These are the most essential video tutorials on PassLok. These and a few more are also at PassLok's YouTube channel: https://www.youtube.com/channel/UCwTjDcqsq11oAPJXWb4mrUw
|
Keys and Locks in PassLok.
This video tells you the essence of PassLok (and of all kinds of public-key cryptography, for that matter) in a lighthearted way. Best introduction for complete novices. It's a little over six minutes long, but worth it. For an even shorter version (three minutes), get the link from inside the PassLok Help tab. |
|
Introducing PassLok for Email.
The email-integrated app, which currently works with Gmail, Yahoo, and Outlook, is so easy to use that it hardly needs any explanation. In this video, I tell you how to install it, set your Password, send your first message to someone else, and get a reply that completes the connection between the two of you. The screen is split between two users: Alice on the left, and Bob on the right, both using Gmail. |
|
PassLok Privacy secures your insecure email, using your regular account.
In this video, I have set up the two tabs on the left as Alice, and the two tabs on the right as Bob. Here's what happens: 1. Alice wants to send a secure email to Bob, so she opens PassLok on a browser tab next to her email. Alice now writes her secret message in PassLok, encrypts it with Bob's Lock, and then copies the result and pastes it into her email program. 2. Bob retrieves Alice's email and, seeing that it is encrypted, copies it into PassLok, which he opens on a separate tab. He has his master Key ready, and so he can decrypt it and read it. 3. Now Bob has a reply, which he enters into PassLok, and encrypts it with Alice's Lock, which he has previously entered in his local database. He emails the encrypted reply, and then Alice decrypts it with her secret Key. Alice and Bob have exchanged confidential information securely over insecure email, and they never had to make a new account anywhere or deal with any server that might compromise their security. Their respective secret Keys were never transmitted or stored anywhere. |
|
Starting and joining a secure chat session.
Rather than asking participants to sign up to a chat service, PassLok sets up direct peer-to-peer chats by means to encrypted invitations, which can be sent to the participants by email or other insecure means. To make an invitation to join a real-time multi-party chat session: 1. Select the other participants in the chat on the list at the top of the Main tab. You are automatically added. 2. Click the Chat button. If the main box did not contain a chat invitation, a new one is generated and placed there. You can now email it with the Email button, or send it out by any other means. To use an invitation to join a real-time chat session (tags are PL**chat): 1. Place the invitation in the Main box and click the Chat button. 2. A new screen opens. Write the name you want to use for the chat in the top box, and then click Start or Join depending on whether or not you are the first to arrive at the virtual chat room. 3. As participants join the chat session, their chosen names will appear in the Text log (or a randomly-chosen tag, if they didn't supply a name). You can then post text by writing it in the Text box, followed by Enter. You can also post files by clicking the Browse or Files button. |
|
Anonymous encryption.
To encrypt: 1. If the recipients' Locks have been previously stored in the local directory, simply select their names in the top box of the Main tab.
3. Click the Encrypt button (Lock/Unlock in the video). The encrypted message will appear in the box, replacing the original message. Copy it and paste it into your communications program or click Email to open your default email. To decrypt a message (tags are PL**msa): 1. Paste the encrypted message in the lower box of the Main tab. 2. If it doesn't decrypt automatically, click the Decrypt button (Lock/Unlock in the video). The decrypted message will appear in the box, replacing the encrypted message. |
|
Signed encryption.
To encrypt: 1. At the bottom of the Main tab (Options tab in the video), make sure the Signed button is selected. 2. If the recipients' Locks have been previously stored in the local directory, simply select their names in the top box of the Main tab.
4. Click the Encrypt button (Lock/Unlock in the video). The encrypted message will appear in the box, replacing the original message. Copy it and paste it into your communications program or click Email to open your default email. To decrypt a text or file that has been encrypted in signed mode (tags are PL20mss): 1. If the sender's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab. If not, go to the Directory tab and paste the Lock in the lower box. 2. Paste the encrypted message in the lower box of the Main tab. 3. If it doesn't decrypt automatically, click the Decrypt button (Lock/Unlock in the video). The decrypted message will replace the encrypted message. |
|
Decoy mode
To encrypt a second, undetectable message in addition to the main message: 1. In the Options tab, check the Decoy checkbox. 2. Follow the above instructions for any kind of encryption. A popup will ask for a hidden message and a Decoy Key. 3. Input the Decoy Key and hidden message into the corresponding boxes. Then click OK. The encrypted message containing both the main text and the hidden text will appear in the main box, replacing the original text. Copy it and paste it into your communications program. To reveal the hidden message: 1. On the Options tab, check the Decoy checkbox. 2. Follow the instructions for any of the encryption modes. A popup will ask for a Decoy Key. 3. Input the Decoy Key and click OK. The hidden message, if it exists, will appear above the main box. Since it is impossible to detect the presence of a hidden message, it is necessary to click the Decoy checkbox in order to check for it. |
|
Sealed items (signatures, in the video) and their verification.
