not recommended; PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone having the same shared Key.

All of this is explained in this video tutorial:https://www.youtube.com/watch?v=zFbsTwdHRYQ


Unlock a message locked with a shared Key (tags are PL**msk)

1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.

2. Write or paste the shared Key in the large box that is accessed with the Keys button. If the Key was previously stored, you can search for it by typing in the top box the name associated with the Key. When you type "Enter", the stored Key is decrypted for you to see. For a stored Key to function, your secret master Key must have been entered by clicking the Keys button, followed by master Key.

3. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags. Then click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.

All of this is explained in this video tutorial:https://www.youtube.com/watch?v=zFbsTwdHRYQ


Lock a message with a Lock, to be unlocked with the matching Key, without signing it (anonymous mode)

1. Make sure the Anonymous mode radio button, located right below the main box, is selected.

2. Fetch the recipient's Lock, and paste it into the large box that is accessed with the Keys button. He/she would have sent it accompanying an email, or within an SMS text message, or posted it publicly. You can tell it is a Lock because it comprises 87 random-looking characters, likely with PL**lok tags at either end (** is the version number). You need this Lock before you can do anything else. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added. If you have previously stored it in your device's Keys directory, you can retrieve it by clicking the Keys button and then beginning to type the name associated with the Lock in the top box.

3. To lock a message so it can be read by several people, place their respective Locks in the box, one per line. If a Lock was previously stored, you can write the name associated with that Lock, instead.

4. Write or paste your message in the main box. Click the Lock/Unlock button. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program or click More, followed by Mail to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone who has the Key matching the Lock used to lock it.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=0eYxeplsSx0


Unlock an anonymous locked message (tags are PL**msa)

1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.

2. Write your master Key into the box that is accessed by clicking Keys followed by master Key. It is masked by default, so if you want to display it, check the Show checkbox.

3. Paste the locked message into the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags. Then click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=0eYxeplsSx0


Lock a message with a Lock, to be unlocked with the matching Key, and sign it with your master Key (signed mode)

1. Make sure the Signed mode radio button, located right below the main box, is selected.

2. Write your master Key into the box that is accessed by clicking Keys followed by master Key. It is masked by default, so if you want to display it, check the Show checkbox.

3. Fetch the recipient's Lock, and paste it into the large box that is accessed with the Keys button. He/she would have sent it accompanying an email, or within an SMS text message, or posted it publicly. You can tell it is a Lock because it comprises 87 random-looking characters, likely with PL**lok tags at either end (** is the version number). You need this Lock before you can do anything else. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added. If you have previously stored it in your device's Keys directory, you can retrieve it by clicking the Keys button and then beginning to type the name associated with the Lock in the top box.

4. To lock a message so it can be read by several people, place their respective Locks in the box, one per line. If a Lock was previously stored, you can write the name associated with that Lock, instead.

5. Write or paste your message in the main box. Click the Lock/Unlock button. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program or click More, followed by Mail to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone having the Key matching the Lock used to lock it.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=F6Ov4MSk2XA


Unlock a message signed with the sender's Key (tags are PL**mss)

1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.

2. Write your secret master Key in the box that is accessed with the master Key button. It is masked by default, so if you want to display it, check the Show checkbox.

3. Paste the sender's Lock in the large box of the Keys screen. If the Lock has been previously stored, you can retrieve it by typing the name associated with it in the small box at the top.

3. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags. Then click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=F6Ov4MSk2XA


Lock a message so that nobody can read it after the exchange is over (PFS mode)

1. Make sure the PFS mode radio button, located right below the main box, is selected.

2. Write your master Key into the box that is accessed by clicking Keys followed by master Key. It is masked by default, so if you want to display it, check the Show checkbox.

3. This mode requires the recipient's Lock or shared Key to be previously stored in the device's permanent directory. Follow the instructions from the Keys Help button to do this. Once the item is stored, you can retrieve it by beginning to type its name in the top box of the Keys screen. If you are restarting a PFS conversation that was interrupted, you must first clear the old PFS data for that recipient by clicking the Reset button after the recipient's name is displayed.

