to File       Binary     Text

Welcome to URSA

   For help on how to do things, click on each title.

What is URSA?

URSA makes your favorite email private by encrypting it with a shared Key so only the intended recipients can see it. You don't need to make an account anywhere, but you need to get the shared Key to the recipients by some secure means (unencrypted email or texting won't do). Once this Key is forgotten by all participants the content remains encrypted forever.

In other apps "forever" means a really, really long time, because of the computational difficulty of recovering a high-entropy encryption Key. In URSA, it really means forever, whenever the Key is longer than the message being encrypted.

You can also use URSA to set up real-time secure chat sessions involving text, files, audio, or even video. The connection is direct between participants, with a server getting involved only at the start so you can find each other.

URSA runs on a browser and is platform-independent. The chat component, however, does not yet run on IE or Safari, or under iOS.

URSA is still in experimental phase, as it has not yet been duly vetted by experts. Bear this in mind before entrusting sensitive information to it.

If you want more capability, you may want to try SeeOnce, from, or PassLok, from In addition to read-once encryption and Letters encoding for a single recipient, PassLok implements three more encryption and five more steganography modes, plus signatures and secret splitting. PassLok can also encrypt for several recipients at once. SeeOnce encrypts for only one person at a time, but it does so in such a way that messages can only be decrypted once. URSA is fully compatible with PassLok, but not with SeeOnce.

How do I use URSA?

Just type the shared Key in the top box and the plain message in the bottom box. As you type the Key in, it is evaluated for strength, and a message above it tells you how good it is. If you click the eye icon, you'll also see a mnemonic "hashili" word based on the Key, to reassure you that you typed it correctly. Clicking the eye icon again reveals the whole Key.

If you paste the plain message in, it will be encrypted automatically, otherwise click Encrypt. If then you click the Email button, it will be forwarded to your default email so you can send it out. The recipients only need to click on a link on the email and supply the shared Key.

If you want to disguise the result as apparently normal text, click the Text hide button. You will be prompted for a cover text and directed to complete the result.

To decrypt a message, enter the shared Key on the top box and then paste the message in the bottom box (it is fine if it is disguised as normal text). The message will unhide and then decrypt automatically. Otherwise, click the Decrypt button.

You can also embed the encrypted message inside an image so that its presence cannot be detected. Start the process with the Encr. to Img button if you are encrypting, Decrypt Img if decrypting, with the main box empty. When encrypting, you can choose the image format to be PNG or JPG.

When encrypting to image, you can embed a second message in addition to the main message, by writing the following in the Key box before clicking the button: main Key,followed by a vertical bar "|", Key for the second message, another vertical bar, second message. To extract the hidden message, the Key box should contain the following before clicking the button: main Key, vertical bar, Key for the second message.

URSA will run from a saved file, so you don't have to be online in order to use it.

How do I get quantum-resistant encryption?

As of 2019, reversing the encryption done with a symmetric Key having 256 bits of entropy still takes gazillions of years of computing time, but future quantum computers promise to shorten this (although not as much as they would for asymmetric encryption). URSA has a special "Pad mode" that not even quantum computers will be able to crack.

URSA shifts into Pad mode whenever you supply a shared Key that is longer than the plain message being encrypted (the Key must be at least 43 characters long). Then press Encrypt normally.

A pop-up will ask you for the start position, which must be a number in the range given by the pop-up. After you enter this, the encryption proceeds. To decrypt, the recipient must supply the same long shared Key and the same start position. Since security comes mostly from using a long Key, it may be okay to transmit the starting position in plaintext, if you have to.

You can disguise the result as apparently normal text as for the normal mode, by clicking the Text hide button.

Typically, the long Key will be copied from a text file or online document, and then pasted in the top box. You can also load a local file into the lower box using the File load icon, and then click the Swap button to move the text to the top box.

Pad mode encryption is slower than regular encryption, especially if the text to be encrypted is also long (the length of the Key text doesn't matter so much), but the result is mathematically impossible to decrypt without the Key.

How do I use Human mode?

If you or your friends don't have access to a computer that hasn't been compromised, you can still communicate in Human mode, which can be performed simply with paper and pencil. This mode is explained in detail in this page, which also does encryption and decryption for you:

URSA shifts into Human mode whenever you supply a shared Key that consists of three strings separated by tildes "~" (or two tildes after a single string). Type your message in Latin characters, then press Encrypt normally. Bear in mind that all punctuation will be represented as periods upon decryption.

You can disguise the result as apparently normal text as for the normal mode, by clicking the Text hide button.

If the appropriate key is loaded, decryption happens automatically as soon as you paste in the encrypted message. Otherwise, click the Decrypt button. Unlike in other modes, you won't get a message telling you whether or not the decryption has been successful.

Messages encrypted by URSA in Human mode can be decrypted in PassLok, and vice-versa, plus the page linked above.

How does Chat work?

If you click the Chat button, a dialog asks you what kind of real-time chat you want to set up. There are four choices: text and files, this plus audio, and all this plus video, and Jitsi, which is more full-featured (except for file exchange). You can also add a short message, such as a date and time for the chat session.

After you click OK, URSA makes a chat invite exactly as when encrypting a message. You then send it to the other participants, keeping a copy for yourself. When the time for the chat comes, decrypt the chat invite and then you'll be able to join the chat session like everybody else.

When the recipients get your chat invite, they will decrypt it like any other URSA message and then a new tab for the chat will open and ask for an alias. When they supply this, they'll be connected directly to each of the participants already in the session. They may be asked to grant permission to feed audio or video when the connection takes place.

