Hello! You're looking at a fully functional instance of PassLok running within a frame served from passlok.com. If the page shows a mostly white screen with some instructions, this means that this is the first time that PassLok runs on this machine and that you should stay on this page of Learn PassLok until you have chosen a Key. If you have already done this, go to the next lesson.
Near the bottom of the screen is a button that will load a three-minute YouTube video if you click it. We recommend that you watch it, since it introduces the essential concepts in a lighthearted way. Those concepts are used in the lessons in this page.
Whether or not you watch the video, you have two options:
- Click Exit, which will take you directly to the Main screen without creating a user. Nothing will be stored between sessions.
- Click Next, and then you will be asked, in three successive screens, to provide a user name, a secret Key, and an optional email or token.
- And this is what the different screens you see when you click Next do:
- 1. The purpose of the user name is to identify the data that you may end up storing during the session, so you can find it again when you return. You can use your own name or a fake name, but you must provide a name or you won't be able to complete the process.
- 2. The Key is what opens everything in PassLok. It should be hard to guess but easy to remember. PassLok is not going to store it, yet everything depends on it. As you type your Key, a message above it will tell you how strong it seems to be. PassLok compensates for bad Keys by making everything very slow, so it is to your advantage to spend some time until you can come up with at least a Medium Key.
- 3. The third box is to enter your email or whatever else you want (we'll call it "email" from now on, even if it is something else). It does not need to be secret but it should be a piece of data that identifies you only, in order to prevent hackers from making a catalog of ready-made Keys. If you want ironclad security, you can enter a random token (there is button to make one). Unlike the Key, PassLok stores this piece of data, so that you don't have to enter it again, but then you may find yourself dependent on this particular machine. If you want to use this standalone PassLok app in conjunction with PassLok for Email, it is best if you enter here your real email address.
- 4. The final screen offers a few final instructions, plus the opportunity to send your newly-minted Lock by email, just by checking a box. This is a good idea, since your friends need to have your Lock before they can send you encrypted messages.
Here's the three-minute video button, in case you want to watch it again (will open on a new tab). The button with the arrow will take you to the first lesson on Locks.
If the first screen does not show the intro screen, then it should be showing the Key entry dialog. You can actually do a lot of things without entering your secret Key, but you will need it for storing things between sessions (otherwise you'll have to enter them all over again) and for decrypting items, so this is why PassLok asks you for it right first thing. It will be kept in volatile memory so you won't need to enter it again so long as keep using it. After five minutes of not using it the Key disappears from memory.
The Key is not stored, even though PassLok will know when you enter a wrong Key for your selected user and then will refuse to move forward. You can see what you typed by checking the Show box. If you believe that you typed it correctly but PassLok is not accepting it, you can always Cancel to get to the main screen in Guest mode, and try to fix it later.
If there are several users listed, you must select the user on the list before you click OK, but if there is only one user there is no need to select it. Just enter the Key and click OK.
The first time you got to the Main screen, you probably were presented with a greeting containing your Lock, plus an encrypted message that you were then invited to decrypt. This greeting won't be repeated, but we'll try some of the same activities in the next few lessons. The first one is generating your Lock. Go ahead and click the myLock button.
The relatively short piece of gibberish that appears on the Main box when you click myLock is the Lock matching your secret Key and email. Think of your Lock as a sort of padlock that anyone can apply to an item (a piece of text, a picture, any other kind of file) so it becomes "locked", that is, encrypted, and therefore unreadable and unusable. An encrypted item can only be "unlocked" and returned to its original state by applying the Key matching its Lock.
Okay, so here is the all-important fundamental concept: when you encrypt some stuff in order to send it securely to someone, you must use the recipient's Lock (not yours), so that this person may decrypt it with his/her Key. This means that, until someone else sends you a Lock, you can only encrypt things for yourself. If you want people to send your encrypted things, you must first give them your Lock, hence the myLock button.
Try displaying your Lock by clicking the button. It should be a series of apparently random letters and numbers, starting and ending with PL**ezLok tags (** is the version number). Maybe there will be some dashes. The dashes and tags are not essential and can be removed; their purpose is to identify the item as a Lock and to make it easier to read, even dictate to someone in a pinch. The ezLok variety is case-insensitive.
