Encryption applet

Back to home page

You can use this applet to send and receive encrypted messages.

To send a secret message to me, use this encryption key:

The sections below contain more information about what this applet can do for you:

About this applet
How to encrypt a message
How to decrypt a message
How to generate your own encryption key
Algorithms used by this applet

See the source code for this applet


Java Runtime Environment (JRE) version 5 or higher is required to run this applet. If the applet above did not start, try installing the latest version of JRE from Oracle.


About this applet

This applet gives everyone the ability to send and receive secret, encrypted messages using RSA-like algorithms. RSA is the foundation of nearly all electronic public-key encryption schemes used today, from Internet shopping sites that handle your credit card information to those security alerts warning you about untrusted downloaded content. With a sufficiently long and well-randomized encryption key, RSA encryption is generally considered unbreakable. For more information, see the Wikipedia article on RSA.

This applet provides three functions that, when combined, forms a complete solution for anyone intending to securely send and receive messages online, through email, instant messaging, or any other means:

NOTE: This applet uses its own method of generating and displaying keys and messages. It is almost certainly NOT compatible with any other security software. Do not attempt to exchange keys and/or messages from any other software or web site with this one.

WARNING: This applet is designed for personal, casual use only. It has passed limited testing to establish its general behavior, but its inherent security implementation may be flawed and it cannot be guaranteed to be free of error. Never use this applet to encrypt any vitally sensitive information. Always assume the existence of techniques to recover messages without the passphrase, and the possibility of irrecoverable loss for any encrypted data.

See the sections below for more detailed information and instructions about each function.

How to encrypt a message

Before encrypting messages, you must have an encryption key. This key helps define exactly how your message will be scrambled, and determines who is able to read your scrambled message. You should receive this key from the person to whom you will send your message. If he/she does not have one, ask him/her to generate one using this applet. My personal key can be found at the top of this page.

Here is a summary of steps involved in encryption:

  1. Get an encryption key from the recipient of your message.
  2. Select the "Encrypt" tab in the applet.
  3. Copy-paste the entire key, enclosed in [ square brackets ], into the "Encryption key" text field.
  4. Type your message into the "Your message" text area.
  5. Click "Encrypt".
  6. Copy the entire content that shows up in the "Encrypted message" text area. The content may be composed of multiple chunks, each enclosed in [ square brackets ]. Send this to the recipient using email, chat, or any other method you like.

How to decrypt a message

Messages encrypted using a key can only be recovered with the passphrase that was used to generate that key. The sender of the message should have received your personal key from you and used it to encrypt the message.

Once you have received an encrypted message, follow these steps to decrypt it:

  1. Select the "Decrypt" tab in the applet.
  2. Copy-paste the entire message into the "Encrypted message" text area. The message may be composed of multiple chunks, each enclosed in [ square brackets ].
  3. Type your passphrase into the "Your passphrase" text field.
  4. Click "Decrypt".

If the result is unreadable, it is most likely because you did not type the correct passphrase. Check your spelling, capitalization, and punctuation and try again. Also, try using the passphrase you typed to generate a key and verify that it matches the key used by the sender of the message.

How to generate your own encryption key

An encryption key is needed for anyone to send you a secret message through this applet. Your key is generated from a passphrase that you provide. Barring the tiny possibility of "collisions" (where two different passphrases happen to map to the same key) and unforeseen mathematical methods, only your passphrase can be used to decrypt messages that were encrypted using your key.

The passphrase plays the central role in keeping this entire system secure. In fact, it is very fair to say that guessing your passphrase is the easiest way for anyone to read your secret messages, other than perhaps standing behind you when you decrypt. It is therefore very important for you to choose an appropriately secure passphrase. Some tips are:

Some possible candidates for good passphrases include:

Do be creative in coming up with your own ideas. Anything that you can easily remember, but isn't part of your public (e.g. Facebook or MySpace) profile, can be a good choice.

Once you have chosen your passphrase, follow these steps to generate your key:

  1. Select the "Generate key" tab in the applet.
  2. Type your passphrase in both text fields.
  3. Click "Generate".

The entire content that shows up in the "Generated encryption key" text area, enclosed in [ square brackets ], is your key. Distribute this key publicly, to everyone from whom you want to receive encrypted messages. It is infeasible for anyone to discover your passphrase or decrypt any messages using the key alone. Always keep your passphrase secret.

Algorithms used by this applet

The key generation algorithm is deterministic, i.e. any single passphrase will always generate the same key. This is done to ensure the passphrase can be used to decrypt messages without requiring users to supply an explicit decryption key. The key is computed as follows:

  1. Convert the passphrase into a numerical value X according to the UTF-16 encoding of its characters.
  2. For each value of i in {1, 2, 3}, compute Yi = (RiX) mod M, where Ri and M are randomly preselected (fixed) 1024-bit primes.
  3. For each value of i in {1, 2, 3}, define Zi as the smallest prime strictly larger than (Yi mod (2**Si)) + 2**Si, where Si represents the desired bit length of Zi.
  4. Assign RSA primes p = Z1, q = Z2, and e = Z3. p and q are 256 bits each, e is 210 bits.
  5. Compute RSA modulus n = p·q, and decryption key d as the multiplicative inverse of e modulo (p-1)·(q-1).
  6. Output public key pair in the form [n=e], with n and e encoded in base 64 using characters {0-9, A-Z, a-z, '.', ','}.

Encryption and decryption closely follow standard RSA. The plaintext message is broken into chunks of size smaller than the modulus n, and converted into a numerical value according to the UTF-16 encoding of its characters. The ciphertext is the base 64 representation of [(chunke) mod n]. Ciphertext is decrypted chunk-by-chunk as [(chunkd) mod n], with the result converted back into a UTF-16 string.