It’s been a while without an update, but now here’s one that may be bigger than it appears at first. PassLok has moved to version 2.5, which allows users to share their Locks with friends nearby via a QR code. The picture here contains my Lock, in case you want to communicate with me through PassLok.
Actually, PassLok used to have a feature to make QR codes way back in version 1.6, which got removed because it wasn’t clear how it would get used. No it’s back this way: when you click the Invite button with nothing written in the main box, the QR code pops up (it used to display a message asking you to write something). Say you are running PassLok on your cell phone or a tablet, people who scan the code from your phone using the camera app will be taken to https://passlok.com/app so they can become PassLok users, with the bonus that your Lock will be added to their directory as soon as they finish the initial wizard. The QR code goes away as soon as you touch it.
There’s also a brand-new QR code mode, which can be set on the Options tab. In this mode, encrypting a message creates a QR code on your screen that others can scan without being connected to a network. Scanning it takes them to https://passlok.com/app (it runs offline if previously visited) including the encrypted message so it can be decrypted by the recipient. Messages up to around 1000 characters are possible before the codes get too busy and become unreadable.
More new features:
- Now you can encrypt and decrypt much larger files. There is a handy icon for downloading files on the editing toolbar, and a big Save button that appears when you have files to save. Just click it to download all files in the main box to your default download folder.
- Actually, a removal. The General Directory still exists for those who wish to use it, but it is no longer loaded within PassLok.
You can check the SHA256 of the file you get from passlok.com, Autistici, or Site44 against the code in this article.
4 thoughts to “PassLok v2.5 is here!”
Great work, thankyou for the update, PassLok continues to develop nicely. Still some friction in use but that’s UI/flow and can be smoothed out. Functionally it works well. Will the github repo be updated with this newer version in due course?
The GitHub repo just got updated.
Since passlok can generate QR codes, take a look at how Onygma generates QR codes for the encrypted messages that can be sent online as images. This allows the encryption and decryption to be done using offline airgapped devices. I imagine having this level of operational security would make your product even more useful. https://onygma.com/
It can be done right now, this way:
1. Encrypt message using secure device #1.
2. Copy encrypted message and make a QR code on secure device #1 using a third-party app. This code likely will have a very fine structure.
3. Display QR code for insecure device #1 to read.
4. Send result (encrypted message or QR code) from insecure device #1 to insecure device #2.
5. Make QR code from message, if necessary, on receiving insecure device #2.
6. Display QR code on insecure device #2 for secure device #2 to read.
7. Extract encrypted code on secure device #2 and paste it into PassLok for decryption.
8. Decrypt on secure device #2.
This process can be shortened through a follow-up update of PassLok, but not by much. Step 2 can possibly be done on PassLok itself, at the expense of complicating the interface with an extra button for making a QR code of whatever is on the screen (possibly dangerous, too, for you may end up putting plaintext into it, although it can be checked for its being encrypted), and will end up making a very busy, fine grained QR code that may be hard to read. Step 7 can also be possibly implemented into PassLok, but it will have a size limitation since all the data will be part of the URL as in: “https://passlok.com#encrypted_data” (PassLok can run from cache even if not connected to Internet). Will all this be worth it?
Update: I’ve made a quick test of capacity, and it looks like a message of up to 850 ASCII characters can be encrypted and put into a QR code that will be read by a cell phone. It may be possible to reach 900 by removing the hidden message feature, but not a whole lot more. Is that long enough? The problem is that the resulting QR code is indeed very busy and fine-grained, and my phone won’t recognize it.
So I decided to go ahead and add this capability to version 2.5.1. It is enabled by selecting the “QR code” radio button in Advanced Options.