Go ahead and copy your Lock and paste it into an email, text message, etc. so that your friends have it. PassLok will do this automatically (via email), if you just click the Email button with the Main box empty or displaying your Lock. Read the rest of this lesson when you've got back someone else's Lock.
Welcome back! So now you have someone's Lock, great! If you started PassLok with your Key, you only need to paste it into the Main box. PassLok will recognize it is a Lock and offer to save it in the directory, after you provide a name for it. When this is done, you should see the name listed in the directory, next to "myself". If you haven't got anyone's Lock yet, don't worry; here's Mr. Twinky's Lock:
Mr. Twinky loves Twinkies so much that his secret Key is actually "I love fried Twinkies". He doesn't use any email when making his Lock. Feel free to save Mr. Twinky's Lock to your directory and impersonate him any time you feel like it, now that you know his Key as well. You'll learn how to remove him later on.
Another way to enter it is to click the Edit button next to the directory and then enter the name in the top box and the Lock in the bottom box of the dialog that appears, then click Save and then click Done. This is the screen that will allow you to delete or change a Lock, if you so desire, or to use a Lock without saving it to the directory (just put it in the bottom box).
Got tired of seeing Mr. Twinky on your directory? No problem. Just click Edit and start typing "twinky" (or whatever name you gave it) into the top box until the whole name appears above the box, then click Delete.
Before we're done with this lesson, one more thing for you to think about. Why this whole thing of Keys and Locks? Wouldn't it be easier to just share a password or something like that? Short answer: yes, but then how do you get the password to your friends? If you send it in plaintext it wil be nabbed by those you're trying to keep out of your conversation. If you use some sort of trusted server so it holds it and gives it to your friends (some popular apps do this), well . . . that's a lot to trust.
Long answer: what we are doing is known as "public key cryptography" in cybersecurity jargon. Your Key is the "private key" and your Lock is the "public key". The beauty of this type of encryption is that you never have to give your Key to anyone (PassLok doesn't even store it), and therefore it remains safe. It is okay if enemies obtain your Lock because this does not allow them to decrypt stuff, only to encrypt, and they can't get your Key from your Lock. This is very important.
And by the way, PassLok also takes shared passwords. They are known as "shared Keys" and you can save them in the directory just like Locks. PassLok will know how to use a shared Key if it gets selected.
Anonymous encryption and decryption
Now that you have someone else's Lock, you are all set for the main purpose of PassLok, which is to encrypt text and files so only the right people can read them. If you are new to PassLok, chances are you are in Basic mode (check on the Options tab, if you're not quite sure), and so the default encryption mode is pre-selected for you. This mode is called "Anonymous" because encrypted items contain no trace of who did the encryption.
Go ahead and type something into the Main box. When you are satisfied, click on 'myself' in the directory (top box) in order to select yourself as recipient, and then click the Encrypt button. If all goes well, the text turns into a piece of gibberish letters and numbers, which starts and ends with the tags: PL**msa (again, ** is the version number), which is short for "PassLok version ** message in Anonymous mode".
If now you click Decrypt (it's the same button, with a new label), the original text is retrieved. Every time you click this button, the text is encrypted if it was decrypted, or decrypted if it was encrypted. You may notice that the encrypted message gibberish is different every time. This is because a new random encryption key is being used every time the text is encrypted. You can keep doing this fovever because you are encrypting the text for yourself. When you click the button on an encrypted message, your secret Key, which is temporarily held in memory, is being used to decrypt it. This whole thing works because the message was encrypted with your Lock to begin with, so that your Key can decrypt it.
But try selecting a Lock that is not 'myself' on the directory before you click Lock on a plain message. It turns into gibberish all right, but if you now click the button again, it doesn't decrypt. Instead, you are told that there was no message for you. That's right, this is because the text was encrypted using someone else's Lock, and you don't have the Key for it.
This is what gives security to the whole process. You can't decrypt a message that isn't meant for you, even if you were the one who encrypted it. If you send it to your friend, however, he/she will be able to decrypt it by simply clicking Decrypt. Try it! Put it in an email and send it to your friend, asking him/her to reply back to you with an encrypted message as well (he/she should use your Lock).
I'm setting this apart because it is essential to understand how PassLok works. You encrypt stuff with the Lock of the person who is supposed to decrypt it (not yours, unless you want to be able to decrypt it too, or with anyone's Key), and then that person decrypts the item with his/her Key (which usually is already entered, if not, PassLok will ask for it).