If you get disconnected, reload the chat tab and type your alias again. You can change the chat type at this point.

Can I encrypt files and images?

Chat has its own secure file-sending process, so we refer here to encrypting files using the main encryption process. You have two choices:

1. Encrypt the files using AES with a utility such as 7-zip (Windows), Keka (OSX), or p7zip (Linux), then encrypt the encryption password inside a URSA-encrypted message, and attach the encrypted archive to your email.

2. You can also load files using the button near the right end of the rich text toolbar (which you display with the Rich button, if it is not displayed already), which will load each file as a link, and then encrypt them as a regular message. After decryption, the recipient can save the files contained in the main box by clicking the Save button below the box or the rightmost button on the toolbar.

Images can be loaded as described above or directly as image, by clicking the image icon on the rich text toolbar and are encrypted just like text.

If the file loaded is text, it will load as text rather than as a link. You can also load text into the Key box. Just load it first into the main box, and then click the Swap button.

Finally, you can save an encrypted message as a file, by checking the to File box and selecting the type (Binary or Text) before encrypting. You save the resulting file to disk by right-clicking as described above.

If you include files, which tend to contain a lot more bytes than text, you may want to encrypt to file rather than text in order to speed up the process as described in the next item, especially if you want to send the encrypted output by email.

Can I encrypt large stuff?

Sometimes the text, images, or files you wish to encrypt contain a lot of bytes, which would fill many screenfuls with gibberish text. Email programs won't take large text without clipping it, thus making it impossible to decrypt it. The solution is to output to a file rather than text, by checking the to File box and the type of file to make (Binary or text) before clicking Encrypt.

After encryption, you will see a link on the main box, which you can download by clicking the Save button below the box. Then you can send it as an email attachment, for instance.

To decrypt the file, load it as described in the item above, and then decrypt it with the shared Key just like something encrypted to text.

Are there any potential insecurities?

We have tried to make URSA extremely easy to use without impacting security, but tradeoffs do exist. There are two issues that you must be aware of:

1. How to get the shared Key to the recipients. Just encrypting it with a previously shared Key before sending is not secure enough, since compromising the previous Key will immediately compromise the new Key. Most likely, you are going to have to meet in person, or exchange Keys using an asymmetric encryption program such as SeeOnce or PassLok.

2. Hackers could change the code at the web server, and therefore destroy all security without users realizing it. The native app versions of URSA are code-signed by the respective app stores so this is not a problem with those, but if you are concerned about the authenticity of the web app, you can verify it by following the instructions below.

Click here for instructions to verify the URSA code.

Warning: following the links in these instructions may give away your location; proceed with caution.

1. Head to and write in the second box from the top, then type Enter or click "Convert File". This will instruct this website to fetch the URSA code from its server and perform a SHA256 operation on it.

2. A new screen should appear, displaying the SHA256 string in several formats. Now you want to compare this with the published value, which is available at different places. If both strings are the same, the code is tamper-free. Here are a few locations where this string in published (more to be added):

3. Hackers may also be able to change the published SHA256 string, so this is why a video of F. Ruiz, the URSA developer, reading the string aloud with background music always accompanies the string. Watch it to make double sure the code is authentic.

What's underneath URSA?

URSA is a very simplified sibling of PassLok Privacy (, from which it takes its symmetric encryption mode, which is based on the XSalsa20 stream cipher, plus the WiseHash key-stretching algorithm to increase security with weak Keys.

PassLok can decrypt URSA-encrypted messages, and encrypt short messages that URSA can decrypt. It also includes a complete directory management system for Keys shared with other users, so you only need to select the correspondent's name from a list on the Main screen.

The quantum-resistant mode is not based on XSalsa20, but rather on repeatedly taking the SHA512 hash of a shared Key longer than the message itself, and using the random-looking result as a keystream to encrypt the message.

You can get full details on URSA's cryptography and the Chat function from the PassLok technical document..

Keyboard shortcuts

The main functions in URSA can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a list just in case:

Privacy Statement and Warrant Canary

URSA is a self-contained piece of code that does not rely on servers to do its job. Therefore:

1. We cannot give your Keys to anyone (not even yourself) because we don't have them.

2. We cannot give your private data to anyone because URSA does not send anything out of your device, either. When you download the app from the web server, you get only the code, without any cookies, plugins, or anything of that sort.

3. We cannot eavesdrop on your chat sessions, or enable anyone to do so. Establishing a chat session does involve contacting a signaling server (Firebase) and giving it your IP address and a disposable chatroom name so that others can contact you; the signaling server never sees the content of your chat, which is between participants only. The URSA web server doesn't even see the connection data.

4. We will never weaken the cryptography methods contained within URSA at the request of a third party, private or public. This also means no backdoors will ever be added. We would rather shut down URSA than be forced to do this, which would betray the very essence of our efforts. If we learn that a counterfeit version of URSA is circulating, whether placed by hackers or government agencies, we will make the fact known to users.

Notice: Since URSA is distributed as a piece of human-readable code, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of URSA, whether by individuals or public entities, violates free speech and copyright protection laws.

URSA contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using URSA.

This paragraph and the canary logo above attest to the fact that, up until the release of version 4.2.13 (March 2023) we have not received any requests under gag order for user data or modifications of the code. This paragraph will be periodically updated as this situation continues.

URSA 4.2.13 © F. Ruiz 2023
This document may be used, modified or redistributed under GNU GPL license, version 3.0 or higher.

Choose the type of chat, then write in the box the date and time

  Text and files     Audio     Video     Jitsi


Please enter the cover text for hiding and click OK