4. To lock a message so it can be read by several people, place their respective Locks in the box, one per line. If a Lock was previously stored, you can write the name associated with that Lock, instead.

5. Write or paste your message in the main box. Click the Lock/Unlock button. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program or click More, followed by Mail to open your default email. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + or / This message can only be unlocked by someone having the Key matching the Lock used to lock it, or the appropriate shared Key, if this is what was used.

6. If Short mode is used, locking cannot be repeated without corrupting the PFS data stored in the device, which will make it impossible for the recipient to unlock the message (unless it is re-locked as a regular length message). Make sure your plain message is what you want before clicking Lock/Unlock. This restriction does not apply to regular length messages.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=oVJPJJuUCgQ


Unlock a message that was locked in PFS mode (tags are PL**msp)

1. It does not matter which of the radio buttons below the main box is selected, since the locking mode is determined automatically from the locked message itself.

2. Write your secret master Key in the box that is accessed with the master Key button. It is masked by default, so if you want to display it, check the Show checkbox.

3. This mode requires the recipient's Lock or shared Key to be previously stored in the device's permanent directory. Retrieve the item by typing the name associated with it in the small box at the top. The name must be displayed in full on the message above the box for PFS mode to work.

4. Paste the locked message in the main box. It is okay if it is broken up by spaces, carriage returns, and special characters other than = + or / or is missing its tags. Then click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.

5. If this was a Short mode message, it can only be unlocked once. Attempting to unlock it again will corrupt the PFS data stored in the device, which is needed to keep the conversation going. This restriction does not apply to regular length messages.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=oVJPJJuUCgQ


Make a short locked message suitable for SMS

1. Check the Short checkbox below the main box. Also make sure the appropriate locking mode is selected with the radio buttons. The radio buttons don't matter if the message is being locked with a shared Key.

2. Write or paste your message into the main box. Message length is limited to 58 ASCII characters when locking with a shared Key or in signed mode, 38 in anonymous mode, 37 in PFS mode. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. A message above the main box will tell you how much space is left, depending on the locking mode selected. Click the Lock/Unlock button.

3. The locked message will appear in the main box, replacing the original message. Copy it and paste it into your communications program. The locked message, which has no tags, will fit within one SMS message (160 characters).

4. On a mobile device, the locked message will be selected and ready to be copied into the clipboard. You need to copy it manually before clicking the SMS button, which will open your SMS app.

5. Short mode is not available for multiple recipients.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=Ly9ESisRKE8


Unlock a short locked message (no tags)

1. It does not matter which of the radio buttons below the main box is selected, or whether the Short checkbox is checked, since the locking mode is determined automatically from the locked message itself.

2. Paste the locked message into the main box. It is okay if it is broken up by spaces, carriage returns, and special characters. As with regular-length messages, either a shared Key must be entered in the Keys box, or the master Key in its own box, prior to unlocking. Then click the Lock/Unlock button.

3. The unlocked message will appear in the main box, replacing the locked message.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=Ly9ESisRKE8


Sign a text with your master Key

1. Write your secret master Key in the box that is accessed with the Keys button, followed by master Key. It is masked by default, so if you want to display it, check the Show checkbox.

2. Write or paste the text to be signed in the main box. Click the Sign/Verify button. A signature matching the text and your Key will be appended at the end of the text in the main box. Copy it and use it as appropriate. If you click More followed by Mail the text with its signature will be placed into an email using the default program. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the signature with spaces, and punctuation other than line returns or = + or /.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=YiiwcOmbI2U


Verify a signature attached to a text (signature tags are PL**sig)

1. Paste the Lock of the person who added the signature into the large box that is accessed with the Keys button. It is okay if the tags up to the "=" signs are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added. If you have previously stored it in your device's Keys directory, you can retrieve it by beginning to type the name associated with the Lock in the top box.

