Welcome to PassLok Privacy. Use the top box to select stored Locks. Hold Ctrl or cmd to select several.
For instructions on how to do things, click on each title below. Click again to hide.
To get instructions as you click buttons in PassLok, check Learn in the Options tab.
Before you do anything else, you may want to watch this six-minute video, which explains the essential concepts in a lighthearted way: https://www.youtube.com/watch?v=GqIm7fu_rMs
This approach has a number of advantages over other privacy apps that you may be familiar with:
PassLok is still in experimental phase, and there has not been enough time for security experts to uncover possible flaws. Bear this in mind before entrusting critical secrets to it.
You should be able to remember your secret Key without having to write it down. PassLok does not store the Key anywhere. In fact, it deletes it from memory after five minutes of not being used (this can be changed).
Your Key will be stronger if it contains caPiTals in unusual places, numb3rs, and $ymbol$. If you use common words, miespell them to make harder a "dictionary attack." Break the words up with num334bers and sy#$%mbols. Avoid anything that might be easy to guess. PassLok knows frequently used words, but hackers' dictionaries are bigger. Do not use grammatically correct sentences, even if PassLok gives a big score.
PassLok compensates for weak Keys by adding spurious computations. If PassLok is slow, this may be because your Key strength is less than Medium.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=JbNM_cf8My0
If you are reading this, likely you have gained limited access to PassLok by clicking Cancel at the Key entry screen. The good news is that you can still lock messages if you know the recipient's Lock or shared Key, verify signatures, and use the Locks stored in the local directory as well as all the auxiliary functions of PassLok. You can even make signatures and display the matching Lock if you enter a Key when PassLok asks for it.
The bad news is that you cannot change anything stored in the local directory, and your use of it is limited to Locks. You cannot do anything that would involve your old Key, such as unlocking messages locked with your old Lock, or continuing a PFS conversation in course.
Well, we've got even worse news for you: we cannot help you to recover your old Key, because PassLok never stored it or sent it out. There are no hints, either. If you forgot your Key, it's gone, along with all encrypted items in the local directory. This includes the random token, if you used one.
Click here for More:
Hopefully the limited access mode will let you get by until you remember your old Key. But if you want to get full access to PassLok with a new Key, here are the steps:
1. Go to the Options tab.
2. Click the Backup/Reset Options box. When a popup asks for confirmation to delete your settings, click OK.
3. Reload PassLok.
4. The initial wizard will appear, and this time PassLok will accept whatever new Key and email or suchlike you want to give it. Now you're back in business and can use PassLok with the new Key to sign, unlock, store items in the local directory, etc.
At this point, the only directory entry that will work fully is 'myself'. You can reset or delete the entries that don't work one by one, by typing each name in the Directory tab and clicking Reset (leave essential data intact) or Delete (take out everything) when the name is recognized, or all at once by following the process described in a help item below, about "moving the entire local directory."
There is only one "secret Key" that unlocks all the capabililties of PassLok, but if you are willing to accept a limited access to its functions, you can use a different Key for a given session, or whenever PassLok asks you for the Key. This way:
1. Enter the new Key in the box (optional).
2. Click the Cancel button.
3. If asked for your email etc., enter it and click OK. (the Random button will write a new random value, different from the original random token, if any, so beware)
You can do pretty much everything, except things that would have involved the permanent secret Key. You cannot modify anything in the local directory. When you reload PassLok, a warning will tell you that last session was run with limited access.
1. Click the Change Key button on the Options tab. A new dialog will pop up asking you to enter the new Key twice.
2. Write the new Key in the two boxes in this dialog, and then click OK. A message will announce that the Key has changed.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=LubzBF4Xaa8
Click here for More:
The items in the local directory are encrypted with your Key; this operation re-encrypts them with the new Key. Your Key is not stored anywhere, not even encrypted, but PassLok is still able to check whether the Key entered is the one in use.
First, you must be aware that retaining the Key anywhere could lead to compromising it. This is why PassLok's default behavior is to forget the Key if it doesn't get used for five minutes. Still, you can make PassLok remember the Key for the current session by just checking the Remember checkbox when you enter your Key.
If you asked PassLok to remember your Key, make sure to close the app completely when you're done. On a mobile device, this may involve removing the app in the switcher screen.
There is no way to make PassLok remember your Key after it reloads.
When you first opened PassLok, you were asked to also enter your email or similar public, easy to recall personal information. But if instead of entering your email you click the Random button next to the input box, an 86-character random token is used. This makes your Lock impossible to crack even if your Key is weak, but it becomes tied to the device where it was created.
To back up your random token to a safe place in case of accidental deletion or to be able to use a different device:
1. Click the Backup/Reset options button on the Options tab. A backup item bracketed by "PL**bak" tags appears on the main box, from where you can save it to file, copy it, email it, etc.
2. Then a dialog asks you if you want to reset your settings. If you click OK, PassLok will restart as if it had never started before, except that the local directory remains intact.
