PassLok privacy

For instructions on how to do things, click on each title below. Click again to hide.

To get instructions as you click buttons in PassLok, check Learn on the Options tab.

What is PassLok?

Before you do anything else, you may want to watch this three-minute video, which explains the essential concepts in a lighthearted way (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=UxgrES_CGcg

PassLok locks text and files, and sets up secure real time chat sessions using strong end-to-end encryption.
PassLok is based on Keys and Locks. You encrypt something with someone else's Lock, so only that person can decrypt it with his/her Key.
Your Key is a short piece of text, which can be anything you want so you can remember it.
The matching Lock is then made from your Key. It is impossible to get the Key or your email from the Lock.
You should never give your Key to anyone. Your Lock, however, is meant to be distributed freely, like a phone number.

This approach has a number of advantages over other privacy apps that you may be familiar with:

PassLok does not involve a server, so nobody can possibly have your private data.
The same code runs on computers, phones, and tablets to make it perfectly portable.
You can use PassLok with your favorite email, texting app, or any program by cut and paste.
PassLok does not need to store anything secret. The only secret is your Key, which stays in your head.
You can use PassLok with a public or borrowed device as easily and safely as with your private phone or computer.
Several users (or several identities) can coexist on the same device.

PassLok is still in experimental phase since there has not been enough time for security experts to uncover possible flaws. Bear this in mind before entrusting critical secrets to it.

If you find PassLok too difficult, you may want to try SeeOnce instead, from https://SeeOnce.net. SeeOnce implements the Read-once mode of PassLok plus one type of text hiding, but you never have to worry about maintaining a directory of Locks. PassLok . Even easier is URSA, available at https://passlok.com/ursa, which includes only the shared Key mode of PassLok. Finally, there's PassLok for Email, a Chrome extension that integrates with popular email clients (currently Gmail, Yahoo, and Outlook). All of these apps are fully compatible with PassLok, although they are not compatible with each other.

Invite others to PassLok

Before you can communicate with others using PassLok, they must have obtained the app, come up with a secret Key (which they won't tell you), generated a Lock from it, and sent it back to you.

You can tell others about PassLok any way you want, but PassLok can help you to start your network with a single keystroke, this way:

1. Type a message in the main box. Don't write anything sensitive, since invitation messages are not secure.

2. Click the Invite button.

3. After confirmation, a new page should open in your default email, containing a link to PassLok that includes your personal Lock plus your encrypted message and a short set of instructions. Edit it as needed, then write the recipients' email addresses and send it.

This is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=0wTJWyd9s64

Click here for More:

The invitation link loads the web version of PassLok, but pasting it into any other version of PassLok, or opening the email in PassLok for Email or SeeOnce works just as well. Invitations made in PassLok for Email or SeeOnce can also be opened in PassLok Privacy.

People who did not get your email will still be able to obtain your Lock if you post it in the General Directory. To do this, click the myLock button if your Lock is not already displayed, then the small Edit button near the top, and then the large General Directory button. A new page will open where you only need to supply your email address, click Post, and reply to a confirmation email.

Those who get PassLok from your email invitation will have your Lock automatically stored in their directories, so they can encrypt items for you right away.

Learn how to use PassLok

If you check the Learn box in the Options tab, a text explaining what is about to happen will pop up every time a button is clicked.

And here are a few more resources you may want to check out:

The Learn PassLok website at https://passlok.com/learn contains a working copy of PassLok and a number of lessons on the different things you can do with it.

The PassLok information website at http://passlok.weebly.com contains a number of videos and PDF documents.

The PassLok manual in PDF format.

If you want to learn what's under the hood, read the PassLok technical document.

Change PassLok's look

PassLok opens with the default Light colors. You can also select the Dark, Red, Green, and Blue schemes on the Options tab, or even make your own custom scheme, this way:

1. Click Custom on Options.

2. Select the color you wish to modify: Tabs, Background, Buttons, or Boxes.

3. Click the colored box, which will open a selector. Hue and saturation are set on the main area, brightness on the sidebar.

4. Repeat steps 2 and 3 for each color type.

PassLok will pick random colors if you click the Random button. You can then edit them using the selector.

How to make a strong Key

You should be able to remember your secret Key without having to write it down. PassLok does not store the Key anywhere. In fact, it deletes it from memory after five minutes of not being used (this can be overridden via a checkbox).

Your Key will be stronger if it contains caPiTals in unusual places, numb3rs, and $ymbol$. If you use common words, miespell them to make harder a "dictionary attack." Break the words up with num334bers and sy#$%mbols. Avoid anything that might be easy to guess. PassLok knows frequently used words, but hackers' dictionaries are bigger. Do not use grammatically correct sentences, even if PassLok gives a big score.

PassLok compensates for weak Keys by adding spurious computations and may even appear to have crashed. If PassLok is slow, this may be because your Key strength is less than Medium.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=JbNM_cf8My0

Click here for More:

If you plan to use PassLok only with shared Keys, you do not need a secret Key at all. Simply Cancel when you are asked for your Key when PassLok starts, and write or paste the encryption Key into the lower box that appears when you you click the Edit button located next to the directory.

If instead of a short shared Key you paste in a piece or text at least three times as long as the message to be encrypted, PassLok uses it in Pad mode, which theoretically is much more secure than the regular mode (more on this in a help item below).

Get a hint to remember my Key

If you are reading this, likely you have gained Guest access to PassLok by clicking Cancel at the Key entry screen. The good news is that you can still encrypt messages if you know the recipient's Lock or shared Key, verify signatures, and use the Locks stored in your local directory as well as all the auxiliary functions of PassLok. You can even seal items and display the matching Lock if you enter a Key when PassLok asks for it.

The bad news is that you cannot change anything stored in the local directory, and your use of it is limited to Locks. You cannot do anything that would involve your secret Key, such as decrypting messages encrypted with your Lock, or continuing a Read-once conversation in course.

Well, we've got even worse news for you: we cannot help you to recover your secret Key, because PassLok never stored it or sent it out. There are no hints, either. If you forgot your Key, it's gone, along with all encrypted items in the local directory.

Click here for More:

Hopefully Guest mode will let you get by until you remember your secret Key. But if you want to get full access to PassLok with a new Key, here are the steps:

1. Go to the Options tab.

2. Click the Backup/Remove Options only box. When a popup asks for confirmation to delete your settings, click OK.

3. Reload PassLok.

4. The user selection screen will appear, and this time PassLok will accept whatever new Key and email or suchlike you want to give it for the user in question. Now you're back in business and can use PassLok with the new Key to seal, decrypt, store items in the local directory, etc.

At this point, the only directory entry that will work fully is "myself". You can reset or delete the entries that don't work one by one, by typing each name in the directory Edit dialog and clicking Reset (leave essential data intact) or Delete (take out everything) when the name is recognized, or all at once by following the process described in a help item below, about "moving the entire local directory."

Use a different Key temporarily

For a given user name, there is only one "secret Key" that unlocks all the capabilities of PassLok, but if you are willing to accept a limited access to its functions, you can use a different Key for the session, or whenever PassLok asks you for the Key. This way:

1. Select the user and enter the new Key in the box (optional).

2. Click the Cancel button.

3. If asked for your email etc., enter it and click OK. (the Random button will write a new random value, different from the original random token, if any, so beware)

Click here for More:

You can do pretty much everything, except things that would have involved the secret Key. You cannot modify anything in the local directory. When you reload PassLok and enter the correct Key, a warning will tell you that last session was run in Guest mode. If you don't select a user from the list, you won't have access to any stored Locks.

Make PassLok even more secure

When you first opened PassLok, you were asked to optionally enter your email or similar public, easy to recall personal information. But if instead of entering your email you click the Random button next to the input box, an 43-character random token is used. This makes your Lock much harder to crack, but it becomes tied to the device where it was created (except for the Chrome app, which can sync it across devices).

