|
|
|
|
Before you do anything else, you may want to watch this three-minute video, which explains the essential concepts in a lighthearted way for a very similar app named PassLok (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=UxgrES_CGcg
This approach has a number of advantages over other privacy apps that you may be familiar with:
KyberLock is still in experimental phase since there has not been enough time for security experts to uncover possible flaws. Bear this in mind before entrusting critical secrets to it.
Before you can communicate with others using KyberLock, they must have obtained the app, come up with a secret Key (which they won't tell you), generated a Lock from it, and sent it back to you.
You can tell others about KyberLock any way you want, but KyberLock can help you to start your network with a single keystroke, this way:
1. Optionally, type a message in the main box. Don't write anything sensitive, since invitation messages are not secure.
2. Click the Invite button.
3. If something was written, you will be asked to confirm, and then the main box will be filled with some instructions and some gibberish that you can send to those you want to invite. This gibberish contains your Lock and the (insecurely) encrypted message.
4. If now you click the Email button, a new page should open in your default email, containing that rext. Edit it as needed, then write the recipients' email addresses and send it.
This is explained in this video tutorial for PassLok, which is very similar (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=0wTJWyd9s64
Click here for More:
Those who get KyberLock from your email invitation will have your Lock automatically stored in their directories, so they can encrypt items for you right away.
If you check the Learn box in the Options tab, a text explaining what is about to happen will pop up every time a button is clicked.
And here are a few more resources you may want to check out, made for the very similar PassLok app:
If you want to learn what's under the hood, read the PassLok technical document.
You should be able to remember your secret Key without having to write it down. KyberLock does not store the Key anywhere. In fact, it deletes it from memory after five minutes of not being used.
As you type your Key, KyberLock displays a color-coded message telling you how strong it is. If you stop typing for a second, a mnemonic "Hashili" word based on your Key is displayed right under the strength score, to reassure you that you have typed the Key correctly, even if you cannot see it. Clicking the eye icon reveals the entire Key.
Your Key will be stronger if it contains caPiTals in unusual places, numb3rs, and $ymbol$. If you use common words, miespell them to make a "dictionary attack" hader. Break the words up with num334bers and sy#$%mbols. Avoid anything that might be easy to guess. KyberLock knows frequently used words, but hackers' dictionaries are bigger. Do not use grammatically correct sentences, even if KyberLock gives a big score.
KyberLock compensates for weak Keys by adding spurious computations and may even appear to have crashed. If KyberLock is slow, this may be because your Key strength is less than Medium.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=JbNM_cf8My0
Click here for More:
If you plan to use KyberLock only with shared Keys, you do not need a secret Key at all. Simply Cancel when you are asked for your Key when KyberLock starts, and write or paste the encryption Key into the lower box that appears when you you click the Edit button located next to the directory.
If instead of a short shared Key you paste in a piece or text at least five times as long as the message to be encrypted, KyberLock uses it in Pad mode, which theoretically is much more secure than the regular mode (more on this in a help item below).
If you are reading this, likely you have gained Guest access to KyberLock by clicking Cancel at the Key entry screen. The good news is that you can still encrypt messages if you know the recipient's Lock or shared Key, verify signatures, and use the Locks stored in your local directory as well as all the auxiliary functions of KyberLock. You can even seal items and display the matching Lock if you enter a Key when KyberLock asks for it.
The bad news is that you cannot change anything stored in the local directory, and your use of it is limited to Locks. You cannot do anything that would involve your secret Key, such as decrypting messages encrypted with your Lock, or continuing a Read-once conversation in course.
Well, we've got even worse news for you: we cannot help you to recover your secret Key, because KyberLock never stored it or sent it out. There are no saved hints, either. If you forgot your Key, it's gone, along with all encrypted items in the local directory.
But chances are you almost remember it, and are off only by a few characters. When you stop typing in the Key entry box, a mnemonic "Hashili" word derived from it appears right above it. Perhaps you can recognize the correct Hashili word when you see it, which will help you to reconstruct your Key. For your security, the Hashili word alone is not enough to reconstruct the Key.
Click here for More:
Hopefully Guest mode will let you get by until you remember your secret Key. But if you want to get full access to KyberLock with a new Key, here are the steps:
1. Go to the Options tab.
2. Click the Backup/Remove Options only box. When a popup asks for confirmation to delete your settings, click OK.
3. Reload KyberLock.
4. The user selection screen will appear, and this time KyberLock will accept whatever new Key and email or suchlike you want to give it for the user in question. Now you're back in business and can use KyberLock with the new Key to seal, decrypt, store items in the local directory, etc.
At this point, the only directory entry that will work fully is "myself". You can reset or delete the entries that don't work one by one, by typing each name in the directory Edit dialog and clicking Reset (leave essential data intact) or Delete (take out everything) when the name is recognized, or all at once by following the process described in a help item below, about "moving the entire local directory."
For a given user name, there is only one "secret Key" that unlocks all the capabilities of KyberLock, but if you are willing to accept a limited access to its functions, you can use a different Key for the session, or whenever KyberLock asks you for the Key. This way:
1. Select the user and enter the new Key in the box (optional).
2. Click the Cancel button.
3. If asked for your email etc., enter it and click OK. (the Random button will write a new random value, different from the original random token, if any, so beware)
Click here for More:
You can do pretty much everything, except things that would have involved the secret Key. You cannot modify anything in the local directory. When you reload KyberLock and enter the correct Key, a warning will tell you that last session was run in Guest mode. If you don't select a user from the list, you won't have access to any stored Locks.
When you first opened KyberLock, you were asked to optionally enter your email or similar public, easy to recall personal information. But if instead of entering your email you click the Random button next to the input box, an 43-character random token is used. This makes your Lock much harder to crack, but it becomes tied to the device where it was created (except for the Chrome and Firefox extensions, which can sync it across devices).
To back up your random token to a safe place in case of accidental deletion or to be able to use a different device:
1. Click the Backup/Remove Options only button on the Options tab (visible in the Advanced interface). A backup item appears on the main box, from where you can save it to file, copy it, email it, etc.
2. Then a dialog asks you if you want to reset your settings. If you click OK, KyberLock will restart as if it had never started before, except that the local directory remains intact.
To restore the random token from a backup item, paste the packup into the main box and click Decrypt.