To restore the random token from a backup item, just paste the packup into the main box and click Lock/Unlock.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=4DjhIjU_nuM
Click here for More:
The reason for the email or other additional data is to combat the "rainbow table" attack, where hackers pre-compute Locks made from the words in a dictionary. This data is encrypted and stored along with other settings, so you won't need to enter it again. The Lock depends both on the Key and the email or random token; this adds extra security, but it also means that if the random token gets erased you will not be able to unlock anything that was locked with your Lock. The backup item contains your settings, including the random token, double-encrypted by your secret Key. One reason to delete your settings while leaving the local directory intact is to be able to change the random token to a new value.
Click the myLock button on the Main tab. The lock matching that Key will appear in the lower box, from where you can copy it or email it.
If then you go to the Directory tab and click the button labeled General Directory, PassLok's General Directory website will open, with its lower box filled with the Lock you just made. To post your Lock so others can find it, just write your email in the upper box and click the Post button.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=L00yybDzN6k
Click here for More:
By default, PassLok displays the Lock in ezLok format, consisting only of smallcase letters (except the L) and numbers, so it is easier to authenticate by reading aloud a portion of it. To display it in base64 format, which is the format of all other PassLok items, go to the Options tab and uncheck ezLok. The General Directory can take ezLok Locks as well as base64 Locks.
Like most other PassLok-generated items, Locks will correct themselves from errors if their tags are intact, but you can make PassLok omit the tags by first checking no Tags in the Options tab. If you are going to send your Lock by a very noisy channel, you may want to send three copies so PassLok can select the best automatically. You will get triple copies of any item by first checking Triple in the Options tab.
If you need to make a Lock for a different Key (for instance, in order to receive Decoy mode hidden messages), it is best if you start PassLok with limited access, by clicking Cancel when you first enter the Key, which will make PassLok accept a different Key. Then click myLock and supply your email, if requested.
1. If the recipients' Locks have been previously stored in the local directory, simply select their names in the top box of the Main tab.
2. Write or paste your message in the lower box of the Main tab.
3. Click the Lock/Unlock button. The locked message will appear in the box, replacing the original message.
Copy it and paste it into your communications program or click Email to open your default email.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=nBA5JNY4gmQ
Click here for More:
This message can only be unlocked by someone having the Key matching one of the Locks selected. Alternatively, you can retrieve a stored Lock by beginning to type the name associated with it in the top box of the Directory tab, until the encrypted Lock appears in the lower box. You can also write the names, one per line, in the lower box. It is okay if the tags up to the "=" signs on the Lock are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added (such as a video URL). If a Lock loses its tags as you enter it, this means that PassLok has recognized it and is cleaning it up for use. In Android, Locks are truly selected only after the top box is deselected.
1. Paste the locked message in the lower box of the Main tab.
2. Click the Lock/Unlock button. The unlocked message will appear in the box, replacing the locked message.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=nBA5JNY4gmQ
Click here for More:
It is okay if the message is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags.
1. Check that the item is displayed on the Main tab.
2. Click the Email button. If the device is so configured, a window appears containing the item and some explanatory text. You only need to supply the recipient's email address and a subject line before clicking the Send button.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=LsljKvjAi9I
Click here for More:
If you do not want any explanatory text accompanying the email, check the No tags checkbox in the Options tab before clicking Email. This procedure only works for sending emails, not for receiving them. If you receive a PassLok-locked message, you must copy it to the clipboard and then paste it into the Main tab of PassLok, so it can be unlocked. Be also aware that webmail services, such as Gmail, limit the length of messages that can be composed this way. If you get an error from the mail host, you can always copy the contents of the box and paste it into a normal mail compose screen.
1. On the Options tab, make sure the Signed button is selected.
2. If the recipients' Locks have been previously stored in the local directory, simply select their names in the top box of the Main tab.
3. Write or paste your message in the lower box of the Main tab.
4. Click the Lock/Unlock button. The locked message will appear in the box, replacing the original message.
Copy it and paste it into your communications program or click Email to open your default email.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=R9UanENF3ro
Click here for More:
This message can only be unlocked by someone having the Key matching one of the Locks selected, and your Lock. Alternatively, you can retrieve a stored Lock by beginning to type the name associated with it in the top box of the Directory tab, until the encrypted Lock appears in the lower box. You can also write the names, one per line, in the lower box. It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % This message can only be unlocked by someone having the Key matching the Lock used to lock it. Additionally, they must have your Lock in order to verify that it comes from you.
1. If the sender's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab.
2. Paste the locked message in the lower box of the Main tab.
3. Click the Lock/Unlock button. The unlocked message will replace the locked message.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=R9UanENF3ro
Click here for More:
Alternatively, you can retrieve the sender's stored Lock by typing the name associated with it in the top box of the Directory tab until the encrypted Lock appears on the lower box. It is okay if the message is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags.
1. On the Options tab, make sure the PFS mode button is selected.
2. Select the recipients' Locks in the top box of the Main tab. This mode requires the recipients' Locks to be previously stored in the local directory.