To back up your random token to a safe place in case of accidental deletion or to be able to use a different device:

1. Click the Backup/Remove Options only button on the Options tab (visible in the Advanced interface). A backup item bracketed by "PL**bak" tags appears on the main box, from where you can save it to file, copy it, email it, etc.

2. Then a dialog asks you if you want to reset your settings. If you click OK, PassLok will restart as if it had never started before, except that the local directory remains intact.

To restore the random token from a backup item, paste the packup into the main box and click Decrypt.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4DjhIjU_nuM

Click here for More:

The reason for the email or other additional data is to combat the "rainbow table" attack, where hackers pre-compute Locks made from the words in a dictionary. This data is encrypted and stored along with other settings, so you won't need to enter it again. The Lock depends both on the Key and the email or random token; this adds extra security, but it also means that if the random token gets erased you will not be able to decrypt anything that was encrypted with your Lock. The backup item contains your settings, including the random token, double-encrypted by your secret Key. One reason to delete your settings while leaving the local directory intact is to be able to change the random token to a new value. You can also proceed without entering any email or token.

If you plan to use both PassLok and PassLok for Email, it is best if you write your real email in this box, for in this case your PassLok ezLok will be identical to the one used in PassLok for Email and you'll be able to use their main features interchangeably. This precaution is not necessary if you only use one of the versions.

Display the Lock matching your secret Key

Click the myLock button on the Main tab. The Lock matching that Key will appear in the lower box, from where you can copy it or email it.

If then you click the Edit button next to the local directory box, and after that click the button labeled General Directory, PassLok's General Directory website will open, with its lower box filled with the Lock you just made. To post your Lock so others can find it, just write your email in the upper box and click the Post button.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=L00yybDzN6k

Click here for More:

By default, PassLok displays the Lock in ezLok format, consisting only of smallcase letters (except L) and numbers, so it is easier to authenticate by reading aloud a portion of it. To display it in base64 format like all other PassLok items, go to the Options tab and uncheck ezLok. The General Directory can take ezLok Locks as well as base64 Locks. PassLok for Email and SeeOnce are compatible with PassLok ezLoks, but not with regular Locks. If you wrote your real email when asked about it, rather than something else, then your ezLok is the same as that used in PassLok for Email, and the encrypted items made by PassLok Privacy and PassLok for Email can be decrypted in the other app. This precaution is not necessary for SeeOnce.

If you need to make a Lock for a different Key (for instance, in order to receive Decoy mode hidden messages), it is best if you start PassLok in Guest mode by clicking Cancel when you are first asked for your Key, which will make PassLok accept a different Key. Then click myLock and supply the new Key and your email, if requested (if you use a random token you will need to copy it before, by typing "myself" at the top box of the directory Edit dialog followed by Enter, or by clicking Change Email on Options).

Encrypt a message with a Lock, to be decrypted with the matching Key (Anonymous mode)

1. Make sure Anonymous mode is selected at the bottom of the Main tab. This is the default.

2. If the recipients' Locks have been previously stored in the directory, simply select their names in the top box of the Main tab.

If not, click the Edit button next to the directory listing and paste the Locks, one per line, in the lower box of the dialog that appears. Then click Done.

3. Write or paste your message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button (non-mobile).

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program or click Email to open your default email.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=nBA5JNY4gmQ

Click here for More:

This mode is called Anonymous not because it provides any protection against tracking over a network, but because the identity of the sender cannot be deduced from the encrypted message. This message can be decrypted only by someone having the Key matching one of the Locks selected. Alternatively, you can retrieve a stored Lock by beginning to type the name associated with it in the top box of the directory Edit dialog, until the encrypted Lock appears in the lower box. You can also write the names, one per line, in the lower box. It is okay if the tags up to the "=" signs on the Lock are missing, or extra spaces, carriage returns, or special characters other than = + or / have been added (such as a video URL).

This mode is not available in Email mode because it is not compatible with PassLok for Email, but the other two modes are.

Decrypt an Anonymous encrypted message (tags are PL**msa)

1. Paste the encrypted message in the lower box of the Main tab.

2. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will appear in the box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=nBA5JNY4gmQ

Click here for More:

It is okay if the message is broken up by spaces, carriage returns, and special characters other than = + / or - or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

Even though this mode is not available in Email mode, messages encrypted in this mode will decrypt fine anyway.

Encrypt a message with a Lock, to be decrypted with the matching Key, and sign it with your secret Key (Signed mode)

1. Make sure Signed mode is selected at the bottom of the Main tab.

2. If the recipients' Locks have been previously stored in the directory, simply select their names in the top box of the Main tab.

If not, click the Edit button next to the directory box and paste the Locks, one per line, in the lower box of the dialog that appears. Then click Done.

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program or click Email to open your default email.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=R9UanENF3ro

Click here for More:

This mode is called Signed not because a digital signature is involved, but because the message can be decrypted only by someone having the Key matching one of the Locks selected, and your Lock. Alternatively, you can retrieve a stored Lock by beginning to type the name associated with it in the top box of the directory Edit dialog, until the encrypted Lock appears in the lower box. You can also write the names, one per line, in the lower box. It is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the encrypted message with spaces, line returns, and punctuation other than = + / or - This message can be decrypted only by someone having the Key matching the Lock used to encrypt it. Additionally, they must have your Lock in order to verify that it comes from you.

Messages encrypted in this mode can be decrypted by PassLok for Email, if the Email mode checkbox is checked in Options before the message is encrypted.

Decrypt a Signed message (tags are PL**mss)

1. If the sender's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab.

If not, click the Edit button next to the directory box and paste the sender's Lock in the lower box of the dialog that appears. Then click Done.

2. Paste the encrypted message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button (non-mobile).

3. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will replace the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=R9UanENF3ro

Click here for More:

Alternatively, you can retrieve the sender's stored Lock by typing the name associated with it in the top box of the directory Edit dialog until the encrypted Lock appears on the lower box. It is okay if the message is broken up by spaces, carriage returns, and special characters other than = + / or - or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

A message encrypted by PassLok for Email in Normal mode can be decrypted by PassLok in this mode. Just paste it in and supply a name for the included ezLok, if requested.

Encrypt a message so that nobody can read it after the exchange is over (Read-once mode)

1. Make sure Read-once mode is selected at the bottom of the Main tab.

2. Select the recipients' Locks in the top box of the Main tab. This mode requires the recipients' Locks to be previously stored in the local directory.

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program or click Email to open your default email.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY

Click here for More:

This message can be decrypted only by someone having the Key matching one of the Locks selected, and your Lock, and then typically only once. In order to restart a Read-once conversation that has gone out of sync, clear the old data for that recipient by clicking the Reset button in the directory Edit dialog after the recipient's name is displayed above the upper box, then encrypt the message normally. The first message after a reset does not have forward secrecy, so be careful with this one. It is okay to strip the Lock tags up to the "=" sign, but not recommended. It is also okay to split the encrypted message with spaces, line returns, and punctuation other than = + / or -

Messages encrypted in this mode can be decrypted by PassLok for Email, if the Email mode checkbox is checked in Options before the message is encrypted. They can be read in SeeOnce if Compatibility mode is checked in Options.

Decrypt a message that was encrypted in Read-once mode (tags are PL**mso)

1. Select the sender's Lock on the top box of the Main tab. This mode requires the sender's Lock to be previously stored in the device's local directory.

2. Paste the encrypted message in the lower box of the Main tab.

3. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will replace the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY

Click here for More:

Usually you can decrypt the message only once, since the ephemeral key needed to decrypt it is overwritten in the process, but after a reset the first message can be decrypted forever, and the second becomes decryptable only after it is replied to. It is okay if the message is broken up by spaces, carriage returns, and special characters other than = + / or - or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

A message encrypted by PassLok for Email in Read-once mode can be decrypted by PassLok in this mode. Just paste it in and supply a name for the included ezLok, if requested. Same if it was encrypted in SeeOnce.

Reset a Read-once conversation

This may be needed if the conversation with a given correspondent has gone out of sync so that you are unable to decrypt a new Read-once message from him/her. Resetting clears ephemeral Keys and Locks on both sides, and re-initiates the Read-once exchange.

