Welcome to PassLok







 Anonymous     Signed      Read-once



  Interface:       Basic     Advanced     Email
  Color scheme:       Light     Dark

     Red     Green     Blue     Custom

Click to edit color:  

     Tabs     Backg.     Btns.     Box

  Other:       Learn     Hidden message

     ezLok     Word Lock     base64

     File output     Binary     Text

     Normal     Short     Compatible

    Chrome sync

  Text Hiding:     Letters     Invisible

     Words     Spaces     Sentences

  Change Name, Key, etc.

 

  Backup/Remove:

 


For instructions on how to do things, click on each title.






For instructions on how to do things, click on each title below. Click again to hide.

To get instructions as you click buttons in PassLok, check Learn on the Options tab.


What is PassLok?

Before you do anything else, you may want to watch this three-minute video, which explains the essential concepts in a lighthearted way (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=UxgrES_CGcg

This approach has a number of advantages over other privacy apps that you may be familiar with:

PassLok is still in experimental phase since there has not been enough time for security experts to uncover possible flaws. Bear this in mind before entrusting critical secrets to it.

If you find PassLok too difficult, you may want to try SeeOnce instead, from https://passlok.com/seeonce. SeeOnce implements the Read-once mode of PassLok plus one type of text hiding, but you never have to worry about maintaining a directory of Locks. Even easier is URSA, available at https://passlok.com/ursa, which includes only the shared Key mode of PassLok. Finally, there's PassLok for Email, an extension for Chrome and Firefox that integrates with popular email services (currently Gmail, Yahoo, and Outlook), and PassLok Universal, very similar to PassLok for Email, but not restricted to any email service; these are its links for Chrome and Firefox. All of these apps are fully compatible with PassLok, although they may not be compatible with each other.

And if you don't, you may want to try the PassLok Privacy extension for Chrome and Firefox, which is almost identical to this standalone app, except that it syncs seamlessly between computers and is impervious to other extensions that might be running on the browser. Finally, the whole PassLok Privacy is part of the FusionKey extension for Chrome and Firefox, which integrates with any email service (not just the Big Three) and also includes the SynthPass password manager.


Invite others to PassLok

Before you can communicate with others using PassLok, they must have obtained the app, come up with a secret Key (which they won't tell you), generated a Lock from it, and sent it back to you.

You can tell others about PassLok any way you want, but PassLok can help you to start your network with a single keystroke, this way:

1. Type a message in the main box. Don't write anything sensitive, since invitation messages are not secure.

2. Click the Invite button.

3. After confirmation, a new page should open in your default email, containing a link to PassLok that includes your personal Lock plus your encrypted message and a short set of instructions. Edit it as needed, then write the recipients' email addresses and send it.

This is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=0wTJWyd9s64

Click here for More:

The invitation link loads the web version of PassLok, but pasting it into any other version of PassLok, or opening the email in PassLok for Email, PassLok Universal, FusionKey, or SeeOnce works just as well. Invitations made in those apps can also be opened in PassLok Privacy.

People who did not get your email will still be able to obtain your Lock if you post it in the General Directory. To do this, click the myLock button if your Lock is not already displayed, then the small Edit button near the top, and then the large General Directory button (you may need to do this twice). A new page will open where you only need to supply your email address, click Post, and reply to a confirmation email.

Those who get PassLok from your email invitation will have your Lock automatically stored in their directories, so they can encrypt items for you right away.


Learn how to use PassLok

If you check the Learn box in the Options tab, a text explaining what is about to happen will pop up every time a button is clicked.

And here are a few more resources you may want to check out:

The Learn PassLok website at https://passlok.com/learn contains a working copy of PassLok and a number of lessons on the different things you can do with it.

The PassLok information website at http://passlok.weebly.com contains a number of videos and PDF documents.

The PassLok manual in PDF format.

If you want to learn what's under the hood, read the PassLok technical document.


Change PassLok's look

PassLok opens with the default Light colors. You can also select the Dark, Red, Green, and Blue schemes on the Options tab, or even make your own custom scheme, this way:

1. Click Custom on Options.

2. Select the color you wish to modify: Tabs, Background, Buttons, or Boxes.

3. Click the colored box, which will open a selector. Hue and saturation are set on the main area, brightness on the sidebar.

4. Repeat steps 2 and 3 for each color type.

PassLok will pick random colors if you click the Random button. You can then edit them using the selector.


How to make a strong Key

You should be able to remember your secret Key without having to write it down. PassLok does not store the Key anywhere. In fact, it deletes it from memory after five minutes of not being used.

As you type your Key, PassLok displays a color-coded message telling you how strong it is. If you stop typing for a second, a mnemonic "Hashili" word based on your Key is displayed right under the strength score, to reassure you that you have typed the Key correctly, even if you cannot see it. Clicking the eye icon reveals the entire Key.

Your Key will be stronger if it contains caPiTals in unusual places, numb3rs, and $ymbol$. If you use common words, miespell them to make harder a "dictionary attack." Break the words up with num334bers and sy#$%mbols. Avoid anything that might be easy to guess. PassLok knows frequently used words, but hackers' dictionaries are bigger. Do not use grammatically correct sentences, even if PassLok gives a big score.

PassLok compensates for weak Keys by adding spurious computations and may even appear to have crashed. If PassLok is slow, this may be because your Key strength is less than Medium.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=JbNM_cf8My0

Click here for More:

If you plan to use PassLok only with shared Keys, you do not need a secret Key at all. Simply Cancel when you are asked for your Key when PassLok starts, and write or paste the encryption Key into the lower box that appears when you you click the Edit button located next to the directory.

If instead of a short shared Key you paste in a piece or text at least five times as long as the message to be encrypted, PassLok uses it in Pad mode, which theoretically is much more secure than the regular mode (more on this in a help item below).


Get a hint to remember my Key

If you are reading this, likely you have gained Guest access to PassLok by clicking Cancel at the Key entry screen. The good news is that you can still encrypt messages if you know the recipient's Lock or shared Key, verify signatures, and use the Locks stored in your local directory as well as all the auxiliary functions of PassLok. You can even seal items and display the matching Lock if you enter a Key when PassLok asks for it.

The bad news is that you cannot change anything stored in the local directory, and your use of it is limited to Locks. You cannot do anything that would involve your secret Key, such as decrypting messages encrypted with your Lock, or continuing a Read-once conversation in course.

Well, we've got even worse news for you: we cannot help you to recover your secret Key, because PassLok never stored it or sent it out. There are no saved hints, either. If you forgot your Key, it's gone, along with all encrypted items in the local directory.

But chances are you almost remember it, and are off by a few characters only. If you click the eye icon, a mnemonic "Hashili" word derived from it appears right above it. Perhaps you can recognize the correct Hashili word when you see it, which will help you to reconstruct your Key. For your security, the Hashili word alone is not enough to reconstruct the Key.

Click here for More:

Hopefully Guest mode will let you get by until you remember your secret Key. But if you want to get full access to PassLok with a new Key, here are the steps:

1. Go to the Options tab.

2. Click the Backup/Remove Options only box. When a popup asks for confirmation to delete your settings, click OK.

3. Reload PassLok.

4. The user selection screen will appear, and this time PassLok will accept whatever new Key and email or suchlike you want to give it for the user in question. Now you're back in business and can use PassLok with the new Key to seal, decrypt, store items in the local directory, etc.

At this point, the only directory entry that will work fully is "myself". You can reset or delete the entries that don't work one by one, by typing each name in the directory Edit dialog and clicking Reset (leave essential data intact) or Delete (take out everything) when the name is recognized, or all at once by following the process described in a help item below, about "moving the entire local directory."


Use a different Key temporarily

For a given user name, there is only one "secret Key" that unlocks all the capabilities of PassLok, but if you are willing to accept a limited access to its functions, you can use a different Key for the session, or whenever PassLok asks you for the Key. This way:

1. Select the user and enter the new Key in the box (optional).

2. Click the Cancel button.

3. If asked for your email etc., enter it and click OK. (the Random button will write a new random value, different from the original random token, if any, so beware)

Click here for More:

You can do pretty much everything, except things that would have involved the secret Key. You cannot modify anything in the local directory. When you reload PassLok and enter the correct Key, a warning will tell you that last session was run in Guest mode. If you don't select a user from the list, you won't have access to any stored Locks.