This and more is explained in this video tutorial made for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4DjhIjU_nuM
Click here for More:
The reason for the email or other additional data is to combat the "rainbow table" attack, where hackers pre-compute Locks made from the words in a dictionary. This data is encrypted and stored along with other settings, so you won't need to enter it again. The Lock depends both on the Key and the email or random token; this adds extra security, but it also means that if the random token gets erased you will not be able to decrypt anything that was encrypted with your Lock. The backup item contains your settings, including the random token, encrypted by your secret Key. One reason to delete your settings while leaving the local directory intact is to be able to change the random token to a new value. You can also proceed without entering any email or token.
If you plan to use KyberLock for Email or KyberLock Universal, it is best if you write your real email in this box, for in this case your KyberLock Lock will be identical to the one used in those apps and you'll be able to use their main features interchangeably. This precaution is not necessary if you only use one of the versions.
Click the myLock button on the Main tab. The Lock matching that Key will appear in the lower box, from where you can copy it or email it.
The message area above it will also display the Lock's fingerprint, a 50-character string that you should send to people who receive your Lock, by a different channel such as dictating it over the phone or video, so they can confirm that the Lock they received actually came from you.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=L00yybDzN6k
Click here for More:
If you need to make a Lock for a different Key, it is best if you start KyberLock in Guest mode by clicking Cancel when you are first asked for your Key, which will make KyberLock accept a different Key. Then click myLock and supply the new Key and new email, if requested. If you use a random token you will need to copy it before you do this.
From the Main tab (this works only for Locks):
1. Paste the Lock into the Main box. Only the gibberish text between the header and the footer is needed, but there's no problem copying those as well. If the item is identified as a Lock, a prompt will ask you to give it a name. It will also display the Lock's 50-character fingerprint.
2. If you received the fingerprint by a separate trusted channel, check that it is the same as displayed. Otherwise make a note to check it as soon as possible.
3. Write a name in the prompt box and click OK. You will see the name added to the selection box at the top of the Main tab.
From the directory Edit dialog:
1. Cick the Edit button next to the directory box.
2. Paste the Lock or shared Key in the box, replacing whatever was there before. Usually KyberLock will recognize a Lock and display a message saying so, along with its fingerprint.
3. If you received the fingerprint by a separate trusted channel, check that it is the same as displayed. Otherwise make a note to check it as soon as possible.
4. Click the Save button. A popup will ask you to provide a name for the item.
5. Write the name and click OK. A message confirms that the item has been saved under the name given.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA
Click here for More:
Authenticating Locks is very important for security. Otherwise an interloper will be able to impersonate the authentic sender. If you did not have the authentic Lock's fingerprint when you entered it, you can display it later by typing the Lock's given name in the directory Edit box. If the fingerprint does not match what you've got, you can delete the Lock by clicking Rename at this point and letting the name displayed in the popup remain as "Delete" before clicking OK.
If the given name is already in the directory, the Lock or shared Key will be replaced rather than added. You can store a cover text or a List besides an individual's Lock or shared Key. In the case of a List, the given name will be displayed bracketed by double dashes. Items that are not Locks are stored encrypted.
You can also rename an item that is already saved by clicking the Rename button and suplying a new name. If the first character of the name is a dollar sign $ , the name will not be displayed on the directory list in the Main tab, but its associated Lock will still be available to check the signature used in items encrypted in Signed or Read-once mode.
(Chrome/Firefox app only) If Chrome sync is checked in Options, the item will also be added to the Chrome sync area, so it is available on a different computer after you log into Chrome or Firefox.
1. Make sure Anonymous mode is selected at the bottom of the Main tab. This is the default.
2. If the recipients' Locks have been previously stored in the directory, simply select their names in the top box of the Main tab.
3. Write or paste your message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button.
4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.
Copy it and paste it into your communications program or click Email to open your default email.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=nBA5JNY4gmQ
Click here for More:
This mode is called Anonymous not because it provides any protection against tracking over a network, but because the identity of the sender cannot be deduced from the encrypted message. This message can be decrypted only by someone having the Key matching one of the Locks selected. Alternatively, you can select a List, as described in an item below, in order to encrypt for all the recipients in the List. It is okay if the tags up to the "==" signs on the Lock are missing, or carriage returns have been added (such as for a video URL). If you have checked Include my Lock in the Options tab before encryption, your Lock will be prepended to the encrypted message.
1. Paste the encrypted message in the lower box of the Main tab.
2. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will appear in the box, replacing the encrypted message.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=nBA5JNY4gmQ
Click here for More:
It is okay if the message is broken up by carriage returns or is missing its header or footer. It doesn't matter which encryption mode is selected at the botton of the Main tab.
1. Make sure Signed mode is selected at the bottom of the Main tab.
2. If the recipients' Locks have been previously stored in the directory, simply select their names in the top box of the Main tab.
3. Write or paste your message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button.
4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.
Copy it and paste it into your communications program or click Email to open your default email.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=R9UanENF3ro
Click here for More:
This mode is called Signed because a digital signature is involved and the message can be decrypted only by someone having the Key matching one of the Locks selected, and your Lock. This way, the recipient can be sure of who encrypted the message. Alternatively, you can also write the names, one per line, in the dialog that appears when you click the Edit button. You can also encrypt for all the recipients in a List by selecting a List name. It is okay to strip the header and footer up to the "==" signs, but not recommended. It is also okay to split the encrypted message with line returns. This message can be decrypted only by someone having the Key matching the Lock used to encrypt it. Additionally, they must have your Lock in order to verify that it comes from you. If you have checked Include my Lock in the Options tab before encryption, your Lock will be prepended to the encrypted message.
1. If the sender's Lock has been previously stored in the local directory, it will be found automatically, but you can force KyberLock to check for a particular sender by selecting his/her name in the top box of the Main tab.
2. Paste the encrypted message in the lower box of the Main tab.
3. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will replace the encrypted message.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=R9UanENF3ro
Click here for More:
It is okay if the message is broken up by carriage returns or is missing its header or footer. It doesn't matter which encryption mode is selected at the botton of the Main tab.
1. Make sure Read-once mode is selected at the bottom of the Main tab.
2. Select the recipients' Locks in the top box of the Main tab. This mode requires the recipients' Locks to be previously stored in the local directory.