A digital signature is a random-looking string of text that uniquely connects a piece of plain text (which could be an encoded file), and the signer. After version 2.2, these have been replaced by sealed items, which include the complete message along with the signature, but the process remains the same. To apply your signature to a text in PassLok (or seal it), do this: 1. Write or paste the text to be signed in the lower box of the Main tab. 2. Click the Seal button (Sign/Verify in the video). The text then is sealed and replaces the original; in the video, s signature matching the text and your Key is appended at the end of the text. Copy it or email it from there. To verify that the digital signature attached to a text (or a complete sealed item) indeed belongs to a certain person, do this: 1. If the signer's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab. If not, go to the Directory tab and paste the Lock in the lower box. 2. Paste the text, with its signature appended on a separate line at the end (or the complete sealed item), in the lower box of the Main tab. 3. Click the Unseal button (Sign/Verify in the video). A message above the main box will say whether or not the signature or seal for that text has been verified. |
|
Making and using authentication videos.
In PassLok, there are no Certification Authorities or webs of trust to assure users that a certain Lock does indeed belong to a certain person. Instead, you make a short video of yourself reading a portion of your Lock. What the video should include: -Identify yourself (First and Last name or other). -Write your Lock on a sign and display it, and read a portion of it out loud (say, the first 15 characters after the initial tag). -If it is not an ezLok, make sure to distinguish capitals from smallcase letters. -Play a song in the background to ensure the video is not tampered with (recommended). What to do with the video: -Upload the video to the Web. -Post the video in the General Directory on the line immediately below your Lock. -For more instructions on this, go to “How to add an authentication video” under the General Directory help. |
|
Hiding PassLok output within text
To convert a PassLok item into fake text: 1. Check that the item to be converted into fake text is on the Main tab. Then click the ▼ button, if needed, to show the Text Hide button (Words and Spaces buttons, in the video). 2. If you wish to use a cover text different from the default and you have stored it in the local directory, select it on the top box of the Main tab. Otherwise you will have to change it using the process described in the help item two places below this one. 3. In this video: if now you click the Words button, each character of the text is replaced by a word from the cover text. If you click the Spaces button, the original text is encoded into the spaces of the cover text. After version 2.2, you go to the Options tab in order to select the hiding mode, then come back to the Main tab and click Text Hide. To retrieve a PassLok item from fake text: 1. Put the fake text on the Main tab. 2. Click the ▼ button, if needed, followed by the Text Hide button (Words or Spaces in the video). If successful, the fake text is converted back into the original item and displayed in the box, replacing the fake text. |
|
Hiding PassLok output within images
To hide a PassLok item inside an image: 1. Make sure the item to be hidden is in the lower box of the Main tab. 2. Click the ▼ button, if needed, and then the Image button. 3. A new screen appears where you can load the image where the item is to be hidden. To do so, click the "Choose File" or "Browse" button (browsers vary on the name). A dialog will appear, where you can navigate to the image and open it. A message will tell you how much data you can hide in the image. 4. When you see the image, click the Hide PNG or the Hide JPG button (in the video, there is only one Hide button, for PNG format). A message will say when processing is completed, although the image will not appear to have changed. 5. Right-click or long-press on the image in order to save it or send it somewhere. To retrieve a PassLok item hidden in an image: 1. Navigate to the image hiding screen from the Main tab by clicking ▼, if needed, and then Image. 2. Click Choose File or Browse (browsers vary on this) and open the image containing the hidden item. 3. When the image displays on the screen, click the Reveal button. A message will say when processing is completed and the hidden item has been retrieved, or no hidden item has been found. 4. Click Back to see the item on the Main tab. |
|
Working with Files
To load a file into PassLok: 1. Click the button at the bottom of the Main tab (Options tab, in the video). Different browsers put different labels on it, such as "Browse", "Choose File", and so forth. 2. A dialog will appear so you can navigate to the file. If all goes well, the file or image loads into the Main tab as a link (gibberish text in the video). Now you can encrypt it, seal it, or split it like a regular piece of text. To retrieve the original file, do this: 1. Make sure the encoded file, which presumably has been obtained by decryption or merging parts, is on the Main tab. 2. Right click on it and select Save file as, or click the Save button next to it (at the bottom of the Options tab, in the video). What happens next depends on the browser. Chrome and Firefox save it to the Downloads folder with its original name, Safari with a generic name. |
|
Verifying PassLok's integrity
If you got PassLok from an app store, that app store is ensuring that the code you have is what the author gave to them. The following is to check the integrity of an html version of PassLok running in a browser: 1. Direct your browser to "view source." If your browser has a command to save the source (Chrome, Firefox, and Safari do), go ahead and save it to file. 2. Now you have to take the SHA256 of the code using a program different from PassLok. You have several options:
4. Now, a hacker who could alter the source code at the server might also be able to change the published SHA256 so it matches the tampered code. To make sure that the value is authentic you should watch the one-minute video where the author or PassLok, Francisco Ruiz, reads it aloud. A link to the video usually accompanies the published SHA256 value. |
|
The General Directory (discontinued)
The General Directory was a Web page that could store Locks and authentication videos associated with email addresses. To get to the General Directory: Click the Edit button (Directory tab, in the video). Then click the General Directory button. If you are showing your Lock on the Main tab, it gets copied to the General Directory, ready for you to write your email address and click Post. Once you have found a Lock on the general directory, it gets copied automatically to the lower box of the Directory dialog, so you only need to give it a name and click Save. PassLok does not guarantee the authenticity of the Locks posted on its General Directory. Email confirmation is required to post or update Locks, but this is not completely secure. Since users are encouraged to add authenticating videos and the General Directory has a button to play them, you should watch the video attached to a Lock before you use it. The General Directory is meant as a convenience, not as a replacement for your local directory. The General Directory is not available when you are offline, the local one is. You cannot post anything but Locks on the General Directory. |