1. Click the Edit button next to the Lock selection box.

2. Start writing the name given to the correspondent in the top box of the dialog. As you type, the line above the box displays existing items matching what you have typed so far, and the Lock or encrypted shared Key appears in the lower box. You can stop typing once you see the complete name you're looking for. Search is case-insensitive.

3. Click the Reset button. A popup asks you to confirm the action, and then a message tells you that it has been done.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY

Send a PassLok item (Lock, encrypted message, etc.) by email

1. Check that the item displayed on the Main tab is PassLok output. If it is not, the button you need to press in the next step won't be there.

2. Click the Email button. If the device is so configured, a window appears containing the item and some explanatory text. You only need to supply the recipient's email address and a subject line before clicking the Send button.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LsljKvjAi9I

Click here for More:

Be aware that there is a limit to the size of a message that is made this way. If you get an error, you can always copy the contents of the box and paste it into a normal mail compose screen.The email includes a link that, if clicked, will open the contents in the web app version of PassLok. To open it in a different email client or in case the button is not visible or the new window fails to appear, copy it to the clipboard and then paste it into the "compose" box of your favorite email.

Send a PassLok item by Text messaging (mobile only)

1. Check that the item to be sent is displayed on the Main tab. Usually it will have been produced with Short mode selected in Options, to make sure it fits in a single message.

2. Long-tap the item so the selection dialog appears. Then select it and copy it to clipboard.

3. Tap the button dealing with text messaging, which is labeled SMS. A window appears with the default texting app.

4. Tap the input box and then paste the clipboard. Send the message in the usual way.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LsljKvjAi9I

Click here for More:

To decrypt a encrypted message received by texting, you must first copy it to the clipboard, and then paste it on the Main tab of PassLok. Due to browser restrictions, there is no way to know whether the item has been copied to clipboard, but hopefully the process above is fairly foolproof. (Advanced) If you want to make sure the encrypted message fits within a single text message, encrypt it with the Short option on.

Load files to be encrypted, sealed, or split (non-mobile)

1. The button to load files is the rightmost one on the formatting toolbar, which is displayed by clicking the Rich button. It looks like this:

2. When you click it, a dialog will appear so you can navigate to the file. If all goes well, the file loads into the box as a link. You will see only its name, but the whole file is actually in there.

Now you can encrypt it, seal it, or split it just like a text-based message. You can also add more files if you want. The process to retrieve the original files is explained in the help item below.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=tPeUv6BRTrg

Click here for More:

If the file is a text file, it will load as plain text rather than as a link. This command is not available on mobile devices because of their severe restrictions on accessing stored content. If using a Chromebook, be aware that the Files extension does not load Google documents completely; save the file locally in a different format and try loading it again.

You can also put images in your message, by clicking the button immediately to the left of the one to load files. In this case the content is displayed as an image rather than a link.

If you plan to send large files by email or other means, it is best to encrypt them with an archiving program such as 7zip, Winzip, or Winrar (Windows), Keka (OSX), or p7zip (Linux) using AES and a random symmetric key, and then use PassLok to encrypt that symmetric key for transmission, along with the encrypted files as attachments.

Retrieve a file that has just been decrypted, unsealed, of joined (non-mobile)

1. Make sure the file appears as a link on the Main box.

2. Right-click on it and select the Save link as option. The file will be saved at the location you select.

If there are several file links, repeat the process for each one. This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=tPeUv6BRTrg

Click here for More:

Chrome will not display the Save link as option if the file is larger than 1.5MB. Use Firefox or Safari in this case.

File output

If you select File output on the Options tab before encrypting, sealing, or splitting, the result of the operation appears as a file (several, in the case of splitting), which you can then save anywhere by right-clicking on the file labels. Doing this will speed up things considerably if you are encrypting, sealing, or splitting something large (especially on Chrome).

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Sm4f6FIOShI

Click here for More:

The file is made of text and can be viewed using a variety of programs. An output item loaded as a file can be decrypted, unsealed, or joined just like an item loaded as text. It can also be sent by email as an attachment, which is handy when the item is large. Firefox and Safari have no problems with file size, but Chrome won't save the output file if it is larger than 1.5MB.

Make an invitation to join a real-time multi-party chat session

1. Select the other participants in the chat on the list at the top of the Main tab. You are added automatically.

2. Click the Chat button. A dialog will appear asking you whether this chat is going to involve text and files only, or also will involve audio, or even video. There is also a text box where you can optionally type something that will be shown to the users (such as the date and time for the chat) before they join the chat.

3. Supply the required information and click OK. If the main box did not contain a chat invitation, a new one is generated and placed there. You can now email it with the Email button, or send it out by any other means.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=XytUN0T_2zQ

Click here for More:

Please tell participants about the time for the chat. When the time comes, you will join the chat using the same invitation as the other parties, so make sure to save it somewhere. All browsers can make a chat invitation, but some (Internet Explorer, Safari, native Android app, anything on iOS) don't support joining the actual chat.

PassLok chat invitations encrypted in Signed or Read-once mode can be decrypted in PassLok for Email, and vice-versa.

Use an invitation to join a real-time chat session (tags are PL**chat)

1. Place the invitation in the Main box and click the Chat or the Decrypt button. If the sender added a message, it will be displayed and you will have to click OK to go on, or Cancel to try later.

2. A new screen opens. Write the name you want to use for the chat in the top box, and then click Start or Join (depending on whether or not you are the first to arrive at the virtual chat room).

3. As participants join the chat session, their chosen names will appear at the top of the chat screen (or a randomly-chosen tag, if they didn't supply a name). You can then post text by writing it in the Text box, followed by Enter. You can also post files by clicking the Browse or Files button.

4. If the chat involves audio or video, you may be asked to give permission to access you microphone and camera. After you grant it, you will see or hear the other participants as they join, and likely yourself too.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=XytUN0T_2zQ

Click here for More:

Connections between participants are direct, but a signaling server is used at the start so the participants can find one another, and then it is contacted no more. PassLok will remind you that this may lead to your being tracked. After the chat has started, you can go back to PassLok and do other things, then return to the chat by clicking the Chat button. The connection will stay alive until you reload PassLok or the other participants leave. If things get out of hand, you can always reset your session with the Reset Chat button. Browsers are not equal as far as support for chat: Firefox is best, followed by Chrome and the Android browser, Maxthon, and then Opera (with problems). Internet Explorer, Tor, Safari, and anything on iOS don't yet support joining a chat, though you can make a chat invitation from them.

PassLok chat invitations encrypted in Signed or Read-once mode can be decrypted in PassLok for Email, and vice-versa.

Encrypt a message with a shared Key, to be decrypted with the same Key

1. Make sure the Anonymous or Signed modes are selected at the bottom of the Main tab.

2. If the Keys shared with each of the recipients have been previously stored in the local directory, simply select their names in the top box of the Main tab.

If not, click the Edit button next to the directory box and paste the shared Keys, one per line, in the lower box of the dialog that appears. You can mix shared Keys and Locks. Then click Done.

3. Write or paste the message in the lower box of the Main tab.

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original text.

Copy it and paste it into your communications program or click Email to open your default email program.

This and more is explained in this video tutorial (warning: watching it may leak your IP number):https://www.youtube.com/watch?v=sRdpWe4zya8

Click here for More:

This message can be decrypted only by someone having the same shared Key. It does not matter whether Anonymous or Signed mode is selected, since they use shared Keys identically. Alternatively, you can search for a stored shared Key by typing the name associated with it in the top box of the directory Edit dialog. When you type "Enter", the stored Key is decrypted for you to see.It is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the encrypted message with spaces, line returns, and punctuation other than = + / or - The tags will depend on the encryption mode selected. There is no special tag to indicate that a shared Key was used instead of a Lock.

Messages encrypted with a shared Key cannot be decrypted in PassLok for Email. They can be decrypted in URSA if Short or Compatible mode are chosen in Options prior to encryption.