You can encrypt something so that several people can decrypt it. Try this: write a message for your friend, then select 'myself' and your friend's Lock on the directory (hold the ctrl key to select several), and then encrypt it. This time you will be able to decrypt it, and also your friend if you send it to him/her.
Earlier I mentioned that you can also use a password or "shared Key" that is the same for encryption and decryption, instead of a Lock for encryption and a secret Key for decryption. This is somewhat problematic since then you have to transmit the shared Key to your friend on the other end, but in any case PassLok can work with that.
You enter a shared Key like you enter a Lock. Click the Edit button, and then put the shared Key in the bottom box, then click Done. That's all you need if you don't want PassLok to remember that shared Key. If you do, then add a name on the top box and click Save before leaving that screen. Then you'll be able to use that shared Key simply by selecting its name on the directory. The shared Key is stored encrypted so that nobody but you can use it (or even display it).
Go ahead and enter a shared Key as described above. Then write a message in the Main box and click Lock. You'll be able to decrypt it so long as the shared Key stays where you put it. If it didn't and you had saved the shared Key in the directory, select it before clicking Decrypt so PassLok knows which shared Key to use.
If you feel lazy, below this paragraph is a message that has been encrypted with the shared Key "I love fried Twinkies" without the quotes. Copy it into the Main box, then click Edit and enter that shared Key in the lower box, and then go back and click Decrypt in order to decrypt it:
PL24msa==AAE/3Tbu3WMhYeg5vJx62WbBfCDxcFJuIg27isNGGVMejRwRpSUSH0831bx8nuzi7irvaVi ftJDOcfPdaIOWbA/9cwEHCiH/tK+Om2vxl1qxwwxBvP30w+O1StKuzEoHvFJY3YMEYh7Z4+Rp/jgJYj8 6KgmnclGPUbLq2tz/0u+L8P1dZH7me0mieEiMF+sZL1iQ1GVAmC0bnGwgBI/5HQjEssyfuZifDCrfMHj 4M2NNNUL0JVJAed0mRhOPFChfErRYN0xSII3gjY0+mGsZmx2huexfzO4zO9C9mbkff5vI6ZxFiwIxl9N lLqiZKmoZlAVI860Na5jHoyy5Q98ohDfAd8t4awzNlhFdiqpoIIaG2oGCJREoy07zkTPtG/W1vym/wcn JjM7jlXKmuiApQ+NTxxYbUuIsF3DrGP0qx+z0AFs7FTO9yxA==PL24msa
Editing the directory
Sometimes people change their Keys, with the result that the Locks or shared Keys you have in your directory are no longer valid. Or maybe you don't want to send encrypted items to a certain person anymore. This is why PassLok has the Edit button next to the directory box. When you click it, a dialog appears containing two boxes and a few buttons.
The top box is for names. This is where you enter the name for a new item you want to store. It also serves as a search input box for items already in the directory. Just begin typing the name or a portion of it, and then the line above it will display the closest name in the directory and the bottom box will display the item itself, possibly encrypted. If the item is encrypted and you want to see it decrypted, hit the Enter key at the end of the name you are typing.
The bottom box contains Locks, shared Keys, and a few other kinds of items that I'll explain later. Locks are automatically recognized as such as soon as you type them or paste them in because their working core always has the same length. You save an item by giving it a name and clicking Save. If the name is already taken, clicking Save will replace what was previously stored. To delete an item, start typing its name on the top box and, when the full name appears above it, click the Delete button. The Clear button, as you've likely already guessed, simply clears the boxes but does not alter stored items. The Reset button deletes special data associated with that name, which is used in Read-once mode.
There is still one more button on the top right corner that you're probably wondering about. It is labeled General Directory. Go ahead and click it.
If all goes well, two boxes with a pink background appear on the screen. You are looking at a website separate from PassLok but intimately connected to it, where you can post your Lock for the whole world to see. Just paste it into the lower box (it will be automatically filled if you had your Lock displayed on the Main box), write your email address on the top box, and click Post. Your Lock will be posted as soon as you click on a confirmation link that will be sent to you via email (check your spam folder if you don't get it). It will remain posted for six months or until you remove it, whichever happens soonest. The General Directory has its own help system to guide you through its functions.