2. Write or paste the text with its signature appended on a separate line at the end, in the main box. It is okay if the signature is broken up by spaces and special characters other than = + or / or is missing its tags up to the "=", but it should not be broken by carriage returns. Then click the Sign/Verify button. A message above the main box will say whether or not the signature for that text has been verified.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=YiiwcOmbI2U


Lock a second, undetectable message in addition to the main message (Decoy mode)

1. Check the Decoy mode checkbox below the main box.

2. Follow the above instructions for any kind of locking, using a shared Key or the recipient's Lock, short or regular length, including PFS mode. This also works when adding a signature. If Decoy mode is checked, a popup will ask for a Decoy Password to lock the hidden message, and the hidden message itself.

3. Write or paste into the the corresponding boxes the Password and the hidden message. The length of the hidden message is limited to 152 ASCII characters in key-locked and signed modes, 87 characters in anonymous and PFS modes, 37 characters in Short message mode (key-locked or signed only), 40 characters in signatures. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. Then click OK.

4. After clicking OK, the locked message containing both the main text and the hidden text will appear in the main box, replacing the original text. If it is a signature, it will be appended to the text. Copy it and paste it into your communications program. As with regular locked messages, it is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or %

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=WaXQGYP0Sec


Reveal the hidden text contained within a message locked in Decoy mode

1. Check the Decoy mode checkbox below the main box.

2. Follow the instructions for any of the unlocking modes, using a personal or shared Key, or for verifying a signature. If Decoy mode is checked, a popup will ask for a Decoy Password.

3. Write or paste into the popup box the special Password for the hidden message and click OK. The hidden message, if it exists, will appear above the main box. In the case of signatures, the hidden message appears in the place normally used by the verification message, so if you still wish to verify the signature, you need to uncheck Decoy Mode and click Sign/Verify again so the verification message is displayed.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=WaXQGYP0Sec


I have an item that was locked/signed with an old version of PassLok, and the current version cannot handle it

We do not recommend using old versions for new work. Newer versions have enhanced security and are more user-friendly. But sometimes you may need to handle an old message that is incompatible with the current version. The button below opens a page containing links to old versions of PassLok, as well as authentication IDs for each one (no videos, though).


Privacy Statement

PassLok provides excellent security, since it is a self-contained piece of code that does not rely on servers for its functionality. Therefore:

1. We'll never give your master Key to anyone. We cannot do anything concerning your master Key because we just don't have it. PassLok is designed so your master Key never leaves the device.

2. We'll never give you or anyone else a conterfeit Lock made from any Key. We just don't run key servers. PassLok has functions to help you to authenticate Locks, but this is still your responsibility.

3. We'll never weaken the cryptography methods contained within PassLok at the request of a third party, private or public. This also means no backdoors will ever be added. We'd rather shut down the project than be forced to do this, which would betray the very essence of PassLok. If we learn that counterfeit copies are circulating (whether placed by hackers or government agencies), we'll make the fact known to users.

Since the html version of PassLok is a piece of human-readable writing, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of it violates free speech and copyright protection laws.

On the other hand:

The biggest vulnerability of PassLok is how easy it is to view, and consequently modify the html code. As mentioned above, we will never weaken the underlying cryptography, but others might. Even though we are taking pains to ensure that PassLok is delivered to you in the most secure way compatible with our budget, you should still make sure that you have obtained the genuine code.

The method described in the other help screen, to verify the integrity of PassLok in html form, is less than perfect but it works in most situations. Once you are sure that your copy of PassLok is pristine, you can save it and run it as many times as you want from its storage location without having to connect to the page server again.

PassLok contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using PassLok.


PASSLOK v1.6.02 © F. Ruiz 2013
This document may be used, modified or redistributed under GNU GPL license, version 3.0 or higher.


Make a strong master Key

1. Click the master Key button, then start typing in the box. As you type, a text above the box will tell you how strong the Key is, based on simple rules. If you want to see what you are typing and don't mind people peering over your shoulder, check the Show checkbox.