Decrypt a message encrypted with a shared Key

1. If the Key shared with the sender has been previously stored in the local directory, simply select its name in the top box of the Main tab.

If not, click the Edit button next to the directory box and paste the shared Key in the lower box of the dialog that appears. Then click Done.

2. Paste the encrypted message in the lower box of the Main tab.

3. If the message does not decrypt automatically, click the Decrypt button. The decrypted message will appear in the main box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number):https://www.youtube.com/watch?v=sRdpWe4zya8

Click here for More:

Messages encrypted with URSA can be decrypted in PassLok, using this procedure.

Encrypt a message with a Pad, to be decrypted with the same Pad

1. Copy the text to be used as Pad from its source. It should be at least five times as long as the message, or Pad mode won't engage. You can also load a whole file that is at least five times as long as the message.

2. Click the Edit button next to the directory box and paste the shared Pad in the lower box of the dialog that appears. You can also load a file by means of a button visible in the Adbanced interface. Then click Done.

3. Write the message in the lower box of the Main tab.

4. Click the Encrypt button. If Pad mode is engaged, a popup will ask for the starting position in the Pad, otherwise encryption will proceed using the regular shared Key mode (a warning popup will appear if there are several paragraphs).

5. Write a number within the range given in the dialog and click OK. The encrypted message will appear in the box, replacing the original text.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=BEXYuaCxciM

Click here for More:

Pad mode is theoretically impossible to break, even by brute force. Use it when you need the utmost security. The text material can be taken from a digital book, for instance. You may transmit in plain text the page number and starting position, so long as the text source is kept secret.

It is okay to split the encrypted message with spaces, line returns, and punctuation other than = + or /, or to eliminate the tags at either end. It doesn't matter which encryption mode is selected at the botton of the Main tab.

Messages encrypted this way can also be decrypted in URSA.

Decrypt a message encrypted with a Pad

3. Paste the encrypted message in the lower box of the Main tab.

4. Click the Decrypt button if decrypting does not start automatically. A popup will ask for the starting position in the Pad.

5. Write a number within the range given in the dialog and click OK. The decrypted message will appear in the main box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=BEXYuaCxciM

Click here for More:

URSA messages encrypted this way can also be decrypted in PassLok.

Add a Lock or shared Key to the local directory

From the Main tab (this works only for Locks):

1. Paste the Lock into the Main box. If the item is identified as a Lock, a prompt will ask you to give it a name.

2. Write a name in the prompt box and click OK. You will see the name added to the selection box at the top of the Main tab.

From the directory Edit dialog:

1. Cick the Edit button next to the directory box.

2. Write a name for the Lock or shared Key (or whatever you want to save) in the top box of the dialog that appears.

Note, if text apears in the lower box after you finish entering the name in the top box, it means the name you entered is already in the local directory.

3. Paste the Lock or shared Key in the lower box, replacing whatever was there before. Usually PassLok will recognize a Lock and display a message saying so.

4. Click the Save button. A message confirms that the item has been saved under the name given.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA

Click here for More:

If the given name is already in the directory, the Lock or shared Key will be replaced rather than added. You can store a cover text or a List besides somebody's Lock or shared Key. In the case of a List, the given name will be displayed bracketed by double dashes. Items that are not Locks are stored encrypted. When you load PassLok from an email link, a popup may open asking you to accept saving the sender's Lock to your directory. You can change its name at this point.

(Chrome app only) If Chrome sync is checked in Options, the item will also be added to the Chrome sync area, so it is available on a different computer after you log into Chrome.

Retrieve a Lock or shared Key from the local directory

1. Click the Edit button next to the directory box.

2. Start writing the name of the item in the top box of the dialog that appears. As you type, the line above the box displays existing names that match what you have typed so far, and the item (decrypted, if it is a Lock) appears in the lower box.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA

Click here for More:

You can stop typing once you see the complete name for the item you're looking for. The process also works for Lists, and cover texts stored in the local directory. Search is case-insensitive, so if the item does not appear, this probably means that the name is wrong. If the item is a cover text, it loads automatically for use in Text hiding.

(Chrome app only) If you type "Enter" after a name that was not found on the local database and Chrome sync is checked in Options, PassLok will look for it in its Chrome sync area, which syncs across computers, and then adds it to the local directory.

Delete a stored item

1. Click the Edit button next to the directory box.

1. Start writing the name of the item in the top box of the dialog that appears. As you type, the line above the box displays existing names that match what you have typed so far, and the item (encrypted, unless it is a Lock) appears in the lower box.

2. Click the Delete button. A popup asks for confirmation before the item is deleted from the local directory.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA

Click here for More:

You can stop typing once you see the complete name for the item you are looking for. Search is case-insensitive, so if the item does not appear, that probably means the name is wrong.

(Chrome app only) If Chrome sync is checked in Options, the item will also be deleted from there, after a confirmation popup.

Make a video to authenticate your Lock

What should the video include:

Identify yourself (First and Last name, or other).
Write your Lock on a sign and display it, and read a portion of it out loud (say, the first 15 characters after the initial tag).
For regular Locks, make sure to distinguish capitals from smallcase letters. This is not necessary for ezLoks.
The video should be short, only a few seconds long.
Play a song in the background to ensure the video is not tampered with.

What to do with the video:

Upload the video to the Web.
Post the video URL in the General Directory on the line immediately below your Lock.
For more instructions on this, go to “How to add an authentication video” under the General Directory help.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=zkcqEz3UjnM

Click here for More:

It is highly recommended that you make a video whenever you change your secret Key, so that others can be assured that the matching Lock really belongs to you. When you post your Lock so that people can use it to encrypt messages for you, write the address of the video on the line immediately below the Lock, to facilitate the verifying process. Video URLs don't affect the function of Locks, so it is okay to handle the Lock and its video address as a unit. Obviously, you wouldn't do this for a shared Key, only for a Lock.

Your PassLok ezLok is also used in PassLok for Email, so one video will suffice for both programs. PassLok for Email displays your ezLok at the beginning of any item you encrypt.

Use the General Directory

The General Directory is a Web page that can store Locks and their authentication videos, as associated with email addresses.

To get to the General Directory: Click the Edit button next to the directory box, Then click the General Directory button.

If you are showing your Lock on the Main tab, it gets copied to the General Directory, ready for you to write your email address and click Post.
Once you have found a Lock on the general directory, it gets copied automatically to the lower box of the directory Edit dialog, so you only need to give it a name and click Save

The General Directory has its own Help page, which is structured like this one.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=QQQ2df2vPgs

Click here for More:

PassLok does not guarantee the authenticity of the Locks posted on its General Directory. Email confirmation is required to post or update Locks, but this is not completely secure. Since users are encouraged to add authenticating videos and the General Directory has a button to play them, you should watch the video attached to a Lock before you use it.

The General Directory is meant as a convenience, not as a replacement for your local directory. The General Directory is not available when you are offline (the local one is). You cannot post anything but Locks on the General Directory. Be aware that opening the General Directory involves contacting a server, which may lead to being tracked.

Add, remove, and backup users

To add a new user:

1. Reload PassLok. Then click the New User button next to the user selection box.

To backup and optionally remove an existing user (advanced):

1. While you are logged in with that user's Key, go to the Options tab and click the Backup/Remove Whole Directory button (visible in the Advanced interface).

2. Then a prompt asks you to confirm deleting the directory from the device. If you click OK, the entire local directory for that user is deleted, leaving no traces. If you click Cancel, the process ends and the directory contents are not deleted. In both cases the backup on the Main tab remains.

3. To retrieve a backed-up directory (has PL**dir tags), paste it into the Main tab, and click Decrypt if it does not decrypt automatically. The database will be decrypted and placed in the directory Edit dialog. Then you can add it to the device's current local directory by clicking Merge.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM

Click here for More:

You can maintain multiple identities, using different Keys. The backup process is useful whenever you stop using a device or just want to transfer your data to another device.