Make PassLok even more secure

When you first opened PassLok, you were asked to optionally enter your email or similar public, easy to recall personal information. But if instead of entering your email you click the Random button next to the input box, an 43-character random token is used. This makes your Lock much harder to crack, but it becomes tied to the device where it was created (except for the Chrome and Firefox extensions, which can sync it across devices).

To back up your random token to a safe place in case of accidental deletion or to be able to use a different device:

1. Click the Backup/Remove Options only button on the Options tab (visible in the Advanced interface). A backup item bracketed by "PL**bak" tags appears on the main box, from where you can save it to file, copy it, email it, etc.

2. Then a dialog asks you if you want to reset your settings. If you click OK, PassLok will restart as if it had never started before, except that the local directory remains intact.

To restore the random token from a backup item, paste the packup into the main box and click Decrypt.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4DjhIjU_nuM

Click here for More:

The reason for the email or other additional data is to combat the "rainbow table" attack, where hackers pre-compute Locks made from the words in a dictionary. This data is encrypted and stored along with other settings, so you won't need to enter it again. The Lock depends both on the Key and the email or random token; this adds extra security, but it also means that if the random token gets erased you will not be able to decrypt anything that was encrypted with your Lock. The backup item contains your settings, including the random token, double-encrypted by your secret Key. One reason to delete your settings while leaving the local directory intact is to be able to change the random token to a new value. You can also proceed without entering any email or token.

If you plan to use both PassLok and PassLok for Email or PassLok Universal, it is best if you write your real email in this box, for in this case your PassLok Lock will be identical to the one used in those apps and you'll be able to use their main features interchangeably. This precaution is not necessary if you only use one of the versions.


Display the Lock matching your secret Key

Click the myLock button on the Main tab. The Lock matching that Key will appear in the lower box, from where you can copy it or email it.

If then you click the Edit button next to the local directory box, and after that click the button labeled General Directory, PassLok's General Directory website will open, with its lower box filled with the Lock you just made. To post your ezLok or base64 Lock so others can find it, just write your email in the upper box and click the Post button.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=L00yybDzN6k

Click here for More:

By default, PassLok displays the Lock in ezLok format, consisting of 50 lowercase letters (except L) and numbers, so you can easily dictate it if necessary. On the Options tab, you can change this to Word format, consisting of 20 common words, or to base64 format like all other PassLok items, consisting of 43 numbers, letters (capital and smallcase) and special characters / or +. The General Directory can take items only in ezLok and base64 formats. PassLok for Email, PassLok Universal, and FusionKey are compatible with all Lock formats, but SeeOnce is compatible only with ezLoks. If you wrote your real email when asked about it in the initial wizard, rather than something else, then your Lock is the same as that used in those apps, and the encrypted items made by any flavor of PassLok can be decrypted in the other apps. This precaution is not necessary for SeeOnce.

If you need to make a Lock for a different Key (for instance, in order to receive hidden messages), it is best if you start PassLok in Guest mode by clicking Cancel when you are first asked for your Key, which will make PassLok accept a different Key. Then click myLock and supply the new Key and your email, if requested (if you use a random token you will need to copy it before, by clicking Change Email in Options).


Encrypt a message with a Lock, to be decrypted with the matching Key (Anonymous mode)

1. Make sure Anonymous mode is selected at the bottom of the Main tab. This is the default.

2. If the recipients' Locks have been previously stored in the directory, simply select their names in the top box of the Main tab.

3. Write or paste your message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button (non-mobile).

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program or click Email to open your default email.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=nBA5JNY4gmQ

Click here for More:

This mode is called Anonymous not because it provides any protection against tracking over a network, but because the identity of the sender cannot be deduced from the encrypted message. This message can be decrypted only by someone having the Key matching one of the Locks selected. Alternatively, you can write the Locks' names, one per line, in the dialog that appears whn you click the Edit button. Or you can select a List, as described in an item below, in order to encrypt for all the recipients in the List. It is okay if the tags up to the "==" signs on the Lock are missing, or carriage returns have been added (such as for a video URL).


Decrypt an Anonymous encrypted message (tags are PL**msa)

1. Paste the encrypted message in the lower box of the Main tab.

2. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will appear in the box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=nBA5JNY4gmQ

Click here for More:

It is okay if the message is broken up by carriage returns or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

Even though this encryption mode is not available in Email mode, Anonymous messages will decrypt fine even if Email mode is set.


Encrypt a message with a Lock, to be decrypted with the matching Key, and sign it with your secret Key (Signed mode)

1. Make sure Signed mode is selected at the bottom of the Main tab.

2. If the recipients' Locks have been previously stored in the directory, simply select their names in the top box of the Main tab.

3. Write or paste your message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button (non-mobile).

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program or click Email to open your default email.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=R9UanENF3ro

Click here for More:

This mode is called Signed not because a digital signature is involved, but because the message can be decrypted only by someone having the Key matching one of the Locks selected, and your Lock. This way, the recipient can be sure of who encrypted the message. Alternatively, you can also write the names, one per line, in the dialog that appears when you click the Edit button. You can also encrypt for all the recipients in a List by selecting a List name. It is okay to strip the tags up to the "==" signs, but not recommended. It is also okay to split the encrypted message with line returns. This message can be decrypted only by someone having the Key matching the Lock used to encrypt it. Additionally, they must have your Lock in order to verify that it comes from you.

Messages encrypted in this mode can be decrypted by PassLok for Email and PassLok Universal, if the Email mode checkbox is checked in Options before the message is encrypted.


Decrypt a Signed message (tags are PL**mss)

1. If the sender's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab.

2. Paste the encrypted message in the lower box of the Main tab.

3. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will replace the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=R9UanENF3ro

Click here for More:

It is okay if the message is broken up by carriage returns or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

A message encrypted by PassLok for Email or PassLok Universal in normal mode will be decrypted by PassLok in Signed mode. Just paste it in and supply a name for the included ezLok, if requested.


Encrypt a message so that nobody can read it after the exchange is over (Read-once mode)

1. Make sure Read-once mode is selected at the bottom of the Main tab.

2. Select the recipients' Locks in the top box of the Main tab. This mode requires the recipients' Locks to be previously stored in the local directory.

3. Write or paste your message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button (non-mobile).

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program or click Email to open your default email.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY

Click here for More:

This message can be decrypted only by someone having the Key matching one of the Locks selected, and your Lock, and then typically only once. In order to restart a Read-once conversation that has gone out of sync, clear the old data for that recipient by clicking the Reset button in the directory Edit dialog after the recipient's name is displayed above the box (you may have to type the name in the box for this to happen), then encrypt the message normally. The first message after a reset does not have forward secrecy, so be careful with this one. To encrypt for all recipients in a List, select the List in the top box of the Main screen. It is okay to strip the Lock tags up to the "==" signs, but not recommended. It is also okay to split the encrypted message with line returns.

Messages encrypted in this mode can be read in SeeOnce if Compatibility mode is checked in Options.


Decrypt a message that was encrypted in Read-once mode (tags are PL**mso)

1. Select the sender's Lock on the top box of the Main tab. This mode requires the sender's Lock to be previously stored in the device's local directory.

2. Paste the encrypted message in the lower box of the Main tab.

3. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will replace the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY

Click here for More:

Usually you can decrypt the message only once, since the ephemeral key needed to decrypt it is overwritten in the process, but after a reset the first message can be decrypted forever, and the second becomes undecryptable only after it is replied to. It is okay if the message is broken up by carriage returns or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

A message encrypted by PassLok for Email or PassLok Universal in Read-once mode can be decrypted by PassLok in this mode. Just paste it in and supply a name for the included ezLok, if requested. Same if it was encrypted in SeeOnce.


Reset a Read-once conversation

This may be needed if the conversation with a given correspondent has gone out of sync so that you are unable to decrypt a new Read-once message from this person. Resetting clears ephemeral Keys and Locks on both sides, and re-initiates the Read-once exchange.