3. Write or paste your message in the lower box of the Main tab. You can give it rich formatting or add images and files if you display the formatting toolbar by clicking the Rich button.
4. Click the Encrypt button. The encrypted message will appear in the box, replacing the original message.
Copy it and paste it into your communications program or click Email to open your default email.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY
Click here for More:
This message can be decrypted only by someone having the Key matching one of the Locks selected, and your Lock, and then typically only once. In order to restart a Read-once conversation that has gone out of sync, clear the old data for that recipient by clicking the Reset button in the directory Edit dialog after the recipient's name is displayed above the box (you may have to type the name in the box for this to happen), then encrypt the message normally. The first message after a reset does not have forward secrecy, so be careful here. To encrypt for all recipients in a List, select the List in the top box of the Main screen. It is okay to strip the Lock header or footer up to the "==" signs. It is also okay to split the encrypted message with line returns. If you have checked Include my Lock in the Options tab before encryption, your Lock will be prepended to the encrypted message.
1. Select the sender's Lock on the top box of the Main tab. This mode requires the sender's Lock to be previously stored in the device's local directory.
2. Paste the encrypted message in the lower box of the Main tab.
3. If the message doesn't decrypt automatically, click the Decrypt button. The decrypted message will replace the encrypted message.
4. A popup will ask whether you want to make the decrypted message un-decryptable immediately, or wait until you reply to the message. Click Cancel if you have received more than one Read-once message from this sender since your last reply, for otherwise it won't be possible to decrypt the other messages. Click OK otherwise.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY
Click here for More:
Usually you can decrypt the message only once, since the ephemeral key needed to decrypt it is overwritten in the process, but after a reset the first message can be decrypted forever. It is okay if the message is broken up by carriage returns or is missing its header or footer. It doesn't matter which encryption mode is selected at the botton of the Main tab.
This may be needed if the conversation with a given correspondent has gone out of sync so that you are unable to decrypt a new Read-once message from this person. Resetting clears ephemeral Keys and Locks on both sides, and re-initiates the Read-once exchange.
1. Click the Edit button next to the Lock selection box.
2. Start writing the name given to the correspondent in the dialog. As you type, the line above the box displays existing items matching what you have typed so far. You can stop typing once you see the complete name you're looking for. Search is case-insensitive.
3. Click the Reset button. A popup asks you to confirm the action, and then a message tells you that it has been done.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=VutWfWZW5bY
1. Check that the item displayed on the Main tab is KyberLock output. If it is not, the button you need to press in the next step won't be there.
2. Click the Email button. If the device is so configured, a window appears containing the item and some explanatory text. You only need to supply the recipient's email address and a subject line before clicking the Send button.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LsljKvjAi9I
Click here for More:
Be aware that there is a limit to the size of a message that is made this way. If you get an error, you can always copy the contents of the box and paste it into a normal mail compose screen. To open it in a different email client or in case the button is not visible or the new window fails to appear, copy it to the clipboard and then paste it into the "compose" box of your favorite email.
KyberLock output is too large to be sent by standard SMS texting, but you may be using a texting app, such as iMessage or WhatsApp, that has a much larger limit. In this case the process below may be useful.
1. Check that the item to be sent is displayed on the Main tab.
2. Tap the button dealing with text messaging, which is labeled SMS. A window appears with the default texting app (setting it in a computer up may require additional steps).
3. Tap the input box and then paste the clipboard, which will contain the encrypted message. Send the message in the usual way.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LsljKvjAi9I
Click here for More:
To decrypt a encrypted message received by texting, you must first copy it to the clipboard, and then paste it on the Main tab of KyberLock. Due to browser restrictions, there is no way to know whether the item has been copied to clipboard, but hopefully the process above is fairly foolproof.
1. The button to load files is near the right end of the formatting toolbar, which is displayed by clicking the Rich button. It looks like this: 
2. When you click it, a dialog will appear so you can navigate to the file. If all goes well, the file loads into the box as a link. You will see only its name, but the whole file is actually in there.
Now you can encrypt it, seal it, or split it just like a text-based message. You can also add more files if you want. The process to retrieve the original files is explained in the help item below.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=tPeUv6BRTrg
Click here for More:
Be aware that mobile devices (especially in iOS) often place severe restrictions on accessing stored content. If using a Chromebook, be aware that the Files extension does not load Google documents completely; save the file locally in a different format and try loading it again.
You can also put images in your message, by clicking the button immediately to the left of the one to load files. In this case the content is displayed as an image rather than a link.
If you plan to send large files by email or other means, it is best to encrypt them with an archiving program such as 7zip, Winzip, or Winrar (Windows), Keka (OSX), or p7zip (Linux) using AES and a random symmetric key, and then use KyberLock to encrypt that symmetric key for transmission, along with the encrypted files as attachments.
1. Make sure the file appears as a link on the Main box.
2. A button below the Main box will be labeled Save. Click it to download all the files in the Main box. You can also use the rightmost button on the toolbar.
3. For small enough files, you can also right-click on its link and select the Save link as option. The file will be saved at the location you select.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=tPeUv6BRTrg
Click here for More:
Chrome does not display the Save link as option if the file is larger than 1.5MB. Be aware that mobile devices (especially on iOS) place severe restrictions on what files can be saved, and where.
If you select File output on the Options tab before encrypting, sealing, or splitting, the result of the operation appears as a file (several, in the case of splitting), which you can then save anywhere with the Download button on the toolbar. Doing this will speed up things considerably if you are encrypting, sealing, or splitting something large.
The file will be binary with extension .kyb
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Sm4f6FIOShI
Click here for More:
An output item loaded as a file can be decrypted, unsealed, or joined just like an item loaded as text. It can also be sent by email as an attachment, which is handy when the item is large. Feel free to change the file name or extension to something else, but to decrypt, unseal, or join files made this way, you must make sure the extension is .kyb before you load them or KyberLock may fail to recognize them as its own output. Be aware that mobile devices (especially on iOS) often make it difficult to work with files.
The help item below describes another way to encrypt and decrypt single files, possibly of very large size, that is compatible with the GroupKyber app, but not with the File output mode described here.