(Chrome app only) Even if the local directory is completely deleted, the items in your Chrome sync area remain available if you click Cancel when PassLok offers to remove them from sync as well. They will load back automatically, even on a different machine, if you set up a user with the same user name.

Access the advanced functions of PassLok

PassLok launches first in Basic mode, so you are able to encrypt and decrypt messages and perform the essential directory management functions. But PassLok has a lot more capabilities, which become available when you click the Advanced checkbox in the Options tab. To get back to Basic mode, click the Basic checkbox. PassLok will remember your choice of interface next time you open it.

Some advanced capabilities include:

Apply a seal to a text, and verify its authenticity.
Hide PassLok's random-looking output inside images or as apparently normal text.
Include an additional hidden message, whose presence cannot be detected.
Change the user name, the Key, or the email/token.
Backup or erase user settings, or even the entire local directory.

There is also Email mode, which displays only the functions that are available in PassLok for Email. In this mode, PassLok's output is nearly identical to that of PassLok for Email, so it can be decrypted in that program. The ouput of PassLok for Email can always be handled by the standalone PassLok, no matter which interface mode is selected in Options.

Finally, you can choose Compatible mode in Options, which will cause PassLok's output to be accepted by URSA and SeeOnce.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Ttyvb0Qt7h0

Are there any keyboard shortcuts?

The main functions in PassLok can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a complete list, just in case:

Alt-M: Main tab

Alt-H: Help tab

Alt-O: Options tab

Alt-0: Deselect all Locks

Alt-E: Edit the Lock directory

Alt-. (period): extra buttons open and close

Alt-D: encrypt or Decrypt

Alt-V: seal or Verify seal

Alt-L: display my Lock or send emaiL

Alt-R: toggle the Rich text editor

Alt-C: start or join Chat

Alt-B: use the Basic interface

Alt-A: use the Advanced interface

Alt-N: set aNonymous mode

Alt-S: set Signed mode

Alt-P: set PFS mode

Alt-1: set read-once mode

Alt-T: hide/unhide as Text

Alt-I: Image screen open and close

Alt-J: split or Join parts

Alt-; (semicolon): put cursor on main box

Alt-G: General Lock directory

Click here for More:

The list is made for access from Windows or Linux, so that each shortcut is of the form Alt-letter. If you are using a Mac, you should type ctrl-alt-letter instead. Shortcuts do not work on mobile devices.

Make a short encrypted message suitable for texting (advanced)

1. On the Options tab, check the Short button. Also make sure the appropriate encryption mode is selected with the radio buttons at the bottom of the Main tab.

2. If the recipient's Lock of shared Key has been previously stored in the local directory, simply select its name in the top box of the Main tab.

If not, click the Edit button next to the directory box and paste the Lock or shared Key in the lower box of the dialog that appears. Then click Done.

3. Write or paste your message into the lower box of the Main tab.

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=pD-uvyxKBgQ

Click here for More:

The encrypted message, which has no tags, will fit within one SMS message (160 characters). A message above the main box will tell you how much space is left, depending on the encryption mode selected. On a mobile device, the encrypted message will be selected and ready to be copied into the clipboard. You need to copy it manually before clicking the SMS button, which will open your texting app. Message length is limited to 94 ASCII characters when encrypting with a shared Key or in Signed mode, 62 in Anonymous mode, 35 in Read-once mode. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost.

Short-mode locked items are not compatible with PassLok for Email, but if a shared Key is used they can be decrypted in URSA.

Decrypt a short encrypted message (no tags) (advanced)

1. If the message was encrypted in Signed or Read-once mode, or with a shared Key, you will need to select the sender on the directory, or enter the appropriate Lock or shared Key in the directory Edit dialog, as described above.

2. Paste the encrypted message in the lower box of the Main tab.

3. If it does not decrypt automatically, click the Decrypt button. The decrypted message will appear in the box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=pD-uvyxKBgQ

Click here for More:

It is okay if the message is broken up by spaces, carriage returns, and special characters. When decrypting, there is no need to set the encryption mode at the bottom of the Main tab.

Seal a text with your secret Key so others know it comes from you (advanced)

1. Write or paste the text to be sealed in the lower box of the Main tab.

2. Click the Seal button. The text is replaced by a random-looking item, which is the sealed text. Copy it or email it from there.

You must be aware that a sealed item is NOT ENCRYPTED, and that anyone in the world can unseal it so long as he/she has your Lock, which is public.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Vh9wwFZiV4w

Click here for More:

It is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the sealed item with spaces, and punctuation other than line returns or = + or /. Sealed items can be unsealed only in PassLok.

Unseal a sealed text and verify its origin (tags are PL**sld) (advanced)

1. If the sealer's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab.

If not, click the Edit button next to the directory box, then paste the Lock in the lower box that appears and click Done.

2. Paste the sealed item in the lower box of the Main tab.

3. If the item doesn't unseal automatically, lick the Unseal button. If successful, the sealed item will be replaced by the unsealed text, and a message above the main box will say whether or not the seal has been verified for that sealer.

You must be aware that being able to unseal an item does not mean that others are not able to do it just as easily, because a sealed item is NOT ENCRYPTED. What unsealing does is verify that the item could only have been sealed by the selected person.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Vh9wwFZiV4w

Click here for More:

It is okay if the signer's Lock is missing its tags up to the "=" signs , or extra spaces, carriage returns, or special characters other than = + or / have been added. Unsealing requires a true Lock; shared Keys cannot be used for unsealing. Encrypting/decrypting with a shared Key partially verifies the identity of the sender, since shared Keys are not public.

Convert a PassLok item (Lock, message, etc.) into fake text (advanced)

1. Check that the item to be converted into fake text is on the Main tab. Then click the ▼ button, if needed, to show the Text hide button.

2. If you wish to use a cover text different from the default and you have stored it in the local directory, select it on the top box of the Main tab. Otherwise click the Edit button and enter the new cover text in the lower box of the dialog, then return to the Main tab.

3. Make sure the hiding mode you want is the one selected in the Options tab. There are four different modes: Letters, Words, Spaces, and Sentences. Letters (default) encodes the item as identical-looking non-ASCII characters in the cover text. Words replaces each character by two words. Spaces encodes the characters into the spaces between words. Sentences encodes characters as grammatically correct sentences.

4. If now you click the Text hide button, the PassLok item is converted into text, using words from the cover text. You may have to complete the last sentence manually.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_7Fju1EwhV4

Click here for More:

The recipient does not need to have the cover text in order to retrieve the original. The output of Spaces and Sentences encoding is roughly seven times longer than that of Letters or Words encoding. The most grammatically-correct output is that or Letters and Spaces (identical to the cover text), followed by Sentences; Words output doesn't make much grammatical sense. If the cover text is not long enough, it will be repeated several times. When you use Spaces or Letters encoding, you should be careful not to add or delete any spaces within the encoded text, but it is okay to add more text to complete the last sentence, which may contain additional spaces. Also be aware that some services replace the special characters in Letters-encoded items with something else, thus corrupting the items.

Text encoding is no substitute for real encryption, and so PassLok will refuse to convert into fake text anything that does not look like genuine PassLok output.

Cover texts do not have to be in English or even use Latin characters. Anything that can be written in UTF-16 encoded characters can be used (most languages, including Arabic and Chinese, will work fine).

You can store often-used cover texts in your local directory so they can be loaded easily from the Main tab. To do this, click the Edit button next to the directory box, then write a new name in the upper box of the dialog that appears, paste the cover text in the lower box, and click Save.

Retrieve the original PassLok item from fake text (advanced)

1. Put the fake text on the Main tab.

2. Click the ▼ button, if needed, followed by the Text hide button. PassLok will detect the type of encoding used and display the original item in the box, replacing the fake text.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_7Fju1EwhV4

Hide a PassLok item inside an image (advanced)

1. Make sure the item to be hidden is in the lower box of the Main tab.

2. Click the ▼ button, if needed, and then the Image hide button.

3. A new screen appears where you can load the image where the item is to be hidden. To do so, click the "Choose File" or "Browse" button (browsers vary on the name). A dialog will appear, where you can navigate to the image and open it. A message will tell you how much data you can hide in the image.