1. Click the Edit button next to the Lock selection box.

2. Start writing the name given to the correspondent in the dialog. As you type, the line above the box displays existing items matching what you have typed so far. You can stop typing once you see the complete name you're looking for. Search is case-insensitive.

3. Click the Reset button. A popup asks you to confirm the action, and then a message tells you that it has been done.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY


Send a PassLok item (Lock, encrypted message, etc.) by email

1. Check that the item displayed on the Main tab is PassLok output. If it is not, the button you need to press in the next step won't be there.

2. Click the Email button. If the device is so configured, a window appears containing the item and some explanatory text. You only need to supply the recipient's email address and a subject line before clicking the Send button.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LsljKvjAi9I

Click here for More:

Be aware that there is a limit to the size of a message that is made this way. If you get an error, you can always copy the contents of the box and paste it into a normal mail compose screen.The email includes a link that, if clicked, will open the contents in the web app version of PassLok. To open it in a different email client or in case the button is not visible or the new window fails to appear, copy it to the clipboard and then paste it into the "compose" box of your favorite email.

If the recipient is going to use PassLok for Email or PassLok Universal rather than this standalone version of PassLok or FusionKey, you'll make things easier if you switch to Email mode in Options before you click Encrypt.


Send a PassLok item by Text messaging

1. Check that the item to be sent is displayed on the Main tab. Usually it will have been produced with Short mode selected in Options, to make sure it fits in a single message.

2. Tap the button dealing with text messaging, which is labeled SMS. A window appears with the default texting app (setting it in a computer up may require additional steps).

3. Tap the input box and then paste the clipboard, which will contain the encrypted message. Send the message in the usual way.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LsljKvjAi9I

Click here for More:

To decrypt a encrypted message received by texting, you must first copy it to the clipboard, and then paste it on the Main tab of PassLok. Due to browser restrictions, there is no way to know whether the item has been copied to clipboard, but hopefully the process above is fairly foolproof. (Advanced) If you want to make sure the encrypted message fits within a single text message, encrypt it with the Short option on.


Load files to be encrypted, sealed, or split

1. The button to load files is the rightmost one on the formatting toolbar, which is displayed by clicking the Rich button. It looks like this:

2. When you click it, a dialog will appear so you can navigate to the file. If all goes well, the file loads into the box as a link. You will see only its name, but the whole file is actually in there.

Now you can encrypt it, seal it, or split it just like a text-based message. You can also add more files if you want. The process to retrieve the original files is explained in the help item below.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=tPeUv6BRTrg

Click here for More:

If the file is a text file, it will load as plain text rather than as a link. Be aware that mobile devices (especially in iOS) often place severe restrictions on accessing stored content. If using a Chromebook, be aware that the Files extension does not load Google documents completely; save the file locally in a different format and try loading it again.

You can also put images in your message, by clicking the button immediately to the left of the one to load files. In this case the content is displayed as an image rather than a link.

If you plan to send large files by email or other means, it is best to encrypt them with an archiving program such as 7zip, Winzip, or Winrar (Windows), Keka (OSX), or p7zip (Linux) using AES and a random symmetric key, and then use PassLok to encrypt that symmetric key for transmission, along with the encrypted files as attachments.


Retrieve a file that has just been decrypted, unsealed, of joined

1. Make sure the file appears as a link on the Main box.

2. Right-click on it and select the Save link as option. The file will be saved at the location you select.

If there are several file links, repeat the process for each one. This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=tPeUv6BRTrg

Click here for More:

Chrome will not display the Save link as option if the file is larger than 1.5MB. Use Firefox or Safari in this case. Be aware that mobile devices (especially on iOS) place severe restrictions on what files can be saved, and where.


File output

If you select File output on the Options tab before encrypting, sealing, or splitting, the result of the operation appears as a file (several, in the case of splitting), which you can then save anywhere by right-clicking on the file labels. Doing this will speed up things considerably if you are encrypting, sealing, or splitting something large (especially in Chrome).

The file can be either binary with extension .plk (default), or text with extension .txt. This can be selected on the Options tab.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Sm4f6FIOShI

Click here for More:

An output item loaded as a file can be decrypted, unsealed, or joined just like an item loaded as text. It can also be sent by email as an attachment, which is handy when the item is large. Firefox and Safari have no problems with file size, but Chrome won't save the output file if it is larger than 1.5MB. Feel free to change the file name or extension to something else, but to decrypt, unseal, or join files made this way, you must make sure the extension is .plk or .txt before you load them or PassLok may fail to recognize them as its own output. Be aware that mobile devices (especially on iOS) often make it difficult to work with files.


Make an invitation to join a real-time multi-party chat session

1. Select the other participants in the chat on the list at the top of the Main tab. You are added automatically.

2. Click the Chat button, which is below the box. A dialog will appear asking you whether this chat is going to involve text and files only, or also will involve audio, or video, or be hosted by Jitsi, an open-source videoconference service. There is also a text box where you can optionally type something that will be shown to the users (such as the date and time for the chat) before they join the chat.

3. Supply the required information and click OK. If the main box did not contain a chat invitation, a new one is generated and placed there. You can now email it with the Email button, or send it out by any other means.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=XytUN0T_2zQ

Click here for More:

Please tell participants about the time for the chat. When the time comes, you will join the chat using the same invitation as the other parties, so make sure to save it somewhere. All browsers can make a chat invitation, but some (Internet Explorer, Safari, native Android app, anything on iOS) don't support joining the actual chat.

PassLok chat invitations can be decrypted in PassLok for Email, PassLok Universal, and FusionKey, and vice-versa. If you set encrypt Compatible mode in Options before encryption, they can be decrypted in SeeOnce (Read-once only) or URSA as well.


Use an invitation to join a real-time chat session (tags are PL**chat)

1. Place the invitation in the Main box and click the Chat or the Decrypt button. If the sender added a message, it will be displayed and you will have to click OK to go on, or Cancel to try later.

2. A new screen opens. Write the name you want to use for the chat in the top box, check that the type of chat offered is what everyone agreed on, and then click Join.

3. As participants join the chat session, their chosen names will appear at the top of the chat screen (or a randomly-chosen tag, if they didn't supply a name). You can then post text by writing it in the Text box, followed by Enter. You can also post files by clicking the Browse or Files button.

4. If the chat involves audio or video, you may be asked to give permission to access you microphone and camera. After you grant it, you will see or hear the other participants as they join, and likely yourself too. Jitsi chats are the most polished, but participants connect through a server rather than one-on-one as in the other types.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=XytUN0T_2zQ

Click here for More:

Connections between participants are direct in all chat types except Jitsi, but a signaling server is used at the start so the participants can find one another, and then it is contacted no more. PassLok will remind you that this may lead to your being tracked. The connection will stay alive until all the participants leave. If things get out of hand, you can always reset your session by reloading the chat page. At that point you'll have the chance to change the kind of chat if you so desire.

Browsers are not equal as far as support for chat: Firefox and Chrome are the best, followed by the Android browser, Maxthon, and then Opera (with problems). Internet Explorer, Tor, Safari, and anything on iOS don't yet support joining a chat, though you can make a chat invitation from them.

PassLok can open chat invitations made in SeeOnce and URSA.


Encrypt a message with a shared Key, to be decrypted with the same Key

1. Make sure the Anonymous or Signed mode is selected at the bottom of the Main tab.

2. If the Keys shared with each of the recipients have been previously stored in the local directory, simply select their names in the top box of the Main tab.

3. Write or paste the message in the lower box of the Main tab.

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original text.

Copy it and paste it into your communications program or click Email to open your default email program.

This and more is explained in this video tutorial (warning: watching it may leak your IP number):https://www.youtube.com/watch?v=sRdpWe4zya8

Click here for More:

This message can be decrypted only by someone having the same shared Key. It does not matter whether Anonymous or Signed mode is selected, since they use shared Keys identically. It is okay to strip the tags up to the "==" signs, but not recommended. It is also okay to split the encrypted message with line returns. The tags will depend on the encryption mode selected. There is no special tag to indicate that a shared Key was used instead of a Lock.