If your friends have posted their Locks on the General Directory, you can find them by typing their emails on the top box, followed by Enter, or clicking the Find button. If that email is associated with a Lock (sorry, no shared Keys are allowed), it will appear on the lower box, from where it will copy automatically to the directory entry lower box, ready for you to give it a name (which doesn't have to be the email) and save it.
Locks obtained from the General Directory sometimes have a video URL attached to them. Go ahead and watch the video by clicking the Play button. It should show the Lock's owner reading his/her Lock aloud so you can be sure it is authentic. You can also post a video like this by adding its URL below your Lock before you click Post. It is okay to save the Lock to the directory with the video URL attached to it. The video address won't affect the Lock's operation.
Working with Files
PassLok is not limited to simple text messages. It can also encrypt and decrypt any kind of file that your computer can handle. It does so by converting files to text, which can then be encrypted and saved, or simply copied and sent by the same means as text. Try this: click the Rich button if you are not seeing the toolbar above the Main box, and then the rightmost icon on it, which looks like a dogeared piece of paper. This will open a dialog so you can load a local file into the Main box. Text files open up as text that you can see, binary files load as links.
This link actually contains the file. If you want to save the encrypted file, right-click the link and select Save link as.... Now you can encrypt it exactly like a text message by selecting a Lock on the directory and clicking Encrypt. The file now becomes gibberish and gets copied to clipboard so you can paste it anywhere.
The process to retrieve an encrypted file is very similar. First you load it as described above or pasting it from clipboard, then you decrypt it (if you have the Key, that is), and finally right-click it if you want to save it or display it.
Encrypted files can become very large as they convert to text. If this is a problem, you can make PassLok turn its output into a file, represented by a link. To do this, got to the Options tab and click the File output checkbox before doing the encryption. Then you can save that file and load it back just as explained above. You can make it a text file (.txt extension) or a binary file (.plk extension), which should be about one-fourth smaller in size.
Here's an exercise: copy the encrypted item below this paragraph into PassLok's Main box and decrypt it using the shared Key "I love fried Twinkies" without the quotes (enter the shared Key by clicking the Edit button and writing it into the lower box). Then save it and open it using any text editor. It contains further instructions on what to do next:
PL24msa==AAGVEVxC2z3m3qAWtoojWf8RxCerPHN1GrOr7HDZcSrACxIaWjZqLWNlHyzX4jSeU7ZEP1I UZZyAnCKUsVdXgH/8cf+NSxX0nf8Gaonk+Cnp0/Mk88R2GJ6VgJKpyaj/M25hIhobk9+GpazFAoUQdz1 Q3+XbtrpU0U86AelwL5T2AIWY2Ar7qZ5qtZRtq3IRcVEPC1QAa5PthwX7YJ5pbDMOI30plimOFYsxDOT XQsecT0EZIVbRpImKnzd8WKhZ6aic52La/KRK2avznxqgXci1fWYjk56VEkNadgWmmdSCOmBEd7PALrK CLqilNw3GmL+ul6eYrtDy6aDinGa9B82WrgTxZ+uPyu5qUM6sRD19uFtCABEEG8ahE7Q2q41hJ7qgWzW xMBoPuqWlDpfYSnlXiaMp6BsZB6oGVl6YVoHurBdtAxYbH0nCzJm11J99pvI3fpASqEbd9EcTlFToAQw /0qWbE/9xi5kZgQw48N039Uk74papmjfapE+naYj6LRZizZ9UYIG07mZbjV0uEJezfzBm6FyHkg3LED7 LBG3tmHHl8SBT4+A8F4BJPvCrzKV89SKiOSVbtAXDq2RDFOHrlWV8A3QdUMmcGdXMtIXHjNmxYosL80S v0Grv56pQ3bZ9GOVz3C+nRXpWKg==PL24msa
In addition to encrypting text and files so they can be sent by email or mobile texting apps, PassLok is also able to set up real-time chat sessions involving several participants, including text and files at the minimum, but also audio and even video feeds if you want. This is done by means of the WebRTC protocol, which connects computers directly and securely to one another without any server in-between. This works best in Firefox, followed by Chrome (also mobile) and Opera. Unfortunately, neither Safari nor Internet Explorer, nor anything on iOS, support this protocol yet.