3. Write or paste your message in the lower box of the Main tab.
4. Click the Lock/Unlock button. The locked message will appear in the box, replacing the original message.
Copy it and paste it into your communications program or click Email to open your default email.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=VutWfWZW5bY
Click here for More:
This message can only be unlocked by someone having the Key matching one of the Locks selected, and your Lock. If you are restarting a PFS conversation that was interrupted, you must first clear the old PFS data for that recipient by clicking the Reset button in the Directory tab after the recipient's name is displayed above the upper box. If Short mode is used, locking cannot be repeated without corrupting the PFS data stored in the device, which will make it impossible for the recipient to unlock the message (unless it is re-locked as a regular length message). Make sure your plain message is what you want before clicking Lock/Unlock. This restriction does not apply to regular length messages, but you will get a warning alerting you if you are skipping a turn. It is okay to strip the Lock tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or %
1. Select the sender's Lock on the top box of the Main tab. This mode requires the sender's Lock to be previously stored in the device's local directory.
2. Paste the locked message in the lower box of the Main tab.
3. Click the Lock/Unlock button. The unlocked message will replace the locked message.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=VutWfWZW5bY
Click here for More:
If this was a Short mode message, it can be unlocked only once. Attempting to unlock it again will corrupt the PFS data stored in the device, which is needed to keep the conversation going. This restriction does not apply to regular length messages, but you will get a warning alerting you that a turn was skipped. It is okay if the message is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags.
1. If the Keys shared with each of the recipients have been previously stored in the local directory, simply select their names in the top box of the Main tab.
2. Write or paste the message in the lower box of the Main tab.
3. Click the Lock/Unlock button. The locked message will appear in the box, replacing the original text.
Copy it and paste it into your communications program or click Email to open your default email program.
This and more is explained in this video tutorial:https://www.youtube.com/watch?v=sRdpWe4zya8
Click here for More:
This message can only be unlocked by someone having the same shared Key. It does not matter which of the radio buttons in the Options tab is selected, since they do not apply to this mode. Alternatively, you can search for a stored shared Key by typing the name associated with it in the top box of the Directory tab. When you type "Enter", the stored Key is decrypted for you to see.It is okay to strip the tags up to the "=" sign, but not recommended; PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or % The tags will depend on the type of locking selected for using Locks. There is no special tag to indicate that a shared Key was used instead of a Lock.
1. If the Key shared with the sender has been previously stored in the local directory, simply select its name in the top box of the Main tab.
2. Paste the locked message in the lower box of the Main tab.
3. Click the Lock/Unlock button. The unlocked message will appear in the main box, replacing the locked message.
This and more is explained in this video tutorial:https://www.youtube.com/watch?v=sRdpWe4zya8
Click here for More:
It is okay if the message is broken up by spaces, carriage returns, and special characters other than = + / or % or is missing its tags.
1. On the Options tab, check the Short checkbox. Also make sure the appropriate locking mode is selected with the radio buttons.
2. If the recipient's Lock of shared Key has been previously stored in the local directory, simply select its name in the top box of the Main tab.
3. Write or paste your message into the lower box of the Main tab.
4. Click the Lock/Unlock button. The locked message will appear in the box, replacing the original message.
Copy it and paste it into your communications program.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=pD-uvyxKBgQ
Click here for More:
The locked message, which has no tags, will fit within one SMS message (160 characters). The radio buttons don't matter if the message is being locked with a shared Key. A message above the main box will tell you how much space is left, depending on the locking mode selected. On a mobile device, the locked message will be selected and ready to be copied into the clipboard. You need to copy it manually before clicking the Text/Img button, which will open your texting app. Message length is limited to 58 ASCII characters when locking with a shared Key or in signed mode, 38 in anonymous mode, 37 in PFS mode. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost.
1. If the message was locked in Signed or PFS mode, or with a shared Key, you will need to select the appropriate item in the top box of the Main tab, or enter it in the Directory tab, as described above.
2. Paste the locked message in the lower box of the Main tab.
3. Click the Lock/Unlock button. The unlocked message will appear in the box, replacing the locked message.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=pD-uvyxKBgQ
Click here for More:
It is okay if the message is broken up by spaces, carriage returns, and special characters. If the message was locked in PFS mode, you can unlock it only once, since this action erases the Key needed to unlock it.
2. Paste the Lock in the lower box, replacing whatever was there before. If the Lock loses its tags as you enter it, this means that PassLok has recognized it and is cleaning it up before storage.
3. Click the Save button. A message confirms that the Lock has been saved under the name given.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=vQrED7eIkLA
Click here for More:
The Lock will be stored unencrypted, but if you want it to be encrypted before storage, check the encr. Locks box in the Options tab before saving the Lock. You can store a number of things besides somebody's Lock: a shared Key, a cover text, a List. In the case of a List, the given name will be bracketed by double dashes. Items that are not Locks are always stored encrypted. (Chrome app only) The item will also be added to the Chrome sync area, so it is available on a different computer after you log into Chrome.