Messages encrypted with a shared Key can be decrypted in PassLok for Email, PassLok Universal, and FusionKey as well. They can be decrypted in URSA if Short or Compatible mode are chosen in Options prior to encryption.


Decrypt a message encrypted with a shared Key

1. If the Key shared with the sender has been previously stored in the local directory, simply select its name in the top box of the Main tab.

2. Paste the encrypted message in the lower box of the Main tab.

3. If the message does not decrypt automatically, click the Decrypt button. The decrypted message will appear in the main box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number):https://www.youtube.com/watch?v=sRdpWe4zya8

Click here for More:

It is okay if the message is broken up by carriage returns or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

Messages encrypted with URSA can be decrypted in PassLok, using this procedure.


Encrypt a message with a Pad, to be decrypted with the same Pad

1. Copy the text to be used as Pad from its source. It should be at least five times as long as the message, or Pad mode won't engage. You can also load a whole file that is at least five times as long as the message.

2. Click the Edit button next to the directory box and paste the shared Pad in the dialog that appears. You can also load a file by means of a button visible in the Advanced interface. Then click Done.

3. Write the message in the lower box of the Main tab.

4. Click the Encrypt button. If Pad mode is engaged, a popup will ask for the starting position in the Pad, otherwise encryption will proceed using the regular shared Key mode (a warning popup will appear if there are several paragraphs).

5. Write a number within the range given in the dialog and click OK. The encrypted message will appear in the box, replacing the original text.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=BEXYuaCxciM

Click here for More:

Pad mode is theoretically impossible to break, even by brute force. Use it when you need utmost security. The text material can be taken from a digital book, for instance. You may transmit in plaintext the page number and starting position, so long as the text source is kept secret.

It is okay to split the encrypted message with line returns or to eliminate the tags at either end. It doesn't matter which encryption mode is selected at the botton of the Main tab.

Messages encrypted this way can also be decrypted in URSA.


Decrypt a message encrypted with a Pad (tags are PL**msp)

1. Copy the text to be used as Pad from its source. It should be at least five times as long as the message, or Pad mode won't engage. You can also load a whole file that is at least five times as long as the message.

2. Click the Edit button next to the directory box and paste the shared Pad in the dialog that appears. You can also load a file by means of a button visible in the Advanced interface. Then click Done.

3. Paste the encrypted message in the lower box of the Main tab.

4. Click the Decrypt button if decrypting does not start automatically. A popup will ask for the starting position in the Pad.

5. Write the numerical starting position in the popup and click OK. The decrypted message will appear in the main box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=BEXYuaCxciM

Click here for More:

It is okay if the message is broken up by carriage returns or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

URSA messages encrypted this way can also be decrypted in PassLok.


Encrypt in Human mode, so it can be decrypted by hand

1. If the three-part Key shared with the recipient has been previously stored in the local directory, simply select its name in the top box of the Main tab.

2. Write the message in the lower box of the Main tab. This mode understands only Latin characters, and removes any accents and diacritic marks.

3. Click the Encrypt button.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=npROBlHjxmc

Click here for More:

This mode engages automatically if the Key consists of three strings separated by tildes. If you have a single string, write two tildes after it in order to use this mode. It doesn't matter which encryption mode is selected at the botton of the Main tab or on the Options tab.

The method is described in detail in this page, which can also encrypt and decrypt messages: https://passlok.com/human. URSA can also encrypt and decrypt in this mode. Even though encryption and decryption can be performed without a computer, security against computer-based cryptanalysis is comparable to that of computer-based ciphers.


Decrypt a message encrypted in Human mode (tags are PL**msh)

1. If the three-part Key shared with the recipient has been previously stored in the local directory, simply select its name in the top box of the Main tab.

2. Paste the encrypted message in the lower box of the Main tab.

3. Click the Decrypt button if decrypting does not start automatically. Unlike in other modes, you won't get a message telling you whether or not the decryption has been successful.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=npROBlHjxmc

Click here for More:

It is okay if the message is broken up by carriage returns or is missing its tags. It doesn't matter which encryption mode is selected at the botton of the Main tab.

If you want to learn how to encrypt or decrypt in this mode, using simply paper and pencil, look at the instructions in this page, which also does encryption and decryption: https://passlok.com/human. URSA can also encrypt and decrypt in this mode.


Add a Lock or shared Key to the local directory

From the Main tab (this works only for Locks):

1. Paste the Lock into the Main box. If the item is identified as a Lock, a prompt will ask you to give it a name.

2. Write a name in the prompt box and click OK. You will see the name added to the selection box at the top of the Main tab.

From the directory Edit dialog:

1. Cick the Edit button next to the directory box.

2. Paste the Lock or shared Key in the box, replacing whatever was there before. Usually PassLok will recognize a Lock and display a message saying so.

3. Click the Save button. A popup will ask you to provide a name for the item.

4. Write the name and click OK. A message confirms that the item has been saved under the name given.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA

Click here for More:

If the given name is already in the directory, the Lock or shared Key will be replaced rather than added. You can store a cover text or a List besides an individual's Lock or shared Key. In the case of a List, the given name will be displayed bracketed by double dashes. Items that are not Locks are stored encrypted. When you load PassLok from an email link, a popup may open asking you to accept saving the sender's Lock to your directory. You can change its name at this point.

(Chrome/Firefox app only) If Chrome sync is checked in Options, the item will also be added to the Chrome sync area, so it is available on a different computer after you log into Chrome or Firefox.


Retrieve a Lock or shared Key from the local directory

1. Click the Edit button next to the directory box.

2. Start writing the name of the item in the box that appears. As you type, the line above the box displays existing names that match what you have typed so far. When you see that the correct name has been found, you may stop typing; PassLok will use that item to encrypt or decrypt.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA

Click here for More:

The process also works for Lists, and cover texts stored in the local directory. Search is case-insensitive. If the item is a cover text, it loads automatically for use in Text hiding.

(Chrome/Firefox app only) If you type "Enter" after a complete name that was not found on the local database and Chrome sync is checked in Options, PassLok will look for it in its Chrome sync area, which syncs across computers, and then add it to the local directory.


Delete a stored item

1. Click the Edit button next to the directory box.

1. Start writing the name of the item in the dialog that appears. As you type, the line above the box displays existing names that match what you have typed so far.

2. When the name of the item you want to remove is displayed above the box, click the Del. button. A popup asks for confirmation before the item is deleted from the local directory.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA

Click here for More:

You can stop typing once you see the complete name for the item you are looking for. Search is case-insensitive.

(Chrome/Firefox app only) If Chrome sync is checked in Options, the item will also be deleted from there, after a confirmation popup.


Make a video to authenticate your Lock

What should the video include:

What to do with the video:

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=zkcqEz3UjnM

Click here for More:

It is highly recommended that you make a video whenever you change your secret Key, so that others can be assured that the matching Lock really belongs to you. When you post your Lock so that people can use it to encrypt messages for you, write the address of the video on the line immediately below the Lock, to facilitate the verifying process. Video URLs don't affect the function of Locks, so it is okay to handle the Lock and its video address as a unit. Obviously, you wouldn't do this for a shared Key, only for a Lock.

Your PassLok ezLok is also used in PassLok for Email and PassLok Universal, so one video will suffice for all apps. The other apps display your ezLok at the beginning of any item you encrypt, separated from the encrypted message by a group of slashes.


Use the General Directory

The General Directory is a Web page, hosted by PassLok.com, that can store Locks and their authentication videos, as associated with email addresses.

To get to the General Directory: Click the Edit button next to the directory box, Then click the General Directory button.

The General Directory has its own Help page, which is structured like this one.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=QQQ2df2vPgs

Click here for More:

PassLok does not guarantee the authenticity of the Locks posted on its General Directory. Email confirmation is required to post or update Locks, but this is not completely secure. Since users are encouraged to add authenticating videos and the General Directory has a button to play them, you should watch the video attached to a Lock before you use it.

The General Directory is meant as a convenience, not as a replacement for your local directory. The General Directory is not available when you are offline (the local one is). You cannot post anything but Locks on the General Directory. Be aware that opening the General Directory involves contacting a server, which may lead to being tracked.