2. The Key will be stronger if it contains caPiTals in unusual places, numb3rs, and $ymbol$. If you use common words, mispelll them to make harder a "dictionary attack." Avoid things that refer to yourself and your family, such as birthdays or nicknames, or anything else that might be easy to guess, like: asdfg, qwerty, password, PassLok, and the like. It is a good practice to append your email address at the end of the Key, to combat the "rainbow table" attack. Alternatively, you can use anything that is not a standard dictionary word instead of your email.

3. Bear in mind, however, that you should be able to remember your master Key without having to write it down. PassLok will never ask you to change your Key, so this is your chance to make a truly strong master Key that you will use for a long time.

4. PassLok compensates for bad Keys by taking longer to do its computations. If PassLok is slow, this is likely because your Key strength is less than Medium.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=xPRiuBd9Co0


Display the Lock that matches your master Key

1. Write your secret master Key in the box that is accessed with the Keys button, followed by master Key. It is masked by default, so if you want to display it, check the Show checkbox.

2. Click the Make Lock button. The lock matching that Key will appear in the main box, ready to be emailed or sent by SMS. It is okay to strip the tags up to the "=" sign, or insert spaces, carriage returns, or special characters other than = + or / but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. The lock can be made available to anyone who wishes to secure messages to be read with the matching Key.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=xPRiuBd9Co0


Add an item (shared Key, Lock, etc.) to PassLok's permanent storage

1. You must have entered your master Key for any items to be stored. The process for entering this Key is described above.

2. Write a name for the item in the little box on top. If the name is already taken, something will appear in the large box below it; if you use that name, the stored item will be replaced rather than added.

3. Write or paste the item in the large box. It can be anything: somebody's Lock, a shared Key, a cover text, a list (don't write your secret master Key here; its proper place is the dialog that opens with the master Key button). Then click the Save button.

4. A message confirms that the item has been added, and the item itself appears in the box, encrypted with your master Key.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=FDNRK4CdW2o


Retrieve an item from permanent storage

1. You must have entered your master Key for any stored items to be retrieved. The process for entering this Key is described above.

2. Start writing the name of the item in the small box. As you type, the line above the box displays existing items matching what you have typed so far, and the encrypted item appears in the large box. You can stop typing once you see the item you're looking for. Search is case-insensitive, so if the item does not appear, that probably means that the name is wrong.

3. PassLok can use the item in encrypted form, but if you want to see the original, you can type "Enter" after the correct name is displayed, and the item will be decrypted. The item is also decrypted when you click the Back button. If the item was a cover text, it loads automatically as new cover text.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=FDNRK4CdW2o


Delete a stored item

1. Start writing the name of the item in the small box. As you type, the line above the box displays existing items matching what you have typed so far, and the encrypted item appears in the large box. You can stop typing once you see the item you're looking for. Search is case-insensitive, so if the item does not appear, that probably means that the name is wrong.

2. Click the Delete button. A message confirms that the item has been deleted from permanent storage

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=_rR_ZQZ932c


Reset the hidden information pertaining to an item (PFS, etc.)

1. Start writing the name of the item in the small box. As you type, the line above the box displays existing items matching what you have typed so far, and the encrypted item appears in the large box. You can stop typing once you see the item you're looking for. Search is case-insensitive, so if the item does not appear, that probably means that the name is wrong.

2. Click the Reset button. A message confirms that the PFS data for the item has been deleted. You must reset the data pertaining to the other party whenever a PFS conversation has gone out of sync so the PFS process can be restarted.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=_rR_ZQZ932c


Display the entire stored database

1. Click the All button below the big box. The complete stored database, including PFS and hidden data, is displayed in the box so you can find items and copy them easily.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=V_DwcEyaeIQ


Move the entire stored database

1. Click the Move button below the big box. The entire database is first locked with the master Key and placed in the main box. Then a prompt asks you to confirm deleting it from the device. If you click OK, the entire stored database is deleted. There is no going back. If you click Cancel, the locked backup remains in the main box. This is useful whenever you stop using a device or just want to transfer it to another device, or if the database becomes corrupted.