Let's say you want to set up a chat session with your friends Ed and Laura (or whoever, really ;-), which you have on your directory. Just select them on the directory and click the Chat button, located below the Main box. A dialog will ask you for the type of chat you want (default is text and files only), plus a short message you may want to include (maybe to tell your friend the exact time for the chat). PassLok will make up a chatroom name with commonly used words chosen at random, to give you as much privacy as possible.
If all goes well, the Main box fills with an encrypted item bracketed by tags of the form "PL**chat" (** is the version number). This is a PassLok chat invitation. You must now send it to the chat participants by email, mobile text, or whatever. It is encrypted for them only to decrypt. You will be able to decrypt it, too, so there is no need to choose yourself when selecting participants. Here's an example:
PL24chat==AAJllYfmjjMAhNkNq4um7lyBPr+AflfThIHjqrS3rAqryphpbQFhiqk/nPcKyr71sU1+x4 /EjQPNsQoyTHgTvtx8c7zdgyD+LAtnGl23qax0GIaYIhTri454WI+e4V3ecf8TF5aGQzNYbYY2wBdYtD sybv1qOKcVURoq9D39L0mphBWpjcPTwb6Y1dIyDFXjF0lW1kQyuS3n46Gs7Cj8Ct5JmXdfbTjAS7HD5a vYvovx/X3X++mmsFoQ+wrl9vaX3f/O1k33Vx/oADjuF+WPbCDQJQe8hmN2QMzF/UD08yZXTvZp+6q662 SW+fepfiFp+Qjj8QtqrnajG1UL+qfFUrZLt2xEOx+Q14yTtD72RIpdXtL6tsg5rOHR59n96q/zdNT9EQ c/drtdjBoQQPTjBlKJGhXVtjshFo93ZdL9HTl/JyOJF/qENSg+KPry/dcYpV2uKxkhofDXd8EADy5Zfy Z5FUnQGvnSJ0Od4nCPc0YJfRA==PL24chat
PassLok uses chat invitations in order to avoid using servers like everyone else does, since servers typically have access to the chat data and can record the conversation, even if encrypted, to be decrypted later. When a participant gets the invitation, he/she only has to copy it into the Main box of PassLok and click either Chat or Decrypt, if the item does not decrypt automatically. First a popup will display the short message, if any (just in case it's not yet the time for the chat) and offer to cancel the process and try later. If you go ahead, the chat frame loads. If the chat is meant to contain audio or video, you will be asked to allow access to mike and/or camera at this point.
The first participant to connect to the chat will see a little box to write his/her chat name and a buton labeled Start. Those arriving after the chat has started will see a button labeled Join instead. They are all notified when someone new joins or someone leaves. The chat text moves down as the chat proceeds, so the newest post is always at the top. A bell chimes whenever something changes, so you can work on something else as the chat session proceeds. You can also go back to the main screen of PassLok, and return to the chat by using the Back to Chat button.
Try it! Make a chat invitation in PassLok (you must select someone other than yourself, or enter a Lock or shared Key manually; select Text and Files), and copy it to clipboard. If you'd rather not do this, just copy the sample invitation above, which was encrypted with the shared Key "I love fried Twinkies". When you click the button below, another instance of PassLok will open on a separate tab, which we are going to pretend is your friend's computer. Enter your Key and then paste the invitation into the the Main box. Now decrypt it both in this tab and in the other tab (you'll be able to do it since your Lock was automatically selected when the invitation was made; if you are using the sample, click Edit and type "I love fried Twinkies" without the quotes on the lower box) and join the chat using different names on either tab. Observe how what you type on one tab is seen on the other as soon as you hit Enter. This will work even if, instead of two tabs on the same machine, the two copies of PassLok were running across the world from each other.
Time for some explanation of the magic taking place here. First of all, it should be obvious at this point that only those selected when the invitation was made will be able to decrypt it, but then, how do they know how to connect to each other? Did PassLok somehow detect your location and pass it along to the other participants? In addition to the optional message and the type of chat, the invitation contains two pieces of data: the chatroom name and a 256-bit random password. When the invitation is decrypted, PassLok opens a frame whose code is isolated from the PassLok code and passes it the chatroom name and the pasword.
