You can use this applet to send and receive encrypted messages.
To send a secret message to me, use this encryption key:
[1uaHXRnYONL161aIW37D7jX2ZliC4oikgMouikIquKPDFk8katPU7vIaAFFHAkJq8xTYCPPa,sJsietFe2XGXT=v09i.u0Nd9JShHjzueEaV5IDitD2aKHPVNL]
The sections below contain more information about what this applet can do for you:
About this applet
How to encrypt a message
How to decrypt a message
How to generate your own encryption key
Algorithms used by this applet
See the source code for this applet
Java Runtime Environment (JRE) version 5 or higher is required to run this applet. If the applet above did not start, try installing the latest version of JRE from Oracle.
This applet gives everyone the ability to send and receive secret, encrypted messages using RSA-like algorithms. RSA is the foundation of nearly all electronic public-key encryption schemes used today, from Internet shopping sites that handle your credit card information to those security alerts warning you about untrusted downloaded content. With a sufficiently long and well-randomized encryption key, RSA encryption is generally considered unbreakable. For more information, see the Wikipedia article on RSA.
This applet provides three functions that, when combined, forms a complete solution for anyone intending to securely send and receive messages online, through email, instant messaging, or any other means:
- Encrypt - this function takes the encryption key provided by the intended recipient of a message, and uses it to scramble your message into a form that no one else would be able to understand. Only the person who owns the encryption key can translate the scrambled code back into its original, readable form.
- Decrypt - this function allows recipients of encrypted messages to decode it using his/her own secret passphrase. Only messages encrypted using the key that was generated with the same passphrase can be decoded successfully.
- Generate key - this function allows anyone to obtain a personal encryption key through the use of a passphrase. Different passphrases will generate different keys. The generated key can be distributed to the public for use in encryption, and the original passphrase is to be kept secret as the only way to perform decryption.
NOTE: This applet uses its own method of generating and displaying keys and messages. It is almost certainly NOT compatible with any other security software. Do not attempt to exchange keys and/or messages from any other software or web site with this one.
WARNING: This applet is designed for personal, casual use only. It has passed limited testing to establish its general behavior, but its inherent security implementation may be flawed and it cannot be guaranteed to be free of error. Never use this applet to encrypt any vitally sensitive information. Always assume the existence of techniques to recover messages without the passphrase, and the possibility of irrecoverable loss for any encrypted data.
See the sections below for more detailed information and instructions about each function.
Before encrypting messages, you must have an encryption key. This key helps define exactly how your message will be scrambled, and determines who is able to read your scrambled message. You should receive this key from the person to whom you will send your message. If he/she does not have one, ask him/her to generate one using this applet. My personal key can be found at the top of this page.
Here is a summary of steps involved in encryption:
- Get an encryption key from the recipient of your message.
- Select the "Encrypt" tab in the applet.
- Copy-paste the entire key, enclosed in [ square brackets ], into the "Encryption key" text field.
- Type your message into the "Your message" text area.
- Click "Encrypt".
- Copy the entire content that shows up in the "Encrypted message" text area. The content may be composed of multiple chunks, each enclosed in [ square brackets ]. Send this to the recipient using email, chat, or any other method you like.
Messages encrypted using a key can only be recovered with the passphrase that was used to generate that key. The sender of the message should have received your personal key from you and used it to encrypt the message.
Once you have received an encrypted message, follow these steps to decrypt it:
- Select the "Decrypt" tab in the applet.
- Copy-paste the entire message into the "Encrypted message" text area. The message may be composed of multiple chunks, each enclosed in [ square brackets ].
- Type your passphrase into the "Your passphrase" text field.
- Click "Decrypt".
If the result is unreadable, it is most likely because you did not type the correct passphrase. Check your spelling, capitalization, and punctuation and try again. Also, try using the passphrase you typed to generate a key and verify that it matches the key used by the sender of the message.
An encryption key is needed for anyone to send you a secret message through this applet. Your key is generated from a passphrase that you provide. Barring the tiny possibility of "collisions" (where two different passphrases happen to map to the same key) and unforeseen mathematical methods, only your passphrase can be used to decrypt messages that were encrypted using your key.
The passphrase plays the central role in keeping this entire system secure. In fact, it is very fair to say that guessing your passphrase is the easiest way for anyone to read your secret messages, other than perhaps standing behind you when you decrypt. It is therefore very important for you to choose an appropriately secure passphrase. Some tips are:
- The passphrase does not need to be a single word - it can be anything you can type on your keyboard.
- The longer a passphrase is, the more secure it is likely to be.
- Try to find an eccentric passphrase that reflects your personality. It is both easier for you to remember and harder for people to guess.
- Passphrases, like passwords, are case sensitive. Remember if you typed it all in lowercase letters or if you capitalized some letters, and remember if you use any punctuation. Even the number of spaces matters!
Some possible candidates for good passphrases include:
- A line of lyrics from a song that you used to like
- The title of the most boring book you have ever read
- An expression or sentence that a deceased loved one had always used
- An address where you lived as a child
Do be creative in coming up with your own ideas. Anything that you can easily remember, but isn't part of your public (e.g. Facebook or MySpace) profile, can be a good choice.
Once you have chosen your passphrase, follow these steps to generate your key:
- Select the "Generate key" tab in the applet.
- Type your passphrase in both text fields.
- Click "Generate".
The entire content that shows up in the "Generated encryption key" text area, enclosed in [ square brackets ], is your key. Distribute this key publicly, to everyone from whom you want to receive encrypted messages. It is infeasible for anyone to discover your passphrase or decrypt any messages using the key alone. Always keep your passphrase secret.
The key generation algorithm is deterministic, i.e. any single passphrase will always generate the same key. This is done to ensure the passphrase can be used to decrypt messages without requiring users to supply an explicit decryption key. The key is computed as follows:
- Convert the passphrase into a numerical value
X
according to the UTF-16 encoding of its characters.- For each value of
i
in {1, 2, 3}, computeYi = (RiX) mod M
, whereRi
andM
are randomly preselected (fixed) 1024-bit primes.- For each value of
i
in {1, 2, 3}, defineZi
as the smallest prime strictly larger than(Yi mod (2**Si)) + 2**Si
, whereSi
represents the desired bit length ofZi
.- Assign RSA primes
p = Z1
,q = Z2
, ande = Z3
.p
andq
are 256 bits each,e
is 210 bits.- Compute RSA modulus
n = p·q
, and decryption keyd
as the multiplicative inverse ofe
modulo(p-1)·(q-1)
.- Output public key pair in the form
[n=e]
, withn
ande
encoded in base 64 using characters {0-9, A-Z, a-z, '.', ','}.Encryption and decryption closely follow standard RSA. The plaintext message is broken into chunks of size smaller than the modulus
n
, and converted into a numerical value according to the UTF-16 encoding of its characters. The ciphertext is the base 64 representation of[(chunke) mod n]
. Ciphertext is decrypted chunk-by-chunk as[(chunkd) mod n]
, with the result converted back into a UTF-16 string.