Add, remove, and backup users

To add a new user:

1. Reload PassLok. Then click the New User button next to the user selection box.

To backup and optionally remove an existing user (advanced):

1. While you are logged in with that user's Key, go to the Options tab and click the Backup/Remove Whole Directory button (visible in the Advanced interface).

2. Then a prompt asks you to confirm deleting the directory from the device. If you click OK, the entire local directory for that user is deleted, leaving no traces. If you click Cancel, the process ends and the directory contents are not deleted. In both cases the backup on the Main tab remains.

3. To retrieve a backed-up directory (has PL**dir tags), paste it into the Main tab, and click Decrypt if it does not decrypt automatically. The database will be decrypted and placed in the directory Edit dialog. Then you can add it to the device's current local directory by clicking Merge.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM

Click here for More:

You can maintain multiple identities, using different Keys. The backup process is useful whenever you stop using a device or just want to transfer your data to another device.

(Chrome app only) Even if the local directory is completely deleted, the items in your Chrome sync area remain available if you click Cancel when PassLok offers to remove them from sync as well. They will load back automatically, even on a different machine, if you set up a user with the same user name.


Access the advanced functions of PassLok

PassLok launches first in Basic mode, so you are able to encrypt and decrypt messages and perform the essential directory management functions. But PassLok has a lot more capabilities, which become available when you click the Advanced checkbox in the Options tab. To get back to Basic mode, click the Basic checkbox. PassLok will remember your choice of interface next time you open it.

Some advanced capabilities include:

There is also Email mode, which displays only the functions that are available in PassLok for Email and PassLok Universal. In this mode, PassLok's output is nearly identical to that of those apps, so it can be decrypted there. The ouput of PassLok for Email and PassLok Universal can always be handled by the standalone PassLok, no matter which interface mode is selected in Options.

Finally, you can choose Compatible mode in Options (after selecting Advanced), which will cause PassLok's output to be accepted by URSA and SeeOnce.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Ttyvb0Qt7h0


Are there any keyboard shortcuts?

The main functions in PassLok can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a complete list, just in case:

Click here for More:

The list is made for access from Windows or Linux, so that each shortcut is of the form Alt-letter. If you are using a Mac, you should type ctrl-alt-letter instead. Shortcuts do not work on mobile devices.


Make a short encrypted message suitable for texting (advanced)

1. On the Options tab, check the Short button. Also make sure the appropriate encryption mode is selected with the radio buttons at the bottom of the Main tab.

2. If the recipient's Lock of shared Key has been previously stored in the local directory, simply select its name in the top box of the Main tab.

  • If not, click the Edit button next to the directory box and paste the Lock or shared Key in the box that appears. Then click Done.

3. Write or paste your message into the box of the Main tab.

4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.

Copy it and paste it into your communications program.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=pD-uvyxKBgQ

Click here for More:

The encrypted message, which has no tags, will fit within one SMS message (160 characters). A message above the main box will tell you how much space is left, depending on the encryption mode selected. On a mobile device, the encrypted message will be selected and ready to be copied into the clipboard. You need to copy it manually before clicking the SMS button, which will open your texting app. Message length is limited to 94 ASCII characters when encrypting with a shared Key or in Signed mode, 62 in Anonymous mode, 46 in Read-once mode. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost.

Short-mode locked items are not compatible with PassLok for Email and PassLok Universal, but if a shared Key is used they can be decrypted in URSA and FusionKey.


Decrypt a short encrypted message (no tags) (advanced)

1. If the message was encrypted in Signed or Read-once mode, or with a shared Key, you will need to select the sender on the directory, or enter the appropriate Lock or shared Key in the directory Edit dialog, as described in a help item above.

2. Paste the encrypted message in the lower box of the Main tab.

3. If it does not decrypt automatically, click the Decrypt button. The decrypted message will appear in the box, replacing the encrypted message.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=pD-uvyxKBgQ

Click here for More:

It is okay if the message is broken up by carriage returns. When decrypting, there is no need to set the encryption mode at the bottom of the Main tab.


Seal a text with your secret Key so others know it comes from you (advanced)

1. Write or paste the text to be sealed in the lower box of the Main tab.

2. Click the Seal button. The text is replaced by a random-looking item, which is the sealed text. Copy it or email it from there.

You must be aware that a sealed item is NOT ENCRYPTED, and that anyone in the world can unseal it so long as he/she has your Lock, which is public.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Vh9wwFZiV4w

Click here for More:

It is okay to strip the tags up to the "=" sign, but not recommended. It is also okay to split the sealed item with carriage returns. Sealed items can be unsealed only in PassLok.


Unseal a sealed text and verify its origin (tags are PL**sld) (advanced)

1. If the sealer's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab.

  • If not, click the Edit button next to the directory box, then paste the Lock in the box that appears and click Done.

2. Paste the sealed item in the lower box of the Main tab.

3. If the item doesn't unseal automatically, lick the Unseal button. If successful, the sealed item will be replaced by the unsealed text, and a message above the main box will say whether or not the seal has been verified for that sealer.

You must be aware that being able to unseal an item does not mean that others are not able to do it just as easily, because a sealed item is NOT ENCRYPTED. What unsealing does is verify that the item could only have been sealed by the selected person.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Vh9wwFZiV4w

Click here for More:

It is okay if the signer's Lock is missing its tags up to the "==" signs, or carriage returns have been added to the sealed item. Unsealing requires a true Lock; shared Keys cannot be used for unsealing. Encrypting/decrypting with a shared Key partially verifies the identity of the sender, since shared Keys are not public. Decrypting a Signed or Read-once encrypted item also verifies the encrypter's identity.


Conceal a PassLok item (Lock, message, etc.) inside a piece of text (advanced)

1. Check that the item to be converted into fake text is on the Main tab. Then click the button, if needed, to show the Text hide button.

2. If you wish to use a cover text different from the default and you have stored it in the local directory, select it on the top box of the Main tab. Otherwise click the Edit button and enter the new cover text in the dialog, then return to the Main tab.

3. Make sure the hiding mode you want is the one selected in the Options tab. There are five different modes: Invisible, Letters, Words, Spaces, and Sentences. Letters (default) encodes the item as identical-looking non-ASCII characters in the cover text. Words replaces each character by two words. Spaces encodes the characters into the spaces between words. Sentences encodes characters as grammatically correct sentences. Invisible mode encodes into invisible characters between two lines, which can then be completed to look like a normal message.

4. If now you click the Text hide button, the PassLok item is converted into text, using words from the cover text. You may have to complete the last sentence manually.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_7Fju1EwhV4

Click here for More:

The recipient does not need to have the cover text in order to retrieve the original. The output of Spaces and Sentences encoding is roughly six times longer than that of Letters or Words encoding. The most grammatically-correct output is that or Letters and Spaces (identical to the cover text), followed by Sentences; Words output doesn't make much grammatical sense. Invisible encoding has no impact on intelligibility, but care must be taken to copy the entire invisible content. If the cover text is not long enough, it will be repeated several times. When you use Spaces or Letters encoding, you should be careful not to add or delete any spaces within the encoded text, but it is okay to add a few extra letters to complete the last sentence. Also be aware that some services replace the special characters in Letters- and Invisible-encoded items with something else, thus corrupting the items.

Text encoding is no substitute for real encryption, and so PassLok will refuse to convert into text anything that does not look like genuine PassLok output.

Cover texts do not have to be in English or even use Latin characters. Anything that can be written in UTF-16 encoded characters can be used (most languages, including Arabic and Chinese, will work fine).

You can store often-used cover texts in your local directory so they can be loaded easily from the Main tab. To do this, click the Edit button next to the directory box, then paste the cover text in the lower box, and click Save. A popup will ask you to write a name for the stored cover text.


Retrieve an original PassLok item concealed within text (advanced)

1. Put the text in the box of the Main tab.

2. Click the button, if needed, followed by the Text hide button. PassLok will detect the type of encoding used and display the original item in the box, replacing the text.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_7Fju1EwhV4


Hide a PassLok item inside an image (advanced)

1. Make sure the item to be hidden is in the lower box of the Main tab.

2. Click the button, if needed, and then the Image hide button.

3. A dialog appears to load the image where the item is to be hidden. The image format does not matter, so long as it can be displayed in a web page. Then the image appears in a new dialog, along with a few controls and a message telling you how much data you can hide in the image.