This mode, which should not be confused with the feature described in the previoous help item, allows users to encrypt and decrypt single files, possibly of very large size, by drag and drop. You start by selecting the File Drop radio button near the top of the Options tab. The main box is replaced by a large drop target with a folder icon, and then:
Alternatively, you can toggle Folder mode, useful for controlling access to a number of encrypted files, via a Folder Key file. To use this mode, do this after turning on Folder mode:
Click here for More:
The format of files encrypted in this mode is not compatible with the .kyb files described in the previous help item, but they are compatible with the GroupKyber app, and those made by that app are compatible with KyberLock under File Drop mode.
You can add a hidden message up to 160 characters long by selecting Hidden message in Options. You will be asked to supply a special Key to encrypt the hidden message. After entering the Key, please drop the file again to complete the process. This is available for any file, including Folder Keys.
1. Select the other participants in the chat on the list at the top of the Main tab. You are added automatically.
2. Click the Chat button, which is below the box. A dialog will appear asking you whether this chat is going to involve text and files only, or also will involve audio, or video, or be hosted by Jitsi, an open-source videoconference service. There is also a text box where you can optionally type something that will be shown to the users (such as the date and time for the chat) before they join the chat.
3. Supply the required information and click OK. If the main box did not contain a chat invitation, a new one is generated and placed there. You can now email it with the Email button, or send it out by any other means.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=XytUN0T_2zQ
Click here for More:
Please tell participants about the time for the chat. When the time comes, you will join the chat using the same invitation as the other parties, so make sure to save it somewhere. All browsers can make a chat invitation, but some (Internet Explorer, Safari, native Android app, anything on iOS) may not support joining the actual chat.
1. Place the invitation in the Main box and click the Chat or the Decrypt button if it does not decrypt automatically. If the sender added a message, it will be displayed and you will have to click OK to go on, or Cancel to try later.
2. A new screen opens. Write the name you want to use for the chat in the top box, check that the type of chat offered is what everyone agreed on, and then click Join.
3. As participants join the chat session, their chosen names will appear at the top of the chat screen (or a randomly-chosen tag, if they didn't supply a name). You can then post text by writing it in the Text box, followed by Enter. You can also post files by clicking the Browse or Files button.
4. If the chat involves audio or video, you may be asked to give permission to access you microphone and camera. After you grant it, you will see or hear the other participants as they join, and likely yourself too. Jitsi chats are the most polished, but participants connect through a server rather than one-on-one as in the other types.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=XytUN0T_2zQ
Click here for More:
Connections between participants are direct in all chat types except Jitsi, but a signaling server is used at the start so the participants can find one another, and then it is contacted no more. KyberLock will remind you that this may lead to your being tracked. The connection will stay alive until all the participants leave. If things get out of hand, you can always reset your session by reloading the chat page. At that point you'll have the chance to change the kind of chat if you so desire.
Browsers are not equal as far as support for chat: Firefox and Chrome are the best, followed by the Android browser, Maxthon, and then Opera (with problems). Internet Explorer, Tor, Safari, and anything on iOS will be more problematic, though you can make a chat invitation from them.
1. If the Keys shared with each of the recipients have been previously stored in the local directory, simply select their names in the top box of the Main tab.
2. Write or paste the message in the lower box of the Main tab.
3. Click the Encrypt button. The encrypted message will appear in the box, replacing the original text.
Copy it and paste it into your communications program or click Email to open your default email program.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number):https://www.youtube.com/watch?v=sRdpWe4zya8
Click here for More:
This message can be decrypted only by someone having the same shared Key. It is okay to strip the header or footer. It is also okay to split the encrypted message with line returns.
If you have checked Include my Lock in the Options tab before encryption, your Lock will be prepended to the encrypted message.
1. If the Key shared with the sender has been previously stored in the local directory, simply select its name in the top box of the Main tab.
2. Paste the encrypted message in the lower box of the Main tab.
3. If the message does not decrypt automatically, click the Decrypt button. The decrypted message will appear in the main box, replacing the encrypted message.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number):https://www.youtube.com/watch?v=sRdpWe4zya8
Click here for More:
It is okay if the message is broken up by carriage returns or is missing its header or footer. It doesn't matter which encryption mode is selected at the botton of the Main tab.
1. On the Options tab, check the Hidden message checkbox.
2. Follow the above instructions for any kind of regular encryption. A popup will ask for a hidden message and a special Key to encrypt it.
3. Input the hidden message, up to 160 characters, into the top box and the special shared Key in the bottom box. Then click OK.
The encrypted message containing both the main text and the hidden text will appear in the main box, replacing the original text. Copy it and paste it into your communications program.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4WrYEdRp2Q4
Click here for More:
Plausible deniability is important, and so it is impossible to tell whether or not a encrypted item contains a hidden message. Non-ASCII characters use 6 spaces each and space is limited, so avoid them if you can. Any text beyond the 160-character limit will be lost. If a shared Key is used for the second message, the same shared Key is needed to retrieve it.
1. On the Options tab, check the Hidden message checkbox.
2. Follow the instructions for any of the regular decrypting modes. A popup will ask for a Hidden message Key.
3. Input the special Key, then click OK. The hidden message, if it exists, will appear above the main box.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=4WrYEdRp2Q4
Click here for More:
Since it is impossible to detect the presence of a hidden message, it is necessary to click the Hidden message checkbox in order to check for it. A failed decryption of the hidden message can mean that the special Key is wrong, or that there is no message. No way to tell.
1. Copy the text to be used as Pad from its source. It should be at least five times as long as the message, or Pad mode won't engage. You can also load a whole file that is at least five times as long as the message.
2. If the Pad text has been saved to the directory, simply select its name. Otherwise, click the Edit button next to the directory box and paste the shared Pad in the dialog that appears. You can also load a file by means of a button visible in the Advanced interface. Then click Done.
3. Write the message in the lower box of the Main tab.
4. Click the Encrypt button. If Pad mode is engaged, a popup will ask for the starting position in the Pad. If Pad mode did not engage, the Pad text will be considered a shared Key to encrypt the message in the standard way; a warning popup will appear if there are several paragraphs).
5. Write a number within the range given in the dialog and click OK. The encrypted message will appear in the box, replacing the original text.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=BEXYuaCxciM
Click here for More:
Pad mode is theoretically impossible to break, even by brute force. Use it when you need utmost security. The text material can be taken from a digital book, for instance. You may transmit in plaintext the page number and starting position, so long as the text source is kept secret. Put your browser in Incognito mode or similar if you use it to retrieve the text.