2. To retrieve a backed-up database (has PL**db tags), place it in the main box and click Lock/Unlock. If the master Key has been entered, the database will be unlocked and placed in the Keys screen. Then you can add it to the device's current database by clicking Merge.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=V_DwcEyaeIQ


Merge additional data into the stored database

1. Paste the additional data into the big box. The format is the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has hidden data and PFS data, those follow the item data, occupying consecutive lines.

2. Click the Merge button. The new data is merged into the stored database. Items are added in encrypted form but are notchecked as they are added, so it is possible that different items may need different Keys to be decrypted.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=V_DwcEyaeIQ


Make a List of items

1. You can always make a List of Locks and shared Keys, in order to lock a message for multiple recipients, by writing the Locks or shared Keys in separate lines of the Keys box. PassLok will remember it during the session if you click the List button. Adding one or several items is as easy as putting them in the box and clicking List again. If you click List with the box empty, the current List will be displayed.The current List is deleted by pressing the Reset button while the List is displayed.

1. If you want to store a List permanently, you must write a name for it in the small box, then write the items or re-display them by clicking the List button, and then click Save. You must have entered your master Key before the List can be saved. The process for entering this Key is described above.

2.You can also make a List of items already stored in the database, which can be itself stored. In this case, write the name of the item rather than the item itself. if you don't recall the exact name of an item, start typing it in the little box, and click List when the correct item appears; the item name will be added to the current List.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=sO-g9x2RAV8


Make a random Key and its Lock

Sometimes you want to make a high-security random Key, which will be split into several parts for safekeeping, as described in another help screen, or stored in encrypted form, rather than memorized (because you are never going to write it down unencrypted, right?). PassLok provides two ways to make this 86-character random Key:

a. Click Keys, and then master Key, and then, with the key box empty, click Make Lock. The box fills with the random Key, which you can then reveal for copying by checking the Show checkbox, and places its matching Lock in the main box.

b. Click Keys, and write a name in the small name box. If the name is not in the database, the large box will end up empty; if it is, there will be something there, which you will have to clear manually. Then, with the large box empty, click Save. An 86-character random Key is made, which is immediately encrypted with the master Key, if that has been previously entered. From then on this random Key, suitable as a shared Key, can be recalled and used by typing its name into the small box.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=9gRE1xPr_nE


Combine a Key and a Lock

This operation, which goes by the technical name of "Diffie-Hellman key exchange" is at the core of many PassLok functions. Should you ever want to compute the result manually, here is how to do it:

1. Write or paste the Key or the Lock in the main box.

2. Click Keys, and then write or paste the other item in the large box. If the item is in PassLok's permanent storage, you can bring it out by starting to type its name in the small box.

3. Click the Merge button below the large box. The Key and the Lock will merge and the 86-character result is placed in both boxes. If both items or neither of them is a valid Lock, the merging process fails and a message is displayed to inform the user.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=L0UC61Z2KAA


Make a video to authenticate your Lock

It is highly recommended that you make a video whenever you change your master Key, so that others can verify that the matching Lock really belongs you. PassLok does not have video functions, but here are a few short instructions on how to do this using a popular online video resource:

1. When you make your Lock, click the More button on PassLok so the Lock’s ID is displayed above the window. Copy this ID.

2. Go to a device with a camera and make a video of yourself reading this ID. For better security, have some music playing in the background as you read the ID. For good measure, you may want to show to the camera a piece of paper where you've written the ID.  The video should be about one minute long. Then post the video on a public online service.

3. When you post your Lock so that people can use it to lock messages for you, post also the address of the video on the line immediately below the Lock, to facilitate the verifying process in step 4.