Pretty much all of the work is done by the separate chat code. It contacts the "signaling server" Firebase.io and opens a chatroom there named as in the invitation, then instructs Firebase.io to put your machine's IP number (it can only be seen properly from outside your machine) into the cubbyhole represented by that chatroom name, and to send you back the IP numbers that may be placed there by others. This is as far as the involvement of Firebase.io reaches. Every time your machine receives an IP number from Firebase.io, it attempts to establish a WebRTC connection, which is always encrypted at browser level, with the machine at that address. Everyone trying to join must supply the correct value of the random password, which was never sent to Firebase.io, thus ensuring that interlopers who might have spotted your private chatroom on Firebase.io still cannot connect to the chat.
Once each one-to-one connection is established, there is no further contact with the signaling server. Nobody other than the participants can see the content of the chat or record it for future reference. The encryption keys used by the WebRTC protocol disappear when each connection closes.
A lot of users will be content with the functionality we have seen so far. In the preceding lessons you have learned to come up with a secret Key, make its matching Lock, and send it to your friends or post it in the General Directory so they can find it and thus can send you messages and files that only you can decrypt. You have also learned to encrypt messages for other users and decrypt those sent to you. You know the difference between secret Keys, Locks, and shared Keys, and how to use them. You can encrypt and decrypt files and, finally, you learned how to set up and join a real-time chat session by means of encrypted invitations. In this lesson, we cover a few functions available in Basic mode that still need to be mentioned. We will do this by listing the buttons and boxes that activate each function.
On the Main tab:
Rich (only non-mobile): This button toggles a bar above the Main box containing a full set of formatting options. You can select boldface, italics,
strikethrough, different colored text, you name it. To hide the bar, click the same button, which should be named Plain.
Copy, Clear: Just what you guess, select the whole content and copy it to clipboard, or clear it. Sure, there are mouse and keyboard shortcuts for this, but sometimes they become unresponsive (especially on Chrome when there is a lot of stuff in the box), and the buttons still work.
Email: Clicking this button opens up a compose screen on your default email (if you have registered that with the browser) containing the text in the Main box formatted as a link and some additional explanatory text matching the kind of item in the box. Some ready-made emails also contain your Lock. You only need to supply the recipients' addresses and send it. Be aware that most browsers will refuse to run this function if the box contains a lengthy item.
Invite: If you click this button with some text in the box, PassLok encrypts it in a special non-secure way (so don't click it if there's compromising info in the box!) and prepares a special invitation email that contains your Lock, the encrypted text, and some instructions on what to do next. This comes in handy when you want to communicate with someone who is new to PassLok.
SMS (mobile only): This button will open your default texting app so you can paste there whatever you copied from the Main box. You must copy the item before clicking this button, since the contents are not copied automatically.
Near the bottom of the main screen are three radio buttons. These are used to select the encryption mode before you encrypt an item (mode selection is automatic when decrypting). These are the modes:
1. Anonymous (default). The recipient simply clicks on Decrypt without having to identify the sender.
2. Signed. The recipient needs to identify the sender before decryption by selecting a name on the directory or entering the sender's Lock after clicking Edit. If decryption fails, this may be because the item was encrypted by someone else. Only the correct sender can encrypt a Signed message that will decrypt successfully.
3. Read-once. Here the recipient also needs to identify the sender before decryption, but there is an additional feature: the item can be decrypted only once after a conversation has been established with that sender. Trying to decrypt it again results in an error, because the temporary Key needed to decrypt it has been overwritten. Handy when you are concerned about leaving a permanent record on email.
On the Options tab:
Interface: here you select between the default Basic interface, the Advanced one, which gives you access to all of the PassLok functions, and the Email interface, which makes the app behave like PassLok for Email. Warning: you will see a lot more buttons and settings if you select the Advanced interface.
Color scheme: PassLok opens with a Light color scheme, but there are four more that you can choose from as your mood strikes you, or even make your own. The color scheme has no effect at all on the rest of the functions.
Learn mode: If you check this box, just about every time you click a button you will be presented with a dialog telling you what is about to happen and asking you to confirm it or cancel it. There are also tooltips that will tell you what will happen before you click the button, but thise are not visible on mobile devices.