1. Start writing the name of the Lock in the top box of the Directory tab. As you type, the line above the box displays existing names that match what you have typed so far, and the Lock appears in the lower box.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=vQrED7eIkLA
Click here for More:
You can stop typing once you see the complete name for the Lock you're looking for. The process also works for shared Keys, Lists, and cover texts stored in the local directory. Search is case-insensitive, so if the item does not appear, this probably means that the name is wrong. If the item is a cover text, it loads automatically as new cover text.(Chrome app only) If you type "Enter" after a name that was not found on the local database, PassLok will look for it in its Chrome sync area, which syncs across computers, and then adds it to the local directory.
1. Start writing the name of the Lock in the top box of the Directory tab. As you type, the line above the box displays existing names that match what you have typed so far, and the encrypted Lock appears in the lower box.
2. Click the Delete button. A message confirms that the Lock has been deleted from the local directory.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=vQrED7eIkLA
Click here for More:
You can stop typing once you see the complete name for the Lock you are looking for. This process also works for shared Keys, Lists, and cover texts stored in the local directory. Search is case-insensitive, so if the Lock does not appear, that probably means the name is wrong. (Chrome app only) If the Chrome sync area is accessible from the computer, the item will also be deleted from there, after a confirmation popup.
What should the video include:
What to do with the video:
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=zkcqEz3UjnM
Click here for More:
It is highly recommended that you make a video whenever you change your secret Key, so that others can be assured that the matching Lock really belongs to you. When you post your Lock so that people can use it to lock messages for you, write the address of the video on the line immediately below the Lock, to facilitate the verifying process. Video URLs don't affect the function of Locks, so it is OK to handle the Lock and its video address as a unit.
The easy way: call the Lock's owner and ask him/her to read a substantial portion of the Lock over the phone. But let's say you cannot establish a live conversation. If you are communicating exclusively by email, you can send a person whom you know and who knows you the following message, or something like it:
Dear So-and-So:
I just obtained your PassLok Lock from (cite source), but I still wonder if it is authentic since I am unable to view the authenticating video. Therefore, I ask you to help me authenticate it through the interlock protocol. Here's what I want you to do:
Many thanks. Sincerely, This-and-That
Click here for More:
Alternatively, you can ask the other person to use PassLok's built-in Split/Join function, explained in another help item, rather than simply cutting messages in two. The pictures or videos (or recordings) don't need to be locked. Only the instructions for making them need to be locked and transmitted with this two-step process. There is an article in the PassLok manual that explains how this protocol works for authenticating Locks.
The General Directory is a Web page that can store Locks and authentication videos associated with email addresses.
To get to the General Directory: Click the Directory tab. Then click the General Directory button.
The General Directory has its own Help page, which is structured like this one.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=QQQ2df2vPgs
Click here for More:
PassLok does not guarantee the authenticity of the Locks posted on its General Directory. Email confirmation is required to post or update Locks, but this is not completely secure. Since users are encouraged to add authenticating videos and the General Directory has a button to play them, you should watch the video attached to a Lock before you use it.
The General Directory is meant as a convenience, not as a replacement for your local directory. The General Directory is not available when you are offline (the local one is). You cannot post anything but Locks on the General Directory.
1. Click the button at the bottom of the Options tab. Different browsers put different labels on it, such as "Browse", "Choose File", and so forth.
2. A dialog will appear so you can navigate to the file. If all goes well, the file or image loads into the Main tab as a piece of gibberish text, with some identifying information at the top.
Now you can lock it, sign it, or split it like a regular piece of text. The process to retrieve the original file is explained in the help item below.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=-ifIkdredqk
Click here for More:
Many mobile devices, unless they are jailbroken or rooted, restrict the user to images stored in the device or acquired with the built-in camera. Be aware that pictures taken by the camera are usually too large for PassLok to handle.
1. Make sure the encoded file, which presumably has been obtained by unlocking or merging parts, is on the Main tab.
2. Click the Save file button at the bottom of the Options tab. What happens next depends on the browser. On mobile devices, usually you will be able to do something with the file by long-clicking.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=-ifIkdredqk
Click here for More:
Chrome and Firefox will save the file, using the original name if not already taken by another file, into the default download location. Safari does the same, but gives it a generic name that you will have to edit later. Internet Explorer doesn't do anything. Mobile browsers normally open another tab displaying the file contents if the file type is recognized, and from there you can send it to another app.
1. On the Options tab, check the Decoy checkbox.
2. Follow the above instructions for any kind of locking. This also works when adding a signature. A popup will ask for a hidden message and a Decoy Key/Lock to lock it.
3. Input the hidden message into the top box and the Decoy shared Key or Lock (either kind will work) in the bottom box. Then click OK.
The locked message containing both the main text and the hidden text will appear in the main box, replacing the original text. If it is a signature, it will be appended to the text. Copy it and paste it into your communications program.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=4WrYEdRp2Q4
Click here for More:
It is impossible to tell whether or not a locked message contains a hidden message. The length of the hidden message is limited to 152 ASCII characters in key-locked and signed modes, 87 characters in anonymous and PFS modes, 37 characters in short message mode (key-locked or signed only), 40 characters in signatures. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. As with regular locked messages, it is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the locked message with spaces, line returns, and punctuation other than = + / or %. If a shared Key is used for the second message, the same shared Key is needed to retrieve it; if a Lock was used, its matching Key will be needed.