4. People wishing to authenticate your Lock can generate the ID as in step 1 (which usually won't be affected by having the video address on the line below), and then they can click the Show button, which will open the accompanying video if the address is written below the Lock itself. Then they will be able to compare it with the ID they see you reading in the video. If they know your face and your voice, they will be assured that the Lock is authentic.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=bODBEB6Oo2I


Authenticate a Lock without using videos

The easy way: get the ID of the Lock by placing it in the main box and clicking More. The ID will be displayed at the top. Then you can call the Lock's owner and ask him/her to read the same ID over the phone. But let's say you cannot establish a live conversation. If you are communicating exclusively by email, you can send a person whom you know and who knows you the following message, or something like it:


Dear So-and-So:
I just obtained your PassLok Lock from (cite source), but I still wonder if it is authentic since I am unable to view the authenticating video. Therefore, I ask you to help me authenticate it through the interlock protocol. Here's what I want you to do:

  1. Write me a message asking me to take a picture or video of myself doing something of your choice. Lock it with my Lock, which is at the bottom of this message, but don't send it back to me just yet. Instead, save it and display the locked message's ID, and send me that.
  2. When I receive your ID, I will also write a message asking you to do something in a picture or short video, which I'll lock with your Lock. But I'll send you the ID first. When you get it, go ahead and send me the locked message containing your instructions.
  3. When I get that, I'll check that the ID matches and then I'll follow your instructions. I'll send you the picture or video right away, unlocked, along with my locked request. Expect to receive it within half an hour of your message.
  4. When you get it, please make sure it matches the ID I sent you earlier, and that what I sent conforms to your instructions. If everything is okay, go ahead and follow my instructions and send me the result as soon as possible, unlocked as well, within half an hour if you can. Then I'll know that your Lock is authentic.

Many thanks. Sicerely, This-and-That


Alternatively, you can ask the other person to split the locked message in two, and send you first one half, then the other half (PassLok has a built-in function to split messages securely, explained in another help screen). The pictures or videos (or recordings) don't need to be locked. Only the instructions for making them need to be locked and transmitted with a two-step process. There is an article in PassLok.com on what makes this protocol work for authenticating Locks.



Send a PassLok item (Lock, message, etc.) by email

1. Check that the item is in the main box.

2. Click the More button in order to reveal the button dealing with email, which is above the text box.

3. Click the Mail button. If so configured in the device, a window appears containing the item and some explanatory text. You only need to supply the recipient's email address and a subject line before clicking the Send button. If you do not want any explanatory text, check the No tags checkbox in the main screen before clicking More.

4. This only works for sending messages, not for receiving them. If you receive a PassLok-locked message, you must copy it into the clipboard and then paste it into the main box of PassLok, so it can be unlocked. Be also aware that webmail services, such as Gmail, limit the length of messages that can be composed this way. If you get an error from the mail host, you can always copy the box and paste it into a normal mail compose screen.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=2zxCkA4rDN8


Send a PassLok item by Text messaging (mobile only)

1. Check that the item to be sent is in the main box.

2. Click the More button in order to reveal the button dealing with text messaging, which is labeled SMS.

3. Click the Select button so the text can be selected.

4. Then click the Copy label as it appears on screen. The item is copied to clipboard.

5. Now you can click the SMS button. A window appears with the default texting app.

6. Touch the input box and then paste the clipboard. Send the message in the usual way.

7. To unlock a locked message received by texting, you must copy it to clipboard, and then paste it in the main box of PassLok.

If you use Short Mode to lock a message, steps 2 and 3 are automatic.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=2zxCkA4rDN8


Split an item into several random-looking parts

1. Make sure the main box is empty, and then click the More button.

2. The item should remain in the box as the buttons around it change. Then click the Split/Join button.

3. A popup asks for the number of parts required to retrieve the original. Write the number, which must be between 2 and 255, and click OK. The parts appear in the main box and a message confirms it. If you need more parts (the number required won't change), click Split/Join again for each additional part. Copy the parts one by one and send/store them as needed. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the parts with spaces and punctuation other than = + / or line returns.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=3-6CNa6iNKc


Join parts to retrieve the original item (tags are PL**p***)

1. Paste a sufficient number of parts on separate lines of the main box. Make sure that each part is unique. You need as many parts as the number entered when the Key was split, which is written at the end of each PL**p tag. Having more parts than the minimum is OK, so long as they belong to the same set and are not corrupt. They don't need to be placed in any particular order.