Hidden msg.: When you check this, you are telling PassLok that you want to add a second, undetectable message. Clicking Encrypt opens a special dialog where you enter the hidden message and aspecial key for it. If you have the Hidden msg. box checked when decrypting, PassLok will ask you for the special Key, and then display the hidden message above the Main box, if it is decrypted successfully. Think of the possibilities, especially if you think you might be forced to reveal your Key at some point in the future.
On the Help tab:
Search box: this will take you to help items whose title contain the words you type. Handy for finding what you need among so many items.
Help items: Initially you only see the titles, but clicking on each title opens the corresponding item. Many items contain additional material that you can unveil by clicking a subtitle, or links to YouTube videos where the developer explains each function. In Basic mode, you will only see the items dealing with the functions you can access. To see the complete list, switch to Advanced mode before clicking the Help tab.
Going through all the advanced functions of PassLok would take a whole set of lessons all by itself, which you probably no longer need if you've made it this far. PassLok's built-in Help system contains instructions for each of them along with a lot of YouTube videos, so feel free to experiment and see how they work. In this lesson we just tell you what's available.
Putting a seal on a text or file is the logical inverse of encrypting it. A text is encrypted with a Lock, so only the person with the matching Key can decrypt it. A text is sealed with a Key, so those having the matching Lock can unseal it. The difference is that the Lock is public whereas the Key is secret. Therefore, potentially everyone in the world can unseal a sealed item so long as they know who sealed it and, in so doing, they are assured of its origin because no one else in the world has access to the Key that sealed the item.
Seals are useful in special circumstances, like when people join a chat session involving only text. Those already in the session are not assured of the newcomer's identity (of course, they were able to decrypt the invitation, but people are sometimes quite paranoid) but they can always ask the newcomer to seal some gibberish they are given. When the sealed stuff is properly unsealed, the identity of the sealer is verified.
The typical encrypted message does not fit within the 160-character limit of a mobile text message. By selecting Short mode in Options, PassLok makes sure that it does. All encryption modes remain available in Short mode, except that only one recipient can be selected and no hidden message can be added.
Similar to Short mode but without length limitations, selecting this mode ensures that PassLok's output wil be decryptable by the URSA and SeeOnce apps. There is no need to check this box while decrypting messages encrypted by those apps.
Encrypted items have a distinct look that might get you into trouble in places where encryption is frowned upon. PassLok has a number of ways to disguise its output as regular text, which might pass muster with human or automatic scanners. They all operate by loading a cover text into the directory (cover texts can be saved and selected from a list, too) and clicking the Text hide button. PassLok then takes the words of the cover text and weaves them into an apparently normal piece of text that actually contains what was previously in the Main box. Revealing the hidden content is as easy as putting the containing text in the Main box and clicking Text hide again, or automatically as you paste the text in.
Since hiding an item into a text doesn't give any real security like encryption does, PassLok will refuse to apply this function to anything that is not legal PassLok output.
There are five hiding modes, selectable from the Options tab: Letters, Words, Spaces, Sentences, and Invisible. You must select the hiding mode before clicking the Text hide button. Letters varies the encoding of certain characters, leaving the cover text apparently untouched; Words just uses words from the cover resulting in nonsensical sentences; Spaces encodes the item in the spaces between words of the cover text; Sentences takes whole cover sentences (which therefore still make sense) and arranges them in a different order. Invisible hides the encrypted item in the Experiment and see which one suits you best. When unhiding, PassLok detects the mode that was used, so there is no need to select it in Options.
Besides hiding as innocent text, PassLok can hide its output inside images. Just click the Image hide button and load an image to serve as cover, then click either the PNG hide or the JPG hide button and save the resulting image (which likely still looks the same) by right-clicking on it. If you had a single recipient selected on the Main tab, PassLok will make a best guess for a special Password, which will make the presence of data in the image virtually undetectable. You can then take the resulting image and email it, upload it somewhere, or whatever. Images can contain a lot of hidden information, especially in PNG format, although JPG format is more popular.
To reveal the hidden contents in an image, load the image file, make sure you have the same special Password typed in, and click the Reveal button. Detection is automatic. The hidden contents will be displayed on the Main box, from where they can now be decrypted. As in Text hiding, PassLok will refuse to hide anything that is not legal PassLok output.