4. You will get much better stealth if you write a password in the box on that dialog. In this case, anyone trying to extract the hidden data will fail to detect that anything is there unless he/she also supplies the same password.

5. Click the PNG hide or the JPG hide button, depending on the format of the image you want to produce. A message will say when processing is completed, although the image will not appear to have changed much.

6. Right-click or long-press on the image in order to save it or send it somewhere. Then you can close the dialog with the Done button.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_iXIyH6AnMI

Click here for More:

If you selected a single recipient before clicking the Image hide button, the password box will be pre-filled with a string based on the recipient's Lock and your Key, which will be the same for the recipient. You can use this or replace it with something else.

You can hide a second short message, in addition to the item in the main box, by writing after the image password a vertical bar "|", followed by a second password just for the second message, another vertical bar, and then the second message. How long the second message can be depends on the way the main box item is hidden, and cannot be known beforehand, but the process will fail if it is too long.

Images only a few kB in size can hide PassLok items with hundreds of characters. Images taken with a mobile camera are usually too large for PassLok to be able to use them for hiding items, because of the large processing time required. JPG images containing information use no chroma subsampling. The PNG format can contain a lot more information, but file size will be larger.


Retrieve the PassLok item hidden inside an image (advanced)

1. Navigate to the image hiding screen from the Main tab by clicking , if needed, and then Image hide.

2. A dialog appears to load the image where the item is hidden. Then the image appears in a new dialog.

3. If a password was used to hide the data, you must write the same password in the box on that dialog. Otherwise the revealing process will fail exactly as if the image did not contain anything. If you want PassLok to guess the password for you, select the sender in the directory box before clicking the Image hide button.

4. Click the Reveal button. If succesful, the dialog closes and the hidden data appears in the main box. If unsuccessful, the dialog stays so you can try a different password; or you can close the dialog with the Done button.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_iXIyH6AnMI

Click here for More:

This function is not available on iOS, but it is on Android. This is because iOS converts all images to JPG format as they are loaded, thus destroying any hidden information.

If there is a second message hidden in the image, you can reveal it by writing after the image password a vertical bar "|", followed by the second password. If successful, the second message will appear in the message area of the Main tab.


Split an item into several random-looking parts (advanced)

1. Put the item in the lower box of the Main tab.

2. Click the button, if needed, and then click the Split button.

3. A popup asks for the total number of parts to be made, and the minimum number required to retrieve the original. Enter those numbers, which must be between 2 and 255, and click OK. The parts appear in the main box, replacing the original item, and a message confirms it. Copy the parts one by one and send or store them as needed.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=ZdVHaD-FpSk

Click here for More:

The parts are enclosed within tags of the PL**p^^^ form, where ^^^ is the minimum number of parts that are needed to reconstruct the original. It is okay to strip the tags of the resulting parts up to the "==" sign, but not recommended. It is also okay to split the parts with line returns. If you enter nothing in the second box, it is understood that all parts will be required to retrieve the original. Split items can only be joined in PassLok.


Join parts to retrieve the original item (tags are PL**p^^^) (advanced)

1. Paste a sufficient number of parts on separate lines of the lower box in the Main tab. Make sure that each part is unique.

2. Click the button, if needed, and then the Join button. If all goes well, the reconstructed item appears in the box.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=ZdVHaD-FpSk

Click here for More:

You need as many parts as the second number entered when the item was split, which is written at the end of each PL**p^^^ tag. Having more parts than the minimum is okay, so long as they belong to the same set and are not corrupt. They don't need to be placed in any particular order. If nothing happens, likely causes include: insufficient number of parts, incomplete or corrupt parts, parts belonging to different sets.


Encrypt a second, undetectable message in addition to the main message (Hidden message mode) (advanced)

1. On the Options tab, check the Hidden message checkbox.

2. Follow the above instructions for any kind of regular encryption (not Short). A popup will ask for a hidden message and a special Key/Lock to encrypt it.

3. Input the hidden message into the top box and the special shared Key or Lock (either kind will work) in the bottom box. Then click OK.

The encrypted message containing both the main text and the hidden text will appear in the main box, replacing the original text. Copy it and paste it into your communications program.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4WrYEdRp2Q4

Click here for More:

It is impossible to tell whether or not a encrypted item contains a hidden message. The length of the hidden message is limited to 83 ASCII characters, sufficient to include an ezLock. Non-ASCII characters use 6 spaces each, so avoid them if you can. Any text beyond the limit will be lost. If a shared Key is used for the second message, the same shared Key is needed to retrieve it; if a Lock was used, its matching Key will be needed. If a given recipient has a shared Key in common with the sender instead of a Lock, and Signed or Read-once mode is used for the main encryption, he/she won't be able to get the hidden message if encrypted with a Lock.

Hidden messages added in PassLok can be revealed in PassLok for Email, PassLok Universal, and FusionKey, and vice-versa. This compatibility does not extend to other programs such as SeeOnce or URSA.


Reveal the hidden text contained within a message encrypted in Hidden message mode (advanced)

1. On the Options tab, check the Hidden message checkbox.

2. Follow the instructions for any of the regular decrypting modes. A popup will ask for a Hidden message Key.

3. Input the special Key, then click OK. The hidden message, if it exists, will appear above the main box.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4WrYEdRp2Q4

Click here for More:

Since it is impossible to detect the presence of a hidden message, it is necessary to click the Hidden message checkbox in order to check for it. Likewise, there is no way to tell whether the sender used a Key or a Lock for encrypting the hidden message.


Change your secret Key (advanced)

1. Click the Change Key button on the Options tab. A new dialog will pop up asking you to enter the new Key twice.

2. Write the new Key in the two boxes in this dialog, and then click OK. A message will announce that the Key has changed.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LubzBF4Xaa8

Click here for More:

The items in the local directory are encrypted with your Key; this operation re-encrypts them with the new Key. Your Key is not stored anywhere, not even encrypted, but PassLok is still able to check whether the Key entered is the one in use.


Display the entire local directory (advanced)

1. Click the Edit button next to the Lock selection box.

2. Click the All button below the box that appears. The complete local directory, including encrypted Read-once data, is displayed in the box so you can find items and copy them easily.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM

Click here for More:

The format for each item is the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has Read-once data, those follow the item data, occupying consecutive lines. Item 'myself' is special, and contains the Lock matching your secret Key and a collection of settings.

If you want to decrypt a particular piece of data from the directory, copy it and paste it into the main box. It should decrypt automatically and appear in the directory Edit dialog.


Merge additional data into the local directory (advanced)

1. Click the Edit button next to the Lock selection box.

2. Paste the additional data into the box hat appears.

3. Click the Merge button. The new data is merged into the local directory.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM

Click here for More:

The format for the additional data must be the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has Read-once data, those follow the item data, occupying consecutive lines. If the additional data contains names that were already in use in the directory, the new data replaces the original data. Items are added in encrypted form but are not checked as they are added, so it is possible that different items may need different Keys to be decrypted, if you changed your secret Key in the past. (Chrome/Firefox app only) If Chrome sync is checked in Options, the additional data will also be added to that area so it is accessible from other computers.


Use Lists (advanced)

You can always encrypt a message for multiple recipients by writing their respective Locks or shared Keys in separate lines of the box in the directory edit dialog. You can also write the names of the Locks or shared Keys instead. A List itself can be given a name in order to save it in the local directory. You do this by clicking the Save button. Saved Lists appear bracketed by double dashes in the top box of the Main tab.

To encrypt an item for all the recipients included in a saved List, just select its name in the top box of the Main tab before clicking the Encrypt button.

Lists can contain Locks, shared Keys, or names of items in the local directory, but not names of other Lists.