1. On the Options tab, check the Decoy checkbox.
2. Follow the instructions for any of the unlocking modes. A popup will ask for a Decoy Key.
3. Input the Decoy Key. If it is a shared Key, leave the Shared box checked; if it is a secret Key, matching the Lock that was used to lock the hidden message, uncheck the Shared box.
4. Then click OK. The hidden message, if it exists, will appear above the main box.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=4WrYEdRp2Q4
Click here for More:
Since it is impossible to detect the presence of a hidden message, it is necessary to click the Decoy checkbox in order to check for it. In the case of signatures, the hidden message appears in the place normally used by the verification message, so if you still wish to verify the signature, you need to uncheck Decoy and click Sign/Verify again so the signature verification message is displayed. There is no way to tell whether the sender used a Key or a Lock for locking the hidden message, so the recipient must tell PassLok by checking or unchecking the Shared box.
PassLok includes an error correction code as part of the tags attached to most items. It is located right before the end label. Character changes introduced in transmission will be corrected automatically, so long as the tags are present. But character deletions and additions make the error-correction process fail. If this happens to an item you have received, try it again without its tags.
If you foresee that the item may pick up a lot of errors during transmission, including deletions and additions, send three copies of it, separated by @ signs between them. PassLok will reconstruct the undamaged original out of a damaged triple copy automatically. PassLok will make the triple copies for you if you check Triple in the Options tab before generating the item.
Click here for More:
PassLok uses the Reed-Solomon algorithm to correct automatically up to 10 errors per 245-character block. If the item is short, the code at the end of the item, which is offset by "=" signs on either end, will be 20 characters long. The codes attached to longer items are a multiple of 20 characters long. If three copies are present, PassLok will accept each character as good if it is found in two of the copies.
PassLok launches first in Basic mode, so you are able to lock and unlock messages and perform the essential Key and Lock management functions. But PassLok has a lot more capabilities, which become available when you click the Advanced checkbox in the Options tab. To get back to Basic mode, click the Basic checkbox. PassLok will remember your choice of interface next time you open it.
Some advanced capabilities include:
This and mode is explained in this video tutorial: https://www.youtube.com/watch?v=Ttyvb0Qt7h0
The main functions in PassLok can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a complete list, just in case:
Alt-M: Main tab
Alt-D: Directory tab
Alt-H: Help tab
Alt-O: Options tab
Alt-G: General Lock directory open and close
Alt- . (period): extra buttons open and close
Alt-L: Lock or unlock
Alt-V: sign or Verify
Alt-E: send Email
Alt-B: switch Basic and Advanced modes
Alt-A: set Anonymous mode
Alt-N: set sigNed mode
Alt-P: set PFS mode
Alt-R: set shoRt mode
Alt-T: set no Tags mode
Alt-Y: set decoY mode
Alt-I: Image screen open and close
Alt-J: split or Join
Alt-C: display or change Cover text
Alt-W: hide as Words, or unhide
Alt-S: hide as Spaces, or unhide
Alt- ; (semicolon): put cursor on main box
Click here for More:
The list is made for access from Windows or Linux, so that each shortcut is of the form Alt-letter. If you are using a Mac, you should type ctrl-alt-letter instead. Shortcuts do not work on mobile devices.
If you got PassLok from an app store, that app store is ensuring that the code you have is what the author gave to them. The following is to check the integrity of an html version of PassLok running in a browser:
1. Direct your browser to "view source." If your browser has a command to save the source (Chrome, Firefox, and Safari do), go ahead and save it to file.
2. Now you have to take the SHA256 of the code using a program different from PassLok. You have several options:
3. Look up the SHA256 for this version of PassLok, which is published on the PassLok information website at passlok.weebly.com and a number of other places. If this value and the one obtained in step 2 are not the same, the program has been tampered with.
4. Now, a hacker who could alter the source code at the server might also be able to change the published SHA256 so it matches the tampered code. To make sure that the value is authentic you should watch the one-minute video where the author or PassLok, Francisco Ruiz, reads it aloud. A link to the video usually accompanies the published SHA256 value.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=NrAfSo2xjnY
Click here for More:
Typically, you load the source on a separate tab by typing CTRL-U (Windows) or option-cmd-u (OSX). Another way to save the source is to copy it by first selecting the the whole source code (CTRL-A or cmd-a), then copy to clipboard (CTRL-C or cmd-c), and then paste it into a text editor (CTRL-V or cmd-v), and save it from there. DO NOT save the code using the "save" command when the working PassLok page is displayed, since then the browser would modify the source code before saving it. The correct encoding is UTF-8, no BOM (notes: Windows Notepad is unable to save text in the correct format. Cut and paste from Chrome introduces artifacts for big items like the source code).
SHA256 is built into the OS in Linux and OSX, not so in Windows, but there are free programs available, such as Checksum Utility and Bitser. There are also online utilities where you can upload the file and get the hash. Online-convert (http://hash.online-convert.com/sha256-generator), fileformat.info (http://www.fileformat.info/tool/hash.htm) and freeformatter.com (http://www.freeformatter.com/sha256-generator.html) have worked well in our tests.