4. When you see the image, click the PNG hide or the JPG hide button, depending on the format of the image you want to produce. A message will say when processing is completed, although the image will not appear to have changed much.

5. Right-click or long-press on the image in order to save it or send it somewhere.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_iXIyH6AnMI

Click here for More:

JPG hide is not available on iOS, but it is on Android. Images only a few kB in size can hide PassLok items with hundreds of characters. Images taken with a mobile camera are usually too large for PassLok to be able to use them for hiding items, because of the large processing time required. Sometimes hiding into a JPG image fails without warning; to check that it succeeded, go back to the Main tab and then return to the image; if there is an error there will be a warning.

Retrieve the PassLok item hidden inside an image (advanced)

1. Navigate to the image hiding screen from the Main tab by clicking ▼, if needed, and then Image hide.

2. Click Choose File or Browse (browsers vary on this) and open the image containing the hidden item.

3. When the image displays on the screen, click the Reveal button. A message will say when processing is completed and the hidden item has been retrieved, or no hidden item has been found.

4. Click Back to see the item on the Main tab.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_iXIyH6AnMI

Click here for More:

This function is not available on iOS, but it is on Android. This is because iOS converts all images to JPG format, thus destroying any hidden information, as they are loaded.

Split an item into several random-looking parts (advanced)

1. Put the item in the lower box of the Main tab.

2. Click the ▼ button, if needed, and then click the Split button.

3. A popup asks for the total number of parts to be made, and the minimum number required to retrieve the original. Enter those numbers, which must be between 2 and 255, and click OK. The parts appear in the main box, replacing the original item, and a message confirms it. Copy the parts one by one and send or store them as needed.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=ZdVHaD-FpSk

Click here for More:

The parts are enclosed within tags of the PL**p^^^ form, where ^^^ is the minimum number of parts that are needed to reconstruct the original. It is okay to strip the tags of the resulting parts up to the "=" sign, but not recommended. It is also okay to split the parts with spaces and punctuation other than = + / or line returns. If you enter nothing in the second box, it is understood that all parts will be required to retrieve the original. Split items can only be joined in PassLok.

Join parts to retrieve the original item (tags are PL**p^^^) (advanced)

1. Paste a sufficient number of parts on separate lines of the lower box in the Main tab. Make sure that each part is unique.

2. Click the ▼ button, if needed, and then the Join button. If all goes well, the reconstructed item appears in the box.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=ZdVHaD-FpSk

Click here for More:

You need as many parts as the second number entered when the item was split, which is written at the end of each PL**p^^^ tag. Having more parts than the minimum is okay, so long as they belong to the same set and are not corrupt. They don't need to be placed in any particular order. If nothing happens, likely causes include: insufficient number of parts, incomplete or corrupt parts, parts belonging to different sets.

Encrypt a second, undetectable message in addition to the main message (Decoy mode) (advanced)

1. On the Options tab, check the Decoy checkbox.

2. Follow the above instructions for any kind of regular encryption (not Short). A popup will ask for a hidden message and a Decoy Key/Lock to encrypt it.

3. Input the hidden message into the top box and the Decoy shared Key or Lock (either kind will work) in the bottom box. Then click OK.

The encrypted message containing both the main text and the hidden text will appear in the main box, replacing the original text. Copy it and paste it into your communications program.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4WrYEdRp2Q4

Click here for More:

It is impossible to tell whether or not a encrypted item contains a hidden message. The length of the hidden message is limited to 59 ASCII characters, sufficient to include a Lock without its tags. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. If a shared Key is used for the second message, the same shared Key is needed to retrieve it; if a Lock was used, its matching Key will be needed.

Decoy messages added in PassLok can only be revealed in PassLok, even if the main message can be decrypted in another app such as PassLok for Email or URSA.

Reveal the hidden text contained within a message encrypted in Decoy mode (advanced)

1. On the Options tab, check the Decoy checkbox.

2. Follow the instructions for any of the regular decrypting modes. A popup will ask for a Decoy Key.

3. Input the Decoy Key. If it is a shared Key, leave the Shared box checked; if it is a secret Key matching the Lock that was used to encrypt the hidden message, uncheck the Shared box.

4. Then click OK. The hidden message, if it exists, will appear above the main box.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4WrYEdRp2Q4

Click here for More:

Since it is impossible to detect the presence of a hidden message, it is necessary to click the Decoy checkbox in order to check for it. Likewise, there is no way to tell whether the sender used a Key or a Lock for encrypting the hidden message, so the recipient must tell PassLok by checking or unchecking the Shared box.

Change your secret Key (advanced)

1. Click the Change Key button on the Options tab. A new dialog will pop up asking you to enter the new Key twice.

2. Write the new Key in the two boxes in this dialog, and then click OK. A message will announce that the Key has changed.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LubzBF4Xaa8

Click here for More:

The items in the local directory are encrypted with your Key; this operation re-encrypts them with the new Key. Your Key is not stored anywhere, not even encrypted, but PassLok is still able to check whether the Key entered is the one in use.

Display the entire local directory (advanced)

1. Click the Edit button next to the Lock selection box.

2. Click the All button below the lower box of dialog. The complete local directory, including encrypted Read-once data, is displayed in the box so you can find items and copy them easily.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM

Click here for More:

The format for each item is the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has Read-once data, those follow the item data, occupying consecutive lines. Item 'myself' is special, and contains the Lock matching your secret Key and a collection of settings.

Merge additional data into the local directory (advanced)

1. Click the Edit button next to the Lock selection box.

2. Paste the additional data into the lower box of the dialog.

3. Click the Merge button. The new data is merged into the local directory.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM

Click here for More:

The format for the additional data must be the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has Read-once data, those follow the item data, occupying consecutive lines. If the additional data contains names that were already in use in the directory, the new data replaces the original data. Items are added in encrypted form but are not checked as they are added, so it is possible that different items may need different Keys to be decrypted, if you changed your secret Key in the past. (Chrome app only) If Chrome sync is checked in Options, the additional data will also be added to that area so it is accessible from other computers.

Use the List button (advanced)

You can always make a List of Locks and shared Keys, in order to encrypt a message for multiple recipients, by writing the Locks or shared Keys in separate lines of the lower box in the directory edit dialog. Lists can be given names to save them in the local directory. Saved Lists appear highlighted in the top box of the Main tab. The List button, which appears after clicking the Edit button next to the Lock selection box, facilitates making Lists this way:

1. If you put several items on separate lines in the lower box of the directory Edit dialog and click the List button, PassLok will remember them during the current session.

2. To add one or several items to the List in memory, put them in the box and click List again. Duplicates are removed in the process.

3. If you click List with the box empty, the current List in memory is displayed.

4. If you click the Reset button while a List is displayed in the bottom box, the List in memory is deleted.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=m4Ki9DHTVow

Click here for More:

If you want to store a List permanently, you must first write a name for it in the top box, then write the items in the lower box or display the List in memory by clicking the List button, and then click Save. Lists can contain Locks, shared Keys, or names of items in the local directory, but not names of other Lists.

Make a random Key (advanced)

PassLok has a built-in way to make a 42-character random Key:

1. Click the Edit button next to the directory box.

2. On the dialog that appears, click Save with the lower box empty.

2. If you actually want to save the random Key, write a name for it in the top box before clicking Save.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=3OUpuk3-tRo

Combine a Key and a Lock (advanced)

This operation, which goes by the technical name of "Diffie-Hellman key exchange," is at the core of many PassLok functions. Should you ever want to compute the result manually, here is how to do it:

1. Write or paste the Key or the Lock on the Main tab.

2. Click the Edit button next to the directory box, and write or paste the other item in the lower box of the dialog that appears. If the item is in PassLok's local directory, you can bring it out by starting to type its name in the top box.