It is okay to split the encrypted message with line returns or to eliminate header or footer. It doesn't matter which encryption mode is selected at the botton of the Main tab. PassLok and URSA can also encrypt and decrypt in this mode.
1. Copy the text to be used as Pad from its source (use Incognito mode ir similar, if it comes from the Web). It should be at least five times as long as the message, or Pad mode won't engage. You can also load a whole file that is at least five times as long as the message.
2. If the Pad text has been saved to the directory, simply select its name. Otherwise, click the Edit button next to the directory box and paste the shared Pad in the dialog that appears. You can also load a file by means of a button visible in the Advanced interface. Then click Done.
3. Paste the encrypted message in the lower box of the Main tab.
4. Click the Decrypt button if decrypting does not start automatically. A popup will ask for the starting position in the Pad.
5. Write the numerical starting position in the popup and click OK. The decrypted message will appear in the main box, replacing the encrypted message.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=BEXYuaCxciM
Click here for More:
It is okay if the message is broken up by carriage returns or is missing header or footer. It doesn't matter which encryption mode is selected at the botton of the Main tab. PassLok and URSA can also encrypt and decrypt in this mode.
1. If the four- or five-part Key shared with the recipient has been previously stored in the local directory, simply select its name in the top box of the Main tab.
2. Write the message in the lower box of the Main tab. This mode understands only Latin characters, and removes any accents and diacritic marks.
3. Click the Encrypt button.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=npROBlHjxmc
Click here for More:
This mode engages automatically if the Key consists of four strings separated by tildes, plus an optional digit. It doesn't matter which encryption mode is selected at the botton of the Main tab or on the Options tab.
The method is described in detail in this page, which can also encrypt and decrypt messages: https://KyberLock.com/human. PassLok and URSA can also encrypt and decrypt in this mode. Even though encryption and decryption can be performed without a computer, security against computer-based cryptanalysis is comparable to that of computer-based ciphers.
1. If the four- or five-part Key shared with the recipient has been previously stored in the local directory, simply select its name in the top box of the Main tab.
2. Paste the encrypted message in the lower box of the Main tab.
3. Click the Decrypt button if decrypting does not start automatically. Unlike in other modes, you won't get a message telling you whether or not the decryption has been successful.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=npROBlHjxmc
Click here for More:
It is okay if the message is broken up by carriage returns or is missing its header or footer. It doesn't matter which encryption mode is selected at the botton of the Main tab.
If you want to learn how to encrypt or decrypt in this mode, using simply paper and pencil, look at the instructions in this page, which also does encryption and decryption: https://KyberLock.com/human. This page also facilitates the decryption of messages that contain errors. PassLok and URSA can also encrypt and decrypt in this mode.
1. Click the Edit button next to the directory box.
2. Start writing the name of the item in the box that appears. As you type, the line above the box displays existing names that match what you have typed so far, plus its fingerprint if the item is a Lock. When you see that the correct name has been found, you may stop typing; KyberLock will use that item to encrypt or decrypt.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA
Click here for More:
The process also works for Lists, Pads, and cover texts stored in the local directory. Search is case-insensitive. If the item is a cover text, it loads automatically for use in Text hiding.
(Chrome/Firefox app only) If you type "Enter" after a complete name that was not found on the local database and Chrome sync is checked in Options, KyberLock will look for it in its Chrome sync area, which syncs across computers, and then add it to the local directory.
1. Click the Edit button next to the directory box.
1. Start writing the name of the item in the dialog that appears. As you type, the line above the box displays existing names that match what you have typed so far.
2. When the name of the item you want to remove is displayed above the box, click the Delete button. A popup asks for confirmation before the item is deleted from the local directory.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=vQrED7eIkLA
Click here for More:
You can stop typing once you see the complete name for the item you are looking for. Search is case-insensitive.
(Chrome/Firefox app only) If Chrome sync is checked in Options, the item will also be deleted from there, after a confirmation popup.
What should the video include:
What to do with the video:
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=zkcqEz3UjnM
Click here for More:
It is highly recommended that you make a video whenever you change your secret Key, so that others can be assured that the matching Lock really belongs to you. Obviously, you wouldn't do this for a shared Key or a Pad, only for a Lock.
To add a new user:
1. Reload KyberLock. Then click the New User button next to the user selection box.
To backup and optionally remove an existing user (advanced):
1. While you are logged in with that user's Key, go to the Options tab and click the Backup/Remove Whole Directory button (visible in the Advanced interface).
2. Then a prompt asks you to confirm deleting the directory from the device. If you click OK, the entire local directory for that user is deleted, leaving no traces. If you click Cancel, the process ends and the directory contents are not deleted. In both cases the backup on the Main tab remains.
3. To retrieve a backed-up directory, paste it into the Main tab, and click Decrypt if it does not decrypt automatically. The database will be decrypted and placed in the directory Edit dialog. Then you can add it to the device's current local directory by clicking Merge.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM
Click here for More:
You can maintain multiple identities, using different Keys. The backup process is useful whenever you stop using a device or just want to transfer your data to another device.
(Chrome app only) Even if the local directory is completely deleted, the items in your Chrome sync area remain available if you click Cancel when KyberLock offers to remove them from sync as well. They will load back automatically, even on a different machine, if you set up a user with the same user name.
KyberLock launches first in Basic mode, so you are able to encrypt and decrypt messages and perform the essential directory management functions. But the app has a lot more capabilities, which become available when you click the Advanced radio button in the Options tab. To get back to Basic mode, click the Basic button. KyberLock will remember your choice of interface next time you open it.
Some advanced capabilities include:
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Ttyvb0Qt7h0
Click here for More:
There is a third interface mode, called File Drop, which allows users to encrypt and decryt single files by drag and drop. This mode is explained in a help item above, entitled How to use File Drop mode.