2. Click the More button, and then the Split/Join button. If all goes well, the reconstructed item appears in the box, otherwise nothing happens. Likely problems include: insufficient number of parts, incomplete or corrupt parts, parts belonging to different sets.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=3-6CNa6iNKc


Convert a PassLok item (Lock, message, etc.) into fake text

1. Check that the item to be converted into fake text is in the main box. Then click the More button.

2. If you wish to make fake text that is not English, you will have to change the cover text using the process described in the next item.

3. The Words button replaces each character of the text with a word from the cover text; the recipient of the message thus encoded must have the same cover text. The Spaces button encodes the text into the spaces of the cover text; the recipient does not need to have the original cover text, but it takes seven times more words than the other mode. When you click either button, the contents of the box are converted into fake text using the current cover, replacing the previous contents.

4. You can now email the fake text, which to an email scanner will be nearly indistinguishable from real text. You can change the punctuation and merge or split lines without changing the encoded material. If you used Spaces encoding, you should be careful not to add or delete any spaces within the encoded text, but it is OK to add more text to complete the last sentence, which may contain additional spaces.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=KwAETd2pgy4


Retrieve the original PassLok item from fake text

1. Check that the fake text is in the main box. Then click the More button.

2. If the fake text was encoded with the Words method, you will first have to load the cover text used to do the encoding, using the process described in the next item.

3. Now click either the Words button or the Spaces button, it doesn't matter which. If successful, the fake text in the box is converted back into the original item and displayed in the box, replacing the fake text.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=KwAETd2pgy4


Display or change the cover text used for fake text

To display the current cover text (which is the default cover text after reloading PassLok), click the More button, and then the Cover button with the box empty.

To change the cover text (this is necessary to make fake text in a language that is not English):

1. Copy a sufficiently long text (must have at least 70 different words) and paste it into the box.

2. Click the More button, and then the Cover button.

3. If the change is successful, the box goes blank. If the change is unsuccessful, a message above the box will say why. Typically, failure to change the cover text is due to not having a sufficient number of different words. Use a longer text and try again.

4. The recipient of your messages turned into fake text must have the same cover text in order to retrieve a text encoded with the Words method. One way to ensure this when using a non-English language is to display the default cover text, copy it into a translation utility such as Google Translate, and then use the translation as the new cover text.

5. Since the cover text is a (weak) sort of password for a Words-encoded item, it may be good to put special cover texts in permanent storage. To do this, go to the Keys screen , write a new name in the small box, then paste the cover text in the large box, and click Save. The cover text can be retrieved like any other stored item, and it will be automatically loaded if displayed on the Keys screen.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=sv8epS3qBH8


Load a file (image, on mobile devices) to be locked, signed, or split

1. Click the More button, and then the button at the bottom of the screen. Different browsers put different labels on it, such as "Browse", "Choose File", and so forth.

2. A dialog will appear so you can navigate to the file. Mobile devices, unless they are jailbroken or rooted, restrict the selection to images stored on the device or acquired with the built-in camera. Be aware that pictures taken by the camera are usually too large for PassLok to handle. If all goes well, the file or image loads into the box as a (long) piece of gibberish text, with some identifying information at the top.

3. Now you can lock it, sign it, or split it like a regular piece of text. The process to retrieve the original file is explained in the item below.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=v6jnKzzlwS0


Retrieve a file (image, on mobile devices) from encoded text

1. Make sure the encoded file, which presumably has been obtained by unlocking or merging parts, is in the main box. Click the More button.

2. Click the Show button at the bottom of the screen. What happens next depends on the browser. Chrome and Firefox will save the file, using the original name if not already taken by another file, into the default location for downloads. Safari does the same, but gives it a generic name that you will have to edit later. Internet Explorer doesn't do anything. Mobile browsers normally open another tab displaying the file contents (if the file type is recognized), from where one can send it to another app.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=v6jnKzzlwS0


Display the QR code of an item

1. If the item is in the main box, click the More button, and then the Images button.

2. The QR code representing the item appears. You can now scan it with a smartphone without using any kind of wireless connection. A typical use would be giving your Lock to somebody next to you. The Lock is made by going to your master Key by clicking Keys and master Key, and then clicking Make Lock.