If you want a clipboard-based SHA256 utility, the one at Xorbin (http://www.xorbin.com/tools/sha256-hash-calculator) has worked quite well in our tests. Don't copy and paste from Chrome, since it introduces artifacts.
PassLok does have the ability to save anything contained in the main box to a text file by clicking the Save button, as well as to take the SHA256 of anything in the Locks screen, but be aware of the danger that these functions might have been tampered with.
1. Check that the item to be sent is displayed on the Main tab.
2. Tap the Select button so the text can be selected.
3. Then tap the Copy label as it appears on screen. The item is copied to clipboard.
4. Tap the ▼ button in order to reveal the button dealing with text messaging, which is labeled SMS, and tap it. A window appears with the default texting app.
5. Tap the input box and then paste the clipboard. Send the message in the usual way.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=LsljKvjAi9I
Click here for More:
To unlock a locked message received by texting, you must first copy it to the clipboard, and then paste it on the Main tab of PassLok. If you use Short mode to lock a message, steps 2 and 3 are automatic.
1. Write or paste the text to be signed in the lower box of the Main tab.
2. Click the Sign/Verify button. A signature matching the text and your Key will be appended at the end of the text. Copy it or email it from there.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=QZvv1SJGh94
Click here for More:
It is okay to strip the tags up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the signature with spaces, and punctuation other than line returns or = + or /.
1. If the signer's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab.
2. Paste the text, with its signature appended on a separate line at the end, in the lower box of the Main tab.
3. Click the Sign/Verify button. A message above the main box will say whether or not the signature for that text has been verified.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=QZvv1SJGh94
Click here for More:
It is okay if the signer's Lock is missing its tags up to the "=" signs , or extra spaces, carriage returns, or special characters other than = + or / have been added. This also goes for the signature, except that it should not be broken by carriage returns.
1. Start writing the name of the item in the top box of the Directory tab. As you type, the line above the box displays existing items matching what you have typed so far, and the encrypted item appears in the lower box. You can stop typing once you see the complete name for the item you're looking for. Search is case-insensitive.
2. Click the Reset button. A message confirms that the PFS data for the item has been deleted. You must reset the data pertaining to the other party whenever a PFS conversation has gone out of sync so the PFS process can be restarted.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=VutWfWZW5bY
Click the All button below the lower box of the Directory tab. The complete local directory, including PFS and hidden data, is displayed in the box so you can find items and copy them easily.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=8zo-N5O82iM
Click here for More:
The format for each item is the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has hidden data and PFS data, those follow the item data, occupying consecutive lines. Item 'myself' is special, and contains the Lock matching your secret Key and a collection of settings.
1. Click the Move button below the lower box of the Directory tab. The entire directory is first locked with your secret Key, and then placed in the Main tab.
2. Then a prompt asks you to confirm deleting it from the device. If you click OK, the entire local directory is deleted. If you click Cancel, the process ends and the directory contents are not deleted. In both cases the backup on the Main tab remains.
3. To retrieve a backed-up directory (has PL**dir tags), place it in the Main tab and click Lock/Unlock. The database will be unlocked and placed in the Directory tab. Then you can add it to the device's current local directory by clicking Merge.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=8zo-N5O82iM
Click here for More:
This process is useful whenever you stop using a device or just want to transfer it to another device. (Chrome app only) Even if the local directory is completely deleted, the items in your Chrome sync area remain available.
1. Paste the additional data into the lower box of the Directory tab.
2. Click the Merge button. The new data is merged into the local directory.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=8zo-N5O82iM
Click here for More:
The format for the additional data must be the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has hidden data and PFS data, those follow the item data, occupying consecutive lines. If the additional data contains names that were already in use in the directory, the new data replaces the original data. Items are added in encrypted form but are not checked as they are added, so it is possible that different items may need different Keys to be decrypted, if you changed your secret Key in the past. (Chrome app only) If the Chrome sync area is accessible from the computer, the additional data will also be added to that area, so it is accessible from other computers.
You can always make a List of Locks and shared Keys, in order to lock a message for multiple recipients, by writing the Locks or shared Keys in separate lines of the lower box in the Directory tab. Lists can be given names to save them in the local directory. Saved Lists appear highlighted in the top box of the Main tab. The List button facilitates making Lists this way:
1. If you put several items on separate lines in the lower box of the Directory tab and click the List button, PassLok will remember them during the current session.
2. To add one or several items to the List in memory, put them in the box and click List again. Duplicates are removed in the process.
3. If you click List with the box empty, the current List in memory is displayed.
4. If you click the Reset button while a List is displayed in the bottom box, the List in memory is deleted.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=m4Ki9DHTVow
Click here for More:
If you want to store a List permanently, you must first write a name for it in the top box, then write the items in the lower box or display the List in memory by clicking the List button, and then click Save. Lists can contain Locks, shared Keys, or names of items in the local directory, but not names of other Lists.