Make a random Key (advanced)

PassLok has a built-in way to make a 42-character random Key:

1. Click the Edit button next to the directory box.

2. On the dialog that appears, click Save with the lower box empty.

2. If you actually want to save the random Key, write a name for it in the top box before clicking Save.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=3OUpuk3-tRo


Combine a Key and a Lock (advanced)

This operation, which goes by the technical name of "Diffie-Hellman key exchange," is at the core of many PassLok functions. Should you ever want to compute the result manually, here is how to do it:

1. Write or paste the Key or the Lock on the Main tab.

2. Click the Edit button next to the directory box, and write or paste the other item in the dialog that appears.

3. Click the Merge button. The Key and the Lock will merge and the 43-character result, which is itself a valid Lock, is placed in both the dialog and the Main tab.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=0EImhN35Tbs

Click here for More:

If both items or neither of them is a valid Lock, the merging process fails and a message is displayed. The result of combining your secret Key and someone's Lock is itself a Lock, and the same as that of combining your Lock and that person's secret Key. You can combine a set of Keys into one by first making the Lock of one of them, and then combining the other Keys, one after the other, as described above. The order of entering the Keys does not matter.


Ask the participants in a Chat session to authenticate themselves (advanced)

1. Inside the chat session, type a bunch of garbage. You should expect the garbage back as a sealed item from each participant who has not yet done so.

2. When a sealed item is posted in the chat session, copy it and go back to the Main tab of PassLok, then paste it there.

3. In the local directory, select the Lock belonging to the person who posted the signature, and click the Unseal button.

4. The original garbage string should be recovered, plus a message indicating that the sealer has been verified. If the seal is verified, this means that the one who posted it is indeed who he/she claims to be.

This is all explained in this video: https://www.youtube.com/watch?v=NlEJJpF-Wmo

Click here for More:

This process assumes that the Locks in your local directory have been authenticated, perhaps by following the process explained elsewhere in the help area. When asking others to authenticate themselves, it is important to ensure that the text they are asked to seal could not have been predicted ahead of time.

If there is no Lock for a participant, but rather a shared Key, he/she should instead encrypt the garbage text with that shared Key and post the result. Authentication will be complete once the encrypted text can be decrypted with the shared Key and the result matches the original.


Respond to a request for authentication posted in a Chat session (advanced)

1. If you see a piece of garbage text posted by someone (especially if you have just joined), that means that anyone who has not yet authenticated him/herself is asked to do so. Copy the garbage text and go back to the Main tab of PassLok, then paste it there.

2. Click the Seal button. The text will be sealed.

3. Copy the whole thing and go back to the chat session by clicking the Back to Chat button, then paste it into the chat box and submit it.

This is all explained in this video: https://www.youtube.com/watch?v=NlEJJpF-Wmo

Click here for More:

If your chat invitation was encrypted with a shared Key rather than a Lock, you should instead encrypt the garbage text with that shared Key and post the result; authentication will be complete once the encrypted text can be decrypted with the shared Keyl.


Authenticate a Lock without using videos (advanced)

The easy way: call the Lock's owner and ask him/her to read a substantial portion of the Lock over the phone. But if you are communicating exclusively by email you can send a person whom you know and who knows you the following message, or something like it:


Dear So-and-So:
I just obtained your PassLok Lock from (cite source), but I still wonder if it is authentic since I am unable to view the authenticating video. Therefore, I ask you to help me authenticate it through the interlock protocol. Here's what I want you to do:

  1. Write a message asking me to take a picture or video of myself doing something of your choice. Encrypt the message with my Lock, which is appended to this message, and copy it to a safe place. Then split it in two and send me the first half only.
  2. When I receive your first half, I will also write a message asking you to do something in a picture or short video. I'll encrypt that message with your Lock, and I'll send you half of the encrypted message first. When you get it, go ahead and send me the other half of your encrypted message.
  3. When I get your second half, I'll put the two halves together and decrypt your message. Then, following your instructions I'll send you the picture or video right away, decrypted, along with the second half of my encrypted request.
  4. When you get it, please verify that what I sent conforms to your instructions. If so, put together the two halves of my encrypted message to you, decrypt it, and send me what I ask in the message as soon as possible, decrypted as well. Then I'll know that your Lock is authentic.

Many thanks. Sincerely, This-and-That

Click here for More:

Alternatively, you can ask the other person to use PassLok's built-in Split/Join function, explained in another help item, rather than simply cutting messages in two. The pictures or videos (or recordings) don't need to be encrypted. Only the instructions for making them need to be encrypted and transmitted with this two-step process. There is an article in the PassLok manual that explains how this protocol works for authenticating Locks.


Check the authenticity of the code

If you got PassLok from an app store, that app store is ensuring that the code you have is what the author gave to them. The following is to check the integrity of the web app version of PassLok running in a browser:

1. Direct your browser to "view source." If your browser has a command to save the source (Chrome, Firefox, and Safari do), go ahead and save it to file. Alternatively, you can go to Online-convert (https://hash.online-convert.com/sha256-generator) and type the URL of your version of PassLok there, then skip step 2.

2. Now you have to take the SHA256 checksum of the code (or the MD5 or SHA1 checksums) using a program different from PassLok. You have several options:

3. Look up the checksum for this version of PassLok, which is published on the PassLok information website at passlok.weebly.com and a number of other places. If this value and the one obtained above are not the same, the program has been tampered with. Here are some places where this information is published:

4. Now, a hacker who could alter the source code at the server might also be able to change the published checksums so they match the tampered code. To make sure that the value is authentic you should watch the one-minute video where the author or PassLok, Francisco Ruiz, reads the SHA256 checksum aloud. A link to the video usually accompanies the published SHA256 value.

This and more is explained in this video tutorial (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=NrAfSo2xjnY

Click here for More:

Typically, you load the source on a separate tab by typing CTRL-U (Windows) or option-cmd-u (OSX). Another way to save the source is to copy it by first selecting the the whole source code (CTRL-A or cmd-a), then copy to clipboard (CTRL-C or cmd-c), and then paste it into a text editor (CTRL-V or cmd-v), and save it from there. DO NOT save the code using the "save" command when the working PassLok page is displayed, since then the browser would modify the source code before saving it. The correct encoding is UTF-8, no BOM (notes: Windows Notepad is unable to save text in the correct format. Cut and paste from Chrome introduces artifacts for big items like the source code).

SHA256 is built into the OS in Linux and OSX, not so in Windows, but there are free programs available, such as Checksum Utility and Bitser. There are also online utilities where you can upload a file and get the hash. Online-convert (https://hash.online-convert.com/sha256-generator), fileformat.info (http://www.fileformat.info/tool/hash.htm) and freeformatter.com (https://www.freeformatter.com/sha256-generator.html) have worked well in our tests.

If you want a clipboard-based SHA256 utility, the one at Xorbin (https://www.xorbin.com/tools/sha256-hash-calculator) has worked quite well in our tests. Don't copy and paste from Chrome, since this introduces artifacts.


I have an item that was encrypted/sealed with a previous version of PassLok, and the current version cannot handle it

We do not recommend using old versions for new work. Newer versions have enhanced security and are more user-friendly. But sometimes you may need to handle an item that is incompatible with the current version. Here is a pretty complete list of old PassLok versions, with links to them.

The current version of PassLok can be obtained from the following servers (as always, be aware that following any link may reveal your location):

source server: https://passlok.com/app

information page: http://passlok.weebly.com

GitHub page: https://github.com/fruiz500/passlok

Chrome app: https://chrome.google.com/webstore/detail/passlok-privacy/epcchpdljafmfegifkigklfcmkphfmbh

Firefox addon: https://addons.mozilla.org/en-US/firefox/addon/passlok-privacy/

Android app: https://play.google.com/store/apps/details?id=com.fruiz500.passlok

mirrors:

https://www.autistici.org/passlok (non-US, self-certified)

https://passlok.site44.com

https://fruiz500.github.io/passlok

SHA256 for this version and video of the author reading it at:

http://passlok.weebly.com/get-passlok.html

 

Previous versions (SHA256 for each):

2.3.5 (b0a7-b564-26c1-1bd5-4f23-0829-63be-5a52-20c3-915c-96c3-8d85-7d43-b32f-5fdb-e5df)

PassLok.com

Autistici

Site44

Author reading the SHA256

2.2.8 (1580-d524-c402-53bc-c973-6305-bee8-64ec-0853-2623-d9d3-a21e-1400-4a38-4b19-b07e)