3. After displaying an image other than a QR code on this screen, you need to reload the PassLok page if you want to display QR codes again.

4. QR codes can contain more than one thousand characters, but smartphones have trouble reading them when they contain more than 500.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=lRIYi6IDNzY


Hide a PassLok item inside an image

1. Make sure the item to be hidden is in the main box, and it remains there after clicking the More button . Then click the Images button below the box.

2. A new screen appears, possibly displaying the QR code of the previous text. Now we need to load the image where the text is to be hidden. To do so, click the "Choose File" or "Browse" button (browsers vary on the name). A dialog will appear, where you can choose the imag. Bear in mind that images taken with a mobile camera are usually too large for PassLok to be able to use them for hiding items, because of the processing required.

3. When you see the image, click the Hide button. Processing will start, and a message will say when it is completed. At this point, you can right-click (or tap-hold, on mobile devices) and another dialog will offer to save the image. This image now contains the item from the main box, even though it looks the same as before.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=lRIYi6IDNzY


Retrieve the PassLok item hidden inside an image

1. Navigate to the image hiding screen by clicking More, and then Images.

2. Click Choose File or Browse (browsers vary on this) and select the image containing the hidden item.

3. When the image displays on the screen, click the Reveal button. Processing begins, and a message appears when it concludes, saying that the hidden item has been retrieved. If you click Back at this point, you will see the item in the big box. If the image contained nothing, a message will tell you.

4. Current mobile browsers destroy hidden information as they load images. Therefore, the Reveal button is disabled on mobile browsers. They can Hide items in images perfectly well, however.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=lRIYi6IDNzY


Verify PassLok's integrity

If you obtained a native version of PassLok from an app store (Apple, GooglePlay) the following does not apply, but rather you are trusting that the app store has not tampered with the code submitted by the author. If you want to make sure that a native copy of PassLok is tamper-free, you should download the authentic html version as described below, and then test it against the native PassLok by locking messages in one app and unlocking them in the other, both ways. You can also check that the same Key produces the same Lock in both versions, and that signatures made by either one can be verified by the other.

To check the integrity of an html version of PassLok:

1. Load PassLok from one of the authorized sources listed by the button below, or from storage (local or cloud) if previously saved as html as described in step 4.

2. Direct your browser to "view source". Each browser does this differently, but most non-mobile browsers have this capability. Typically, you load the source on a separate tab by typing CTRL-u (Windows) or option-cmd-u (OSX). On the page displaying the source, select all (CTRL-a or cmd-a), then copy to clipboard (CTRL-c or cmd-c). Alternatively, you can get the source from PassLok's GitHub repository at: https://github.com/fruiz500/passlok

3. Back in the PassLok page, make sure the main box is clear, then paste the clipboard into it (CTRL-v or cmd-v). Click the More button. The self-ID (a 64-character string with dashes every four characters) will be displayed above the box. you can select it and copy it if you want.

4. For better security, you can do a SHA256 of the source code using an external program or online utility. In this case you may need to paste the clipboard into a text or html editor so you can save it as a file (html or txt). DO NOT save the code using the "save" command from the browser menu, since this command modifies the source code before saving it. A copy of PassLok saved this way will still run, but its SHA256 will be different. If your operating system is Windows, do not use the built-in Notepad program, since it cannot save text with the appropriate encoding (UTF-8, no BOM). Be sure there are no extra spaces at top and bottom, since this would affect the result. Then obtain the SHA256 of this file using the external utility.

5. Click the button below and look up the ID for this version of PassLok. If this ID and the one obtained in step 3 or 4 are the same, the program has not been tampered with.

All of this is explained in this video tutorial: https://www.youtube.com/watch?v=1QSRvme3pVQ