PassLok has a built-in way to make a 86-character random Key:
1. On the Directory tab, click Save with the lower box empty.
2. If you actually want to save the random Key, write a name for it in the top box before you click Save.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=3OUpuk3-tRo
This operation, which goes by the technical name of "Diffie-Hellman key exchange," is at the core of many PassLok functions. Should you ever want to compute the result manually, here is how to do it:
1. Write or paste the Key or the Lock on the Main tab.
2. Write or paste the other item in the lower box of the Directory tab. If the item is in PassLok's local directory, you can bring it out by starting to type its name in the top box.
3. Click the Merge button. The Key and the Lock will merge and the 86-character result is placed in both the Main and Directory tabs.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=0EImhN35Tbs
Click here for More:
If both items or neither of them is a valid Lock, the merging process fails and a message is displayed. The result of combining your secret Key and someone's Lock is the same as that of combining your Lock and that person's secret Key.
1. Put the item in the lower box of the Main tab.
2. Click the ▼ button, if needed, and then click the Split/Join button.
3. A popup asks for the total number of parts to be made, and the minimum number required to retrieve the original. Enter those numbers, which must be between 2 and 255, and click OK. The parts appear in the main box, replacing the original item, and a message confirms it. Copy the parts one by one and send or store them as needed.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=ZdVHaD-FpSk
Click here for More:
The parts are enclosed within tags of the PL**p^^^ form, where ^^^ is the minimum number of parts that are needed to reconstruct the original. It is okay to strip the tags of the resulting parts up to the "=" sign, but not recommended. PassLok will do this automatically if the No tags checkbox is checked prior to locking. It is also okay to split the parts with spaces and punctuation other than = + / or line returns.
1. Paste a sufficient number of parts on separate lines of the lower box in the Main tab. Make sure that each part is unique.
2. Click the ▼ button, if needed, and then the Split/Join button. If all goes well, the reconstructed item appears in the box.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=ZdVHaD-FpSk
Click here for More:
You need as many parts as the second number entered when the item was split, which is written at the end of each PL**p^^^ tag. Having more parts than the minimum is okay, so long as they belong to the same set and are not corrupt. They don't need to be placed in any particular order. If nothing happens, likely causes include: insufficient number of parts, incomplete or corrupt parts, parts belonging to different sets.
1. Check that the item to be converted into fake text is on the Main tab. Then click the ▼ button, if needed, to show the Words and Spaces buttons.
2. If you wish to use a cover text different from the default and you have stored it in the local directory, select it on the top box of the Main tab. Otherwise you will have to change it using the process described in the help item two places below this one.
3. If now you click the Words button, each character of the text is replaced by a word from the cover text. If you click the Spaces button, the original text is encoded into the spaces of the cover text.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=Px2JweWna6s
Click here for More:
The recipient of a Words-encoded text must have the same cover text in order to retrieve the original, but this is not necessary for Spaces-encoded text. The output of Spaces encoding is seven times longer than that of Words encoding. If the cover text is not long enough, it will be repeated several times and a warning message will tell you. If you used Spaces encoding, you should be careful not to add or delete any spaces within the encoded text, but it is okay to add more text to complete the last sentence, which may contain additional spaces.
Text-encoding is no substitute for real encryption, and so PassLok will refuse to convert into fake text anything that does not look like genuine PassLok output.
1. Put the fake text on the Main tab.
2. Click the ▼ button, if needed, followed by either the Words or the Spaces button (it doesn't matter which). If successful, the fake text is converted back into the original item and displayed in the box, replacing the fake text.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=Px2JweWna6s
Click here for More:
If the fake text was encoded with the Words method using a cover text different from the default, you will have to load first the appropriate cover text by selecting it on the top box of the Main tab, if stored in the local directory, or using the process described in the next help item, if not stored.
To display the current cover text (which would be the default cover text if PassLok has just been reloaded), click the ▼ button, if needed, and then the Cover button with the box empty.
To change the cover text:
1. Copy a sufficiently long text (must have at least 70 different words) and paste it into the Main tab.
2. Click the ▼ button, if needed, and then the Cover button. If the change is successful, the box goes blank, and a message confirms the change.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=Px2JweWna6s
Click here for More:
Cover texts do not have to be in English or even use Latin characters. Anything that can be written in UTF-8 encoded characters can be used (most languages, including Arabic and Chinese, will work fine). If the change is unsuccessful, a message above the box will say why. Typically, failure to change the cover text is due to not having a sufficient number of different words. Use a longer text and try again.
Since the cover text is a (weak) sort of password for a Words-encoded item, it may be good to store often-used cover texts in your local directory so they can be loaded easily from the Main tab. To do this, go to the Directory tab, write a new name in the upper box, then paste the cover text in the lower box, and click Save. The cover text can be retrieved like any other stored item, and it will be automatically loaded after it is extracted from encrypted storage.
1. Make sure the item to be hidden is in the lower box of the Main tab.
2. Click the ▼ button, if needed, and then the Image button.
3. A new screen appears where you can load the image where the item is to be hidden. To do so, click the "Choose File" or "Browse" button (browsers vary on the name). A dialog will appear, where you can navigate to the image and open it. A message will tell you how much data you can hide in the image.
