Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

PassLok Privacy

PassLok is a toolkit that implements public key cryptography and steganography to supplement ANY communications program.

These are the principles guiding the design of PassLok:

  • Perfect portability. Runs on any computer or mobile device.
  • Completely self-contained so it runs offline. No servers.
  • Nothing should be installed. No required secrets saved.
  • Highest-level security at every step. No compromises.
  • Easy to understand and use by novices. Graphical interface, as clean and simple as possible. No crypto jargon.

Because of this, PassLok is pure html code consisting mostly of JavaScript instructions. Its cryptography code is based on Tweet NaCl, also on GitHub. It uses XSalsa20 for symmetric encryption and elliptic curves (Curve25519 and Ed25519) for public-key functions.

PassLok was started as URSA, also by F. Ruiz, and developed privately up to version 1.3.03, made on 8/15/13. Commits on GitHub began seriously with this version. The engine was based on the SJCL library up to version 2.1.03, which has been forked out on this repository in order to preserve it.

These are the open source libraries used in PassLok, which can be found in the js-opensrc directory:

The PassLok original code is in directories js-head and js-body:

  • this only loads two word arrays: wordlist and blacklist: dictionary_en.js
  • Key and Lock functions: keylock.js
  • cryptographic functions: crypto-main.js
  • signatures and other crypto: crypto-extra.js
  • extra functions for mail, etc.: mail&chat.js
  • Shamir Secret Sharing Scheme: SSSS.js
  • text steganograghy: textstego.js
  • image steganography: imagestego.js
  • local Directory functions: localdir.js
  • functions for switching screens, etc.: screens.js
  • special functions that work only with Chrome apps and extensions: Chromestuff.js
  • window reformatting, special functions: bodyscript.js
  • initialization, button connections: initbuttons.js

One component run inside and iframes and is served from a different source. It is not included here because we use Phonegap so generate automatically some versions from this repo, and it should not contain that code. Those components are:

Full documentation can be found at: including:


Copyright (C) 2021 Francisco Ruiz

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see


PassLok contains and/or links to code from a number of open source projects on GitHub, including the Tweet NaCl crypto library, and others.

Cryptography Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.


PassLok privacy app




No releases published


No packages published