The main functions in KyberLock can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a complete list, just in case:
Alt-M: Main tab
Alt-H: Help tab
Alt-O: Options tab
Alt-0: Deselect all Locks
Alt-E: Edit the Lock directory
Alt-. (period): extra buttons open and close
Alt-D: encrypt or Decrypt
Alt-V: seal or Verify seal
Alt-L: display my Lock or send emaiL
Alt-R: toggle the Rich text editor
Alt-C: start or join Chat
Alt-B: use the Basic interface
Alt-A: use the Advanced interface
Alt-N: set aNonymous mode
Alt-S: set Signed mode
Alt-1: set Read-once mode
Alt-T: hide/unhide as Text
Alt-I: Image screen open and close
Alt-J: split or Join parts
Alt-; (semicolon): put cursor on main box
Alt-G: General Directory
Click here for More:
The list is made for access from Windows or Linux, so that each shortcut is of the form Alt-letter. If you are using a Mac, you should type ctrl-alt-letter instead. Shortcuts do not work on mobile devices.
1. Write or paste the text to be sealed in the lower box of the Main tab.
2. Click the Seal button. The text is replaced by a random-looking item, which is the sealed text. Copy it or email it from there.
You must be aware that a sealed item is NOT ENCRYPTED, and that anyone in the world can unseal it so long as he/she has your Lock, which is public.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Vh9wwFZiV4w
Click here for More:
It is okay to strip header and footer. It is also okay to split the sealed item with carriage returns. Sealed items can be unsealed only in KyberLock.
1. If the sealer's Lock has been previously stored in the local directory, simply select its name in the top box of the Main tab.
2. Paste the sealed item in the lower box of the Main tab.
3. If the item doesn't unseal automatically, lick the Unseal button. If successful, the sealed item will be replaced by the unsealed text, and a message above the main box will say whether or not the seal has been verified for that sealer.
You must be aware that being able to unseal an item does not mean that others are not able to do it just as easily, because a sealed item is NOT ENCRYPTED. What unsealing does is verify that the item could only have been sealed by the selected person.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=Vh9wwFZiV4w
Click here for More:
Unsealing requires a true Lock; shared Keys cannot be used for unsealing. Encrypting/decrypting with a shared Key partially verifies the identity of the sender, since shared Keys are not public. Decrypting a Signed or Read-once encrypted item also verifies the encrypter's identity.
1. Check that the item to be converted into fake text is on the Main tab. Then click the ▼ button, if needed, to show the Text hide button.
2. If you wish to use a cover text different from the default and you have stored it in the local directory, select it on the top box of the Main tab. Otherwise click the Edit button and enter the new cover text in the dialog, then return to the Main tab.
3. Make sure the hiding mode you want is the one selected in the Options tab. There are five different modes: Invisible, Letters, Words, Spaces, and Sentences. Letters (default) encodes the item as identical-looking non-ASCII characters in the cover text, so the text still reads normally. Words replaces each character by two words. Spaces encodes the characters into the spaces between words. Sentences encodes characters as grammatically correct sentences. Invisible mode encodes into invisible characters between two lines, which can then be completed to look like a normal message.
4. If now you click the Text hide button, the KyberLock item is converted into text, using words from the cover text. You may have to complete the last sentence manually.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_7Fju1EwhV4
Click here for More:
The recipient does not need to have the cover text in order to retrieve the original. The output of Spaces and Sentences encoding is roughly six times longer than that of Letters or Words encoding. The most grammatically-correct output is that or Letters and Spaces (identical to the cover text), followed by Sentences; Words output doesn't make much grammatical sense. Invisible encoding has no impact on intelligibility, but care must be taken to copy the entire invisible content. If the cover text is not long enough, it will be repeated several times. When you use Spaces or Letters encoding, you should be careful not to add or delete any spaces within the encoded text, but it is okay to add a few extra letters to complete the last sentence. Also be aware that some services replace the special characters in Letters- and Invisible-encoded items with something else, thus corrupting the items.
Text encoding is no substitute for real encryption, and so KyberLock will refuse to convert into text anything that does not look like genuine KyberLock output.
Cover texts do not have to be in English or even use Latin characters. Anything that can be written in UTF-16 encoded characters can be used (most languages, including Arabic and Chinese, will work fine).
You can store often-used cover texts in your local directory so they can be loaded easily from the Main tab. To do this, click the Edit button next to the directory box when the Text Hidebutton is showing, then paste the cover text in the lower box, and click Save. A popup will ask you to write a name for the stored cover text.
1. Put the text in the box of the Main tab.
2. Click the ▼ button, if needed, followed by the Text hide button. KyberLock will detect the type of encoding used and display the original item in the box, replacing the text.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_7Fju1EwhV4
1. Make sure the item to be hidden is in the lower box of the Main tab.
2. Click the ▼ button, if needed, and then the Image hide button.
3. A dialog appears to load the image where the item is to be hidden. The image format does not matter, so long as it can be displayed in a web page. Then the image appears in a new dialog, along with a few controls and a message telling you how much data you can hide in the image.
4. You will get much better stealth if you write a password in the box on that dialog. In this case, anyone trying to extract the hidden data will fail to detect that anything is there unless he/she also supplies the same password.
5. Click the PNG hide or the JPG hide button, depending on the format of the image you want to produce. A message will say when processing is completed, although the image will not appear to have changed much.
6. Right-click or long-press on the image in order to save it or send it somewhere. Then you can close the dialog with the Done button.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_iXIyH6AnMI
Click here for More:
You can hide a second short message, in addition to the item in the main box, by writing after the image password a vertical bar "|", followed by a second password just for the second message, another vertical bar, and then the second message. How long the second message can be depends on the way the main box item is hidden, and cannot be known beforehand, but the process will fail if it is too long.
Images only a few kB in size can hide KyberLock items with hundreds of characters. Images taken with a mobile camera will take longer to process, but have a large capacity. Noisy images work better than images with single-color areas. JPG images containing information use no chroma subsampling. The PNG format can contain a lot more information, but file size will be larger.
1. Navigate to the image hiding screen from the Main tab by clicking ▼, if needed, and then Image hide.
2. A dialog appears to load the image where the item is hidden. Then the image appears in a new dialog.
3. If a password was used to hide the data, you must write the same password in the box on that dialog. Otherwise the revealing process will fail exactly as if the image did not contain anything.
4. Click the Reveal button. If succesful, the dialog closes and the hidden data appears in the main box. If unsuccessful, the dialog stays so you can try a different password; or you can close the dialog with the Done button.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=_iXIyH6AnMI
Click here for More:
This function is available on Android, but not on iOS. This is because iOS converts all images to JPG format as they are loaded, thus destroying any hidden information.