PassLok.com

Autistici

Site44

Author reading the SHA256

2.1.03 (fdc9-8bae-45c0-902f-bf6d-da01-ae7e-704c-8e32-4679-e691-a20d-4aee-2254-63af-b8d6)

PassLok.com

Autistici

Site44

Author reading the SHA256

2.0.03 (627e-45e4-0160-c885-b668-896a-7f79-766e-b93c-c6e3-0094-a28f-4380-b060-7830-48d0)

PassLok.com

Autistici

Site44

Author reading the SHA256

1.7.08 (87a4-fee6-8916-99fb-c59b-9d73-32dd-3023-5af0-3e69-18e0-caa3-d9e7-8a53-2385-957c)

PassLok.com

Autistici

Site44

Author reading the SHA256

1.6.02 (2c64-63d5-5d68-c7b2-9350-68cc-8bef-1a75-ddc1-1fa0-cd04-4428-f3ef-c079-e14f-4133)

PassLok.com

Autistici

Site44

Author reading the SHA256

1.5.03 (0061-4b79-8ba1-8fee-34c5-e243-96e9-4c7c-a0ea-cfc5-82c1-a44d-4cbb-06c4-ca00-985c)

PassLok.com

Autistici

Site44

Author reading the SHA256

The following (except 1.0) were edited so the archived help file works, changing the SHA256 from the original value (therefore no video)

1.4.03 (f1cc-8931-1d31-4d65-4dfe-fb0d-5368-f854-3766-b240-f131-c93f-a0e9-8d14-752e-018e)

PassLok.com

Autistici

Site44

1.3.03 (7c6f-3d59-1059-e712-15ea-8dcf-dcde-861a-7359-6508-3b29-5720-41c9-8271-cb69-f01a)

PassLok.com

Autistici

Site44

1.2 (c17b-c529-8757-578a-6bc2-bdc4-122e-c607-8c16-19ef-b9ee-8d4d-75aa-cf0a-b703-e0ec)

PassLok.com

Autistici

Site44

1.1 (8e5c-9714-eec3-cc65-aa8f-640d-d434-2747-aa24-624c-74c5-65ea-4077-0f0f-3b22-cc30)

PassLok.com

Autistici

Site44

1.0 (a907-25eb-50e3-e4a6-5f4b-27c1-684e-f590-6094-6fae-52f3-c7ca-47b1-732c-9eab-3e9b)

PassLok.com

Autistici

Site44


None of the help items answers my question / I want to give feedback

Then you can send us an email at passlokprivacy@gmail.com (the link will open your email client). We'll do our best to reply in a timely fashion. If you are a GitHub user, you can also go to our page on GitHub and post issues or submit improvements there.

Good constructive feedback is hard to get, so let us thank you right now, before we read your email.


Privacy Policy and Warrant Canary

Data we collect: We do collect Locks, plus optional authenticating videos, and email addresses from people who freely upload them to the General Directory. This is meant for your convenience, since other people must have your Lock in order to encrypt items for you to decrypt. Locks are by their very nature not secret. Uploads are never automatic, but must be done manually by the user.

How we use this data: Locks in the General Directory are indexed by email and can be retrieved by anyone, even outside of PassLok. We make no other use of the Locks, videos, and emails collected in the General Directory, with one exception: every six months, an email is sent to the stored address, asking for confirmation to keep the Lock in the Directory; if no positive action is taken after two of these emails are sent, everything connected to that email address is deleted from the Directory. This is fully automated and involves no human intervention.

What data we share: Only Locks stored in the General Directory and their associated videos, if present, to anyone who searches for them by using the associated email, for as long as those Locks are active (expiration is six months). A special routine is set up to prevent anyone from collecting all or a large portion of the General Directory. Neither is it possible for a third party to retrieve a list of the stored email addresses.

Concerning truly private data:

1. We cannot give your secret Key to anyone (not even yourself) because we don't have it. Your Key is never stored or transmitted, and by default gets deleted from memory after five minutes of not being used.

2. We cannot give your private data to anyone because PassLok does not send anything out of your device. When you download the app from its server, you get only the code, without any cookies, plugins, or anything of that sort. We do store Locks that have been freely posted on our General Directory by their owners, as explained above, but those are public by nature.

3. We cannot eavesdrop on your chat sessions, or enable anyone to do so. Establishing a chat session does involve contacting a signaling server (Firebase) and giving it your IP address and a disposable chatroom name so that others can contact you; the signaling server never sees the content of your chat, which is between participants only. The PassLok server doesn't even see the connection data.

4. We will never weaken the cryptography methods contained within PassLok at the request of a third party, private or public. This also means no backdoors will ever be added. We would rather shut down PassLok than be forced to do this, which would betray the very essence of our efforts. If we learn that counterfeit versions of PassLok are circulating, whether placed by hackers or government agencies, we will make the fact known to users.

Notice: Since PassLok is distributed as a piece of human-readable code, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of PassLok, whether by individuals or public entities, violates free speech and copyright protection laws.

PassLok contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using PassLok.

This paragraph and the canary logo above attest to the fact that, up until the release of PassLok version 2.4.20 (August 2021) we have not received any requests under gag order for user data or modifications of the code. This paragraph will be periodically updated as this situation continues.


PassLok v2.4.20 © F. Ruiz 2021
This document may be used, modified or redistributed under GNU GPL license, version 3.0 or higher.



Enter Locks, shared Keys, or their names in the box



JAVASCRIPT OFF, PASSLOK CANNOT RUN






 

You will need to re-enter your Key if you don't use it for 5 min.

PassLok will be very slow if your Key is worse than Medium.

To display or refresh your Lock, click myLock on the Main tab.

Cancel for limited functionality in Guest mode.

Welcome to PassLok

Looks like you received an invitation to use PassLok from someone whose user name is in the box below. If you wish to use a different name for this person, you can change it.



In the following screens, you will be asked to provide a user name for yourself, plus a secret Key, and a piece of public data such as your email. You can go offline if you like; nothing will leave this device. Your Key will not be stored.

This is needed to keep a permanent directory of your friends’ Locks and shared Keys, all securely encrypted. If you prefer not to store anything, click Exit.

If you have three minutes to spare, you may want to watch the fun video called by the button below, which explains how PassLok works. It will load on a separate window. Click Next when you're ready.

     Step 2 of 5

Please enter your user name here. This way several users (or several identities) can share the same device.



     Step 3 of 5

Now enter your secret Key in the box below. You will never give this Key to anyone. Make sure to use $ymbol$, numb3rs, caPiTals, unusual words and mespelingss. You should be able to remember it, because it won't get stored.

The Suggest button will get you started with five words, which you can modify at will.

This is where the Key score will appear




If your Key score is below Medium, PassLok will be very slow.

     Step 4 of 5

You will get better security if you also provide some public piece of data about yourself, such as your email address. There's no risk of spam since nothing will be sent out. You can skip this if you want.

If you want your encrypted output to be compatible with that of PassLok for Email, you must write your email address here.




For ultimate security (at the expense of portability), you may want to click the Random button to use a random token instead. It will be stored locally in encrypted form.

     Step 5 of 5

When you click the button below, the random-looking Lock matching your secret Key will appear on PassLok's Main screen, along with some further instructions. You want to send that Lock to your friends so they can send you encrypted messages. You can do this any time by clicking the Email button or just by clicking the checkbox below.

You will start in Basic mode, which shows only the most essential functions. If you are looking for more features, go to the Options tab and check the Advanced checkbox. There is also Email mode, which makes this app fully compatible with PassLok for Email and PassLok Universal.

You may not see this screen again, but comprehensive help is always available on the Help tab.

  Email my Lock  




Please enter a new User name for this account




 








 

Please enter your new email or similar item, or a new random token





 

Your Lock will change if this is not the same you entered before.

If you use a random token, make sure to back it up from Options.


Enter the Hidden Message


Enter the Key/Lock




 

Enter the Key for the Hidden message




 

The Hidden message will appear on the Main tab


Enter the total number of parts (between 2 and 255)




And the number of parts needed to retrieve the item





 



Choose the type of chat, then optionally write in the box a message plus date and time

    Text     Audio     Video     Jitsi