3. Click the Merge button. The Key and the Lock will merge and the 43-character result, which is itself a valid Lock, is placed in both the Main and Directory tabs.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=0EImhN35Tbs

Click here for More:

If both items or neither of them is a valid Lock, the merging process fails and a message is displayed. The result of combining your secret Key and someone's Lock is itself a Lock, and the same as that of combining your Lock and that person's secret Key. You can combine a set of Keys into one by first making the Lock of one of them, and then combining the other Keys, one after the other, as described above. The order of entering the Keys does not matter.

Ask the participants in a Chat session to authenticate themselves (advanced)

1. Inside the chat session, type a bunch of garbage. You should expect the garbage back as a sealed item from each participant who has not yet done so.

2. When a sealed item is posted in the chat session, copy it and go back to the Main tab of PassLok, then paste it there.

3. In the local directory, select the Lock belonging to the person who posted the signature, and click the Unseal button.

4. The original garbage string should be recovered, plus a message indicating that the sealer has been verified. If the seal is verified, this means that the one who posted it is indeed who he/she claims to be.

This is all explained in this video: https://www.youtube.com/watch?v=NlEJJpF-Wmo

Click here for More:

This process assumes that the Locks in your local directory have been authenticated, perhaps by following the process explained elsewhere in the help area. When asking others to authenticate themselves, it is important to ensure that the text they are asked to seal could not have been predicted ahead of time.

If there is no Lock for a participant, but rather a shared Key, he/she should instead encrypt the garbage text with that shared Key and post the result. Authentication will be complete once the encrypted text can be decrypted with the shared Key and the result matches the original.

Respond to a request for authentication posted in a Chat session (advanced)

1. If you see a piece of garbage text posted by someone (especially if you have just joined), that means that anyone who has not yet authenticated him/herself is asked to do so. Copy the garbage text and go back to the Main tab of PassLok, then paste it there.

2. Click the Seal button. The text will be sealed.

3. Copy the whole thing and go back to the chat session by clicking the Back to Chat button, then paste it into the chat box and submit it.

This is all explained in this video: https://www.youtube.com/watch?v=NlEJJpF-Wmo

Click here for More:

If your chat invitation was encrypted with a shared Key rather than a Lock, you should instead encrypt the garbage text with that shared Key and post the result; authentication will be complete once the encrypted text can be decrypted with the shared Keyl.

Authenticate a Lock without using videos (advanced)

The easy way: call the Lock's owner and ask him/her to read a substantial portion of the Lock over the phone. But if you are communicating exclusively by email you can send a person whom you know and who knows you the following message, or something like it:

Dear So-and-So:
I just obtained your PassLok Lock from (cite source), but I still wonder if it is authentic since I am unable to view the authenticating video. Therefore, I ask you to help me authenticate it through the interlock protocol. Here's what I want you to do:

Write a message asking me to take a picture or video of myself doing something of your choice. Encrypt the message with my Lock, which is appended to this message, and copy it to a safe place. Then split it in two and send me the first half only.
When I receive your first half, I will also write a message asking you to do something in a picture or short video. I'll encrypt that message with your Lock, and I'll send you half of the encrypted message first. When you get it, go ahead and send me the other half of your encrypted message.
When I get your second half, I'll put the two halves together and decrypt your message. Then, following your instructions I'll send you the picture or video right away, decrypted, along with the second half of my encrypted request.
When you get it, please verify that what I sent conforms to your instructions. If so, put together the two halves of my encrypted message to you, decrypt it, and send me what I ask in the message as soon as possible, decrypted as well. Then I'll know that your Lock is authentic.

Many thanks. Sincerely, This-and-That

Click here for More:

Alternatively, you can ask the other person to use PassLok's built-in Split/Join function, explained in another help item, rather than simply cutting messages in two. The pictures or videos (or recordings) don't need to be encrypted. Only the instructions for making them need to be encrypted and transmitted with this two-step process. There is an article in the PassLok manual that explains how this protocol works for authenticating Locks.

Check the authenticity of the code

If you got PassLok from an app store, that app store is ensuring that the code you have is what the author gave to them. The following is to check the integrity of the web app version of PassLok running in a browser:

1. Direct your browser to "view source." If your browser has a command to save the source (Chrome, Firefox, and Safari do), go ahead and save it to file. Alternatively, you can go to Online-convert (http://hash.online-convert.com/sha256-generator) and type the URL of your version of PassLok there, then skip step 2.

2. Now you have to take the SHA256 checksum of the code (or the MD5 or SHA1 checksums) using a program different from PassLok. You have several options:

Use a local program or online utility to take the checksum of the source saved to a file.
Use an online utility where you paste the text on a box and click a button. You must make sure that pasting does not add extra space at the top or the bottom of the file, which would affect the result.

3. Look up the checksum for this version of PassLok, which is published on the PassLok information website at passlok.weebly.com and a number of other places. If this value and the one obtained above are not the same, the program has been tampered with. Here are some places where this information is published:

PassLok information page: http://passlok.weebly.com/get-passlok.html
PR Gomez.com (author's blog): http://prgomez.com/passlokcurrent/
Chrome app description: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh
Android app description: https://play.google.com/store/apps/details?id=com.fruiz500.passlok

4. Now, a hacker who could alter the source code at the server might also be able to change the published checksums so they match the tampered code. To make sure that the value is authentic you should watch the one-minute video where the author or PassLok, Francisco Ruiz, reads the SHA256 checksum aloud. A link to the video usually accompanies the published SHA256 value.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=NrAfSo2xjnY

Click here for More:

Typically, you load the source on a separate tab by typing CTRL-U (Windows) or option-cmd-u (OSX). Another way to save the source is to copy it by first selecting the the whole source code (CTRL-A or cmd-a), then copy to clipboard (CTRL-C or cmd-c), and then paste it into a text editor (CTRL-V or cmd-v), and save it from there. DO NOT save the code using the "save" command when the working PassLok page is displayed, since then the browser would modify the source code before saving it. The correct encoding is UTF-8, no BOM (notes: Windows Notepad is unable to save text in the correct format. Cut and paste from Chrome introduces artifacts for big items like the source code).

SHA256 is built into the OS in Linux and OSX, not so in Windows, but there are free programs available, such as Checksum Utility and Bitser. There are also online utilities where you can upload a file and get the hash. Online-convert (http://hash.online-convert.com/sha256-generator), fileformat.info (http://www.fileformat.info/tool/hash.htm) and freeformatter.com (http://www.freeformatter.com/sha256-generator.html) have worked well in our tests.

If you want a clipboard-based SHA256 utility, the one at Xorbin (http://www.xorbin.com/tools/sha256-hash-calculator) has worked quite well in our tests. Don't copy and paste from Chrome, since this introduces artifacts.

I have an item that was encrypted/sealed with a previous version of PassLok, and the current version cannot handle it

We do not recommend using old versions for new work. Newer versions have enhanced security and are more user-friendly. But sometimes you may need to handle an item that is incompatible with the current version. Here is a pretty complete list of old PassLok versions, with links to them.