If there is a second message hidden in the image, you can reveal it by writing after the image password a vertical bar "|", followed by the second password. If successful, the second message will appear in the message area of the Main tab.
1. Put the item in the lower box of the Main tab.
2. Click the ▼ button, if needed, and then click the Split button.
3. A popup asks for the total number of parts to be made, and the minimum number required to retrieve the original. Enter those numbers, which must be between 2 and 255, and click OK. The parts appear in the main box, replacing the original item, and a message confirms it. Copy the parts one by one and send or store them as needed.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=ZdVHaD-FpSk
Click here for More:
It is okay to strip the headers and footers. It is also okay to split the parts with line returns. If you enter nothing in the second box, it is understood that all parts will be required to retrieve the original. Split items can be joined in PassLok as well.
1. Paste a sufficient number of parts on separate lines of the lower box in the Main tab. Make sure that each part is unique.
2. Click the ▼ button, if needed, and then the Join button. If all goes well, the reconstructed item appears in the box.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=ZdVHaD-FpSk
Click here for More:
You need as many parts as the second number entered when the item was split. Having more parts than the minimum is okay, so long as they belong to the same set and are not corrupt. They don't need to be placed in any particular order. If nothing happens, likely causes include: insufficient number of parts, incomplete or corrupt parts, parts belonging to different sets.
1. Click the Change Key button on the Options tab. A new dialog will pop up asking you to enter the new Key twice.
2. Write the new Key in the two boxes in this dialog, and then click OK. A message will announce that the Key has changed.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=LubzBF4Xaa8
Click here for More:
The items in the local directory are encrypted with your Key; this operation re-encrypts them with the new Key. Your Key is not stored anywhere, not even encrypted, but KyberLock is still able to check whether the Key entered is the one in use.
1. Click the Edit button next to the Lock selection box.
2. Click the All button below the box that appears. The complete local directory, including encrypted Read-once data, is displayed in the box so you can find items and copy them easily.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM
Click here for More:
The format for each item is the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has Read-once data, those follow the item data, occupying consecutive lines. Item 'myself' is special, and contains your email (encrypted) and a collection of settings.
If you want to decrypt a particular piece of data from the directory, copy it and paste it into the main box. It should decrypt automatically and appear in the directory Edit dialog.
1. Click the Edit button next to the Lock selection box.
2. Paste the additional data into the box hat appears.
3. Click the Merge button. The new data is merged into the local directory.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=8zo-N5O82iM
Click here for More:
The format for the additional data must be the following: name, followed by a colon (:), new line, item data; then two new lines before the next name, and so forth. If a name also has Read-once data, those follow the item data, occupying consecutive lines. If the additional data contains names that were already in use in the directory, the new data replaces the original data. Items are added in encrypted form but are not checked as they are added, so it is possible that different items may need different Keys to be decrypted, if you changed your secret Key in the past. (Chrome/Firefox app only) If Chrome sync is checked in Options, the additional data will also be added to that area so it is accessible from other computers.
You can always encrypt a message for multiple recipients by writing their respective Locks or shared Keys in separate lines of the box in the directory edit dialog. You can also write the names of the Locks or shared Keys instead. A List itself can be given a name in order to save it in the local directory. You do this by clicking the Save button. Saved Lists appear bracketed by double dashes in the top box of the Main tab.
To encrypt an item for all the recipients included in a saved List, just select its name in the directory box before clicking the Encrypt button.
Lists can contain Locks, shared Keys, or names of items in the local directory, but not names of other Lists.
KyberLock has a built-in way to make a 50-character random alphanumeric Key:
1. Click the Edit button next to the directory box.
2. On the dialog that appears, click Save with the lower box empty.
2. If you actually want to save the random Key, click Save and supply a name when asked.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=3OUpuk3-tRo
1. Inside the chat session, type a bunch of garbage, or paste in a random string produced as described in the previous item. You should expect the garbage back as a sealed item from each participant who has not yet done so.
2. When a sealed item is posted in the chat session, copy it and go back to the Main tab of KyberLock, then paste it there.
3. In the local directory, select the Lock belonging to the person who posted the signature, and click the Unseal button.
4. The original garbage string should be recovered, plus a message indicating that the sealer has been verified. If the seal is verified, this means that the one who posted it is indeed who he/she claims to be.
This is all explained in this video made for the very similar PassLok app: https://www.youtube.com/watch?v=NlEJJpF-Wmo
Click here for More:
This process assumes that the Locks in your local directory have been authenticated, perhaps by means of videos. When asking others to authenticate themselves, it is important to ensure that the text they are asked to seal could not have been predicted ahead of time.
If there is no Lock for a participant, but rather a shared Key, he/she should instead encrypt the garbage text with that shared Key and post the result. Authentication will be complete once the encrypted text can be decrypted with the shared Key and the result matches the original.
1. If you see a piece of garbage text posted by someone (especially if you have just joined), that means that anyone who has not yet authenticated him/herself is asked to do so. Copy the garbage text and go back to the Main tab of KyberLock, then paste it there.
2. Click the Seal button. The text will be sealed.
3. Copy the whole thing and go back to the chat session by clicking the Back to Chat button, then paste it into the chat box and submit it.
This is all explained in this video for the very similar PassLok app: https://www.youtube.com/watch?v=NlEJJpF-Wmo
Click here for More:
If your chat invitation was encrypted with a shared Key rather than a Lock, you should instead encrypt the garbage text with that shared Key and post the result; authentication will be complete once the encrypted text can be decrypted with the shared Keyl.
The easy way: call the Lock's owner and ask him/her to read a substantial portion of the Lock's fingerprint over the phone. But if you are communicating exclusively by email you can send a person whom you know and who knows you the following message, or something like it:
Dear So-and-So:
I just obtained your KyberLock Lock from (cite source), but I still wonder if it is authentic since I am unable to view the authenticating video that you may have made for it. Therefore, I ask you to help me authenticate it through the interlock protocol. Here's what I want you to do:
Many thanks. Sincerely, This-and-That
Click here for More:
Alternatively, you can ask the other person to use KyberLock's built-in Split/Join function, explained in another help item, rather than simply cutting messages in two. The pictures or videos (or recordings) don't need to be encrypted. Only the instructions for making them need to be encrypted and transmitted with this two-step process. There is an article in the PassLok manual that explains how this protocol works for authenticating Locks.