4. When you see the image, click the Hide button. A message will say when processing is completed, although the image will not appear to have changed.
5. Right-click or long-press on the image in order to save it or send it somewhere.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=_iXIyH6AnMI
Click here for More:
Images only a few kB in size can hide PassLok items with hundreds of characters. Images taken with a mobile camera are usually too large for PassLok to be able to use them for hiding items, because of the processing required.
1. Navigate to the image hiding screen from the Main tab by clicking ▼, if needed, and then Image.
2. Click Choose File or Browse (browsers vary on this) and open the image containing the hidden item.
3. When the image displays on the screen, click the Reveal button. A message will say when processing is completed and the hidden item has been retrieved, or no hidden item has been found.
4. Click Back to see the item on the Main tab.
This and more is explained in this video tutorial: https://www.youtube.com/watch?v=_iXIyH6AnMI
We do not recommend using old versions for new work. Newer versions have enhanced security and are more user-friendly. But sometimes you may need to handle an item that is incompatible with the current version. Here is a pretty complete list of PassLok versions, with links to them.
Current version of PassLok can be obtained from:
source server: https://passlok.com
information page: http://passlok.weebly.com
GitHub page: https://github.com/fruiz500/passlok
Chrome app: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh
Android app: https://play.google.com/store/apps/details?id=com.fruiz500.passlok
iOS app: https://itunes.apple.com/us/app/passlok-privacy/id879861603?mt=8&uo=4
mirrors:
https://www.autistici.org/passlok (non-US, self-certified)
https://fruiz500.github.io/passlok
SHA256 for this version and video of the author reading it at:
http://passlok.weebly.com/get-passlok.html
Previous versions:
1.7.08 (87a4-fee6-8916-99fb-c59b-9d73-32dd-3023-5af0-3e69-18e0-caa3-d9e7-8a53-2385-957c)
1.6.02 (2c64-63d5-5d68-c7b2-9350-68cc-8bef-1a75-ddc1-1fa0-cd04-4428-f3ef-c079-e14f-4133)
1.5.03 (0061-4b79-8ba1-8fee-34c5-e243-96e9-4c7c-a0ea-cfc5-82c1-a44d-4cbb-06c4-ca00-985c)
The following (except 1.0) were edited so the archived help file works, changing the ID from the original (therefore no video)
1.4.03 (f1cc-8931-1d31-4d65-4dfe-fb0d-5368-f854-3766-b240-f131-c93f-a0e9-8d14-752e-018e)
1.3.03 (7c6f-3d59-1059-e712-15ea-8dcf-dcde-861a-7359-6508-3b29-5720-41c9-8271-cb69-f01a)
1.2 (c17b-c529-8757-578a-6bc2-bdc4-122e-c607-8c16-19ef-b9ee-8d4d-75aa-cf0a-b703-e0ec)
1.1 (8e5c-9714-eec3-cc65-aa8f-640d-d434-2747-aa24-624c-74c5-65ea-4077-0f0f-3b22-cc30)
1.0 (a907-25eb-50e3-e4a6-5f4b-27c1-684e-f590-6094-6fae-52f3-c7ca-47b1-732c-9eab-3e9b)
Another way to learn is to check the Learn box in the Options tab, which will create a popup explaining what is about to happen, every time a button is clicked. If this is not enough for you, here are a couple more sources you may want to check out:
The PassLok manual in PDF form.
The PassLok informational website at http://passlok.weebly.com. It contains a number of videos and more PDF documents.
Then you can send us an email at passlokprivacy@gmail.com (the link will open your email client). We'll do our best to reply in a timely fashion.
Good constructive feedback is hard to get, so let us thank you right now, before we read your email.
Sure there is, and it includes a number of trick questions. Just click the button below.
PassLok provides excellent security, since it is a self-contained piece of code that neither relies on servers nor stores secret information to do its job. Therefore:
1. We cannot give your secret Key to anyone (not even yourself) because we don't have it. Your Key is never stored or transmitted, and by default it gets deleted from memory after five minutes of not being used.
2. We cannot give your private data to anyone because PassLok does not send anything out of your device. We only store Locks that have been posted on our General Directory by their owners, and those are public by nature.
3. We will never weaken the cryptography methods contained within PassLok at the request of a third party, private or public. This also means no backdoors will ever be added. We'd rather shut down PassLok than be forced to do this, which would betray the very essence of the program. If we learn that counterfeit versions of PassLok are circulating, whether placed by hackers or government agencies, we'll make the fact known to users.
Notice: Since PassLok is distributed a piece of human-readable code, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of PassLok violates free speech and copyright protection laws.
PassLok contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using PassLok.
You will need to re-enter your Key if you don't use it for 5 min.
PassLok will be very slow if your Key is worse than Medium.
To display your Lock, click myLock on the Main tab.
Cancel for limited functionality.
Enter the Hidden Message
Enter the Decoy Key/Lock
Enter the Decoy Key
The Hidden message will appear on the Main tab
Enter the total number of parts (between 2 and 255)
And the number of parts needed to retrieve the item