The current version of PassLok can be obtained from the following servers (as always, be aware that following any link may reveal your location):

source server: https://passlok.com/app

information page: http://passlok.weebly.com

GitHub page: https://github.com/fruiz500/passlok

Chrome app: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh

Android app: https://play.google.com/store/apps/details?id=com.fruiz500.passlok

mirrors:

https://www.autistici.org/passlok (non-US, self-certified)

https://passlok.site44.com

https://fruiz500.github.io/passlok

SHA256 for this version and video of the author reading it at:

http://passlok.weebly.com/get-passlok.html

Previous versions (SHA256 for each):

2.2.8 (1580-d524-c402-53bc-c973-6305-bee8-64ec-0853-2623-d9d3-a21e-1400-4a38-4b19-b07e)

PassLok.com

Autistici

Site44

Author reading the SHA256

2.1.03 (fdc9-8bae-45c0-902f-bf6d-da01-ae7e-704c-8e32-4679-e691-a20d-4aee-2254-63af-b8d6)

PassLok.com

Autistici

Site44

Author reading the SHA256

2.0.03 (627e-45e4-0160-c885-b668-896a-7f79-766e-b93c-c6e3-0094-a28f-4380-b060-7830-48d0)

PassLok.com

Autistici

Site44

Author reading the SHA256

1.7.08 (87a4-fee6-8916-99fb-c59b-9d73-32dd-3023-5af0-3e69-18e0-caa3-d9e7-8a53-2385-957c)

PassLok.com

Autistici

Site44

Author reading the SHA256

1.6.02 (2c64-63d5-5d68-c7b2-9350-68cc-8bef-1a75-ddc1-1fa0-cd04-4428-f3ef-c079-e14f-4133)

PassLok.com

Autistici

Site44

Author reading the SHA256

1.5.03 (0061-4b79-8ba1-8fee-34c5-e243-96e9-4c7c-a0ea-cfc5-82c1-a44d-4cbb-06c4-ca00-985c)

PassLok.com

Autistici

Site44

Author reading the SHA256

The following (except 1.0) were edited so the archived help file works, changing the SHA256 from the original value (therefore no video)

1.4.03 (f1cc-8931-1d31-4d65-4dfe-fb0d-5368-f854-3766-b240-f131-c93f-a0e9-8d14-752e-018e)

PassLok.com

Autistici

Site44

1.3.03 (7c6f-3d59-1059-e712-15ea-8dcf-dcde-861a-7359-6508-3b29-5720-41c9-8271-cb69-f01a)

PassLok.com

Autistici

Site44

1.2 (c17b-c529-8757-578a-6bc2-bdc4-122e-c607-8c16-19ef-b9ee-8d4d-75aa-cf0a-b703-e0ec)

PassLok.com

Autistici

Site44

1.1 (8e5c-9714-eec3-cc65-aa8f-640d-d434-2747-aa24-624c-74c5-65ea-4077-0f0f-3b22-cc30)

PassLok.com

Autistici

Site44

1.0 (a907-25eb-50e3-e4a6-5f4b-27c1-684e-f590-6094-6fae-52f3-c7ca-47b1-732c-9eab-3e9b)

PassLok.com

Autistici

Site44

None of the help items answers my question / I want to give feedback

Then you can send us an email at passlokprivacy@gmail.com (the link will open your email client). We'll do our best to reply in a timely fashion. If you are a GitHub user, you can also go to our page on GitHub and post issues or submit improvements there.

Good constructive feedback is hard to get, so let us thank you right now, before we read your email.

Privacy Statement and Warrant Canary

PassLok is a self-contained piece of code that neither relies on servers nor requires the storage of secret information to do its job. Therefore:

1. We cannot give your secret Key to anyone (not even yourself) because we don't have it. Your Key is never stored or transmitted, and by default gets deleted from memory after five minutes of not being used.

2. We cannot give your private data to anyone because PassLok does not send anything out of your device. When you download the app from its server, you get only the code, without any cookies, plugins, or anything of that sort. We do store Locks that have been posted on our General Directory by their owners, but those are public by nature.

3. We cannot eavesdrop on your chat sessions, or enable anyone to do so. Establishing a chat session does involve contacting a signaling server (Firebase) and giving it your IP address and a disposable chatroom name so that others can contact you; the signaling server never sees the content of your chat, which is between participants only. The PassLok server doesn't even see the connection data.

4. We will never weaken the cryptography methods contained within PassLok at the request of a third party, private or public. This also means no backdoors will ever be added. We would rather shut down PassLok than be forced to do this, which would betray the very essence of our efforts. If we learn that counterfeit versions of PassLok are circulating, whether placed by hackers or government agencies, we will make the fact known to users.

Notice: Since PassLok is distributed as a piece of human-readable code, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of PassLok, whether by individuals or public entities, violates free speech and copyright protection laws.

PassLok contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using PassLok.

This paragraph and the canary logo above attest to the fact that we have never complied to any requests under gag order for user data or modifications of the code. They will be absent once we are forced to do so.

engine: NaCl by D. Bernstein, W. Janssen, T. Lange, P. Schwabe, M. Dempsky, and A. Moon 2013
tweetNaCl JavaScript implementation by D. Chestnykh and D. Mandiri 2015
general directory by W. Huang 2014
Shamir secret sharing by A. Stetsyuk 2013
png image hiding: steganography.js by Peter Eigenschink 2014
jpeg image hiding: js-steg by Owen Campbell-Moore et al. 2014
FastClick by FT Labs 2014
file In/Out based on an article from the This Could Be Better blog 2012
scrypt key stretching implementation and edcurve-js by D. Chestnykh 2014
lz-string compression by pieroxy 2014
webRTC chat by Muaz Khan 2015
Letters encoding based on Advanced Unicode Stego by Adrian Crenshaw 2013
color picker: jscolor by Jan Odvarko, 2014
testing, help items, interface ideas by the IIT student team 2014-15

This document may be used, modified or redistributed under GNU GPL license, version 3.0 or higher.

What is PassLok?

Invite others to PassLok

Learn how to use PassLok

Change PassLok's look

How to make a strong Key

Get a hint to remember my Key

Use a different Key temporarily

Make PassLok even more secure

Display the Lock matching your secret Key

Encrypt a message with a Lock, to be decrypted with the matching Key (Anonymous mode)

Decrypt an Anonymous encrypted message (tags are PL**msa)

Encrypt a message with a Lock, to be decrypted with the matching Key, and sign it with your secret Key (Signed mode)

Decrypt a Signed message (tags are PL**mss)

Encrypt a message so that nobody can read it after the exchange is over (Read-once mode)

Decrypt a message that was encrypted in Read-once mode (tags are PL**mso)

Reset a Read-once conversation

Send a PassLok item (Lock, encrypted message, etc.) by email

Send a PassLok item by Text messaging (mobile only)

Load files to be encrypted, sealed, or split (non-mobile)

Retrieve a file that has just been decrypted, unsealed, of joined (non-mobile)

File output

Make an invitation to join a real-time multi-party chat session

Use an invitation to join a real-time chat session (tags are PL**chat)

Encrypt a message with a shared Key, to be decrypted with the same Key

Decrypt a message encrypted with a shared Key

Encrypt a message with a Pad, to be decrypted with the same Pad

Decrypt a message encrypted with a Pad

Add a Lock or shared Key to the local directory

Retrieve a Lock or shared Key from the local directory

Delete a stored item

Make a video to authenticate your Lock

Use the General Directory

Add, remove, and backup users

Access the advanced functions of PassLok

Are there any keyboard shortcuts?

Make a short encrypted message suitable for texting (advanced)

Decrypt a short encrypted message (no tags) (advanced)

Seal a text with your secret Key so others know it comes from you (advanced)

Unseal a sealed text and verify its origin (tags are PL**sld) (advanced)

Convert a PassLok item (Lock, message, etc.) into fake text (advanced)

Retrieve the original PassLok item from fake text (advanced)

Hide a PassLok item inside an image (advanced)

Retrieve the PassLok item hidden inside an image (advanced)

Split an item into several random-looking parts (advanced)

Join parts to retrieve the original item (tags are PL**p^^^) (advanced)

Encrypt a second, undetectable message in addition to the main message (Decoy mode) (advanced)

Reveal the hidden text contained within a message encrypted in Decoy mode (advanced)

Change your secret Key (advanced)

Display the entire local directory (advanced)

Merge additional data into the local directory (advanced)

Use the List button (advanced)

Make a random Key (advanced)

Combine a Key and a Lock (advanced)

Ask the participants in a Chat session to authenticate themselves (advanced)

Respond to a request for authentication posted in a Chat session (advanced)

Authenticate a Lock without using videos (advanced)

Check the authenticity of the code

I have an item that was encrypted/sealed with a previous version of PassLok, and the current version cannot handle it

None of the help items answers my question / I want to give feedback

Privacy Statement and Warrant Canary

Welcome to PassLok