If you got KyberLock from an app store, that app store is ensuring that the code you have is what the author gave to them. The following is to check the integrity of the web app version of KyberLock running in a browser:
1. Direct your browser to "save page as" and "HTML only" if your browser supports it. Alternatively, you can go to Online-convert (https://hash.online-convert.com/sha256-generator) and type the URL of your version of KyberLock there, then skip step 2.
2. Now you have to take the SHA256 checksum of the code using a program different from KyberLock. You have several options:
3. Look up the checksum for this version of KyberLock, which is published on the KyberLock information website at KyberLock.com and a number of other places, plus near the end of this help file. If this value and the one obtained above are not the same, the program has been tampered with. Here are some places where this information is published:
4. Now, a hacker who could alter the source code at the server might also be able to change the published checksums so they match the tampered code. To make sure that the value is authentic you should watch the one-minute video where the author or KyberLock, Francisco Ruiz, reads the SHA256 checksum aloud. A link to the video usually accompanies the published SHA256 value.
This and more is explained in this video tutorial for the very similar PassLok app (warning: watching it may leak your IP number): https://www.youtube.com/watch?v=NrAfSo2xjnY
Click here for More:
SHA256 is built into the OS in Linux and OSX, not so in Windows, but there are free programs available, such as Checksum Utility and Bitser. There are also online utilities where you can upload a file and get the hash. Online-convert (https://hash.online-convert.com/sha256-generator), fileformat.info (https://fileformat.info/tool/hash.htm) have worked well in our tests.
If you want a clipboard-based SHA256 utility, the one at Xorbin (https://www.xorbin.com/tools/sha256-hash-calculator) has worked quite well in our tests. Don't copy and paste from Chrome, since this introduces artifacts.
We do not recommend using old versions for new work. Newer versions have enhanced security and are more user-friendly. But sometimes you may need to handle an item that is incompatible with the current version. Here is a pretty complete list of old KyberLock versions, with links to them.
The current version of KyberLock can be obtained from the following servers (as always, be aware that following any link may reveal your location):
source server: https://KyberLock.com/app
information page: http://KyberLock.com
GitHub page: https://github.com/fruiz500/KyberLock
SHA256 for this version and video of the author reading it at:
Then you can send us an email at fruiz500@gmail.com (the link will open your email client). We'll do our best to reply in a timely fashion. If you are a GitHub user, you can also go to our page on GitHub and post issues or submit improvements there.
Good constructive feedback is hard to get, so let us thank you right now, before we read your email.
Data we collect: Nothing. No cookies or anything of that sort. We don't even have the means to know who has downloaded the app.
How we use this data: Nothingness brings us closer to Nirvana. It's quite a liberation.
What data we share: Everything we have from you, that is, absolutely nothing. This way we don't need expensive servers and our bills are small, plus we cannot compromise your precious data. Here's wishing that so many other providers would do likewise.
Concerning truly private data:
1. We cannot give your secret Key to anyone (not even yourself) because we don't have it. Your Key is never stored or transmitted, and by default gets deleted from memory after five minutes of not being used.
2. We cannot give your private data to anyone because KyberLock does not send anything out of your device. When you download the app from its server, you get only the code, without any cookies, plugins, or anything of that sort.
3. We cannot eavesdrop on your chat sessions, or enable anyone to do so. Establishing a chat session does involve contacting a signaling server and giving it your IP address and a disposable chatroom name so that others can contact you; the signaling server never sees the content of your chat, which is between participants only. The KyberLock web server doesn't even see the connection data.
4. We will never weaken the cryptography methods contained within KyberLock at the request of a third party, private or public. This also means no backdoors will ever be added. We would rather discontinue KyberLock than be forced to do this, which would betray the very essence of our efforts. If we learn that counterfeit versions of KyberLock are circulating, whether placed by hackers or government agencies, we will make the fact known to users.
Notice: Since KyberLock is distributed as a piece of human-readable code, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of KyberLock, whether by individuals or public entities, violates free speech and copyright protection laws.
KyberLock contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using KyberLock.
This paragraph and the canary logo above attest to the fact that, up until the release of KyberLock version 1.0.3 (March 2025) we have not received any requests under gag order for user data or modifications of the code. This paragraph will be periodically updated as this situation continues, and will be removed if a request such as described above is received.
You will need to re-enter your Key if you don't use it for 5 min.
KyberLock will be very slow if your Key is worse than Medium.
To display your Lock, click myLock on the Main tab.
Cancel for limited functionality in Guest mode.
In the following screens, you will be asked to provide a secret Key and a piece of public data such as your email. You can go offline if you like; nothing will leave this device. Your Key will not be stored.
This is needed to keep a permanent directory of your friends’ Locks and shared Keys, all securely encrypted. If you prefer not to store anything, click Exit.
Please enter your user name here. This way several users (or several identities) can share the same device.
Now enter your secret Key in the box below. You will never give this Key to anyone. Make sure to use $ymbol$, numb3rs, caPiTals, unusual words and mespelingss. You should be able to remember it, because it won't get stored.
The Suggest button will get you started with five words, which you can modify at will.
If your Key score is below Medium, KyberLock will be very slow.
You will get better security if you also provide some public piece of data about yourself, such as your email address or a group name. This is case sensitive. There's no risk of spam since nothing will be sent out. You can skip this if you want.
For ultimate security (at the expense of portability), you may want to click the Random button to use a random token instead. It will be stored locally in encrypted form.
When you click the button below, the random-looking Lock matching your secret Key will appear on KyberLock's Main screen, along with some further instructions. You want to send that Lock to your friends so they can send you encrypted messages. You can do this any time by clicking the Email button.
You will start in Basic mode, which shows only the most essential functions. If you are looking for more features, go to the Options tab and check the Advanced checkbox.
You may not see this screen again, but comprehensive help is always available by pressing the Help button.
Your Lock will change if this is not the same you entered before.
If you use a random token, make sure to back it up from Options.
Enter the Key/Lock
The Hidden message will appear on the Main tab
Enter the total number of parts (between 2 and 255)
And the number of parts needed to retrieve the item