Split and Join
This function performs the Shamir Secret Splitting Scheme (SSSS) on whatever is in the Main box. When you click the Split button, a dialog asks you how many parts you want to make (up to a maximum of 255), and how many of those will be required to reconstruct the original (default is all of them). The result is a number of random-looking strings bracketed by PL**p^^^ tags, where ** is the version number and ^^^ the number of parts needed to retrieve the original. You should then copy the parts one by one and send them in different directions.
To retrieve the original item, you must place a sufficient number of parts in the Main box, each on its own line, and click Join (same button). If all goes well, the original item will appear in the box.
Try it! Get the formula for Coca-Cola and split it into as many parts as you deem necessary to keep any one person from running away with the whole thing. Make a few spares in case someone dies and takes the whole secret to the tomb.
Changing your Key, user Name, or Email
You may want to change those because you suspect your Key might have been compromised, or just because you feel like it. These buttons on the Options tab allow you to do it without messing up your local directory, which is always encrypted by your current Key.
Backup and Remove
And what if you want to stop using a particular machine and not leave any traces behind? This is what the Backup/Remove Whole Directory button is for. In case your directory contains information that you want to take to a different machine, a special backup item iscreated on the main tab. It will reconstruct your local directory and all your settings if you put it in the Main box and click Decrypt with the same Key in memory.
Sometimes it's just your settings that you want to clear because they've gotten messed up. This is done with the Backup/Remove Options only. Same operation as with the otehr button, except that only your settings are affected, and not the other items stored in the local directory. Unlike the other button, this one is still active in Guest mode (you enter this mode when you enter Cancel at the Key input dialog, rhather than OK) for those occasions when PassLok just refuses to recognize your Key.
The Chrome app version of PassLok has the additional nifty feature that it syncs your local directory through Google servers. This means that you can go anywhere in the world, fire up Chrome on a machine you've never used before, log into it with your GMail name and password and, shazam! your complete local directory is there ready for you to use, so long as you create a user with the same name as last time. When you are ready to stop using the machine by clicking Backup/Remove Whole Directory, PassLok will ask you if you also want to delete the Chrome sync data. If you cancel that, you can keep repeating this trick over and over, each time on a machine you never saw before.
Google cannot really compromise your data because every sensitive item is previously encrypted with your Key, and you are asked if you want to re-encrypt everything if you switch machines. The only stuff they could possibly get is your friends' Locks stored in your directory, and those can also be stored encrypted if you select so in Options.
If you are really, really paranoid, you'll love these other features:
Pad mode: You trigger this special encryption mode when you load a large piece of text in the directory Edit big box. Same to decrypt from it. This causes PassLok to make up a key, based on the loaded text, containing the same information entropy as the text to be encrypted could possibly have (if it were random). For the layman: this makes the encrypted result absolutely impossible to decrypt, even by trying to guess the key, unless you have the exact same key text. It doesn't matter if the enemy has a gazillion quantum computers at its disposal.
Human mode: You can use this mode if you don't trust computers (and you shouldn't, obviously). It is triggered by typing into the directory Edit big box a Key made of three strings separated by vertical bars "|". The upshot is that all the operations can be performed by hand without much effort, and still obtain very good security. This algorithm could have been invented a few centuries back, and world history might have been quite different as a result. The algorithm is explained in detail in this page: https://passlok.com/human
Hidden messages: You know already that PassLok can add a second, undetectable message to any encrypted message by checking a box on the Options tab, but did you know that you can also do it when you are hiding something inside an image? Just type a vertical bar after the image Password, followed by a second Password, another vertical bar, and the hidden message. Recipients who know the two Passwords will retrieve the hidden message in addition to the main hidden contents if they type the two Passwords separted by a vertical bar in the image Password box. Both the main hidden contents and the second message are undetectable to those who don't know either Password, as is the hidden message to those who only know the main hiding Password. Talk about paranoid!
And if you are really, really lazy you will love PassLok for Email, which takes the most frequently used functions of PassLok and integrates them with web-based email clients (currently Gmail and its derivatives, Yahoo, and Outlook online) so that just about everything we've seen on this page is done automatically for you, and you never need to cut and paste between pages. PassLok for Email is a free extension for Chrome and its derivatives, and for Firefox, and you can find them in their respective addon stores. But since we're talking lazy, here are the links:
Check it out for yourself. Now that you know the standalone PassLok, PassLok for Email will be a breeze!