Shared secret creation

My public key:
Copy
Their public key:
Copy
Shared secret:
Copy

Instructions

  1. A random My public key is generated every time this page is refreshed. It is read-only and base64 encoded.
  2. Send this key to another party which has their own instance of this page.
  3. Get their public key from them.
  4. Do not refresh this page while the public keys are being exchanged.
  5. Paste their public key into the designated field. The Shared secret will appear if the key is valid.
  6. The other party must do the same on their end to view the Shared secret.
The Shared secret can be used as a password to encrypt and decrypt a private message between you and the other party. For example, zip files (7zip is preferred) can be password encrypted and sent as email attachments. [Tip: send an encrypted message containing a shorter password for future use.] Short text messages can be encrypted/decrypted with the Shared secret above using the boxes below.

Encryption

Message to encrypt/decrypt:
Encrypt/decrypt Copy

Instructions

  1. Create a Shared secret at the top of this page.
  2. Type or paste text into the Message box and click on the Encrypt/decrypt button. The encrypted message appears in the Message box in place of the original message.
  3. Copy the encrypted message and send it to the other party. When they receive it, they can paste it into their own Message box
  4. If they have the Shared secret, they can decrypt the message by clicking on the Encrypt/decrypt button. The original message will appear in their Message box in place of the encrypted message.
  5. They can reply to your message by following these instructions on their end.

Technical notes:

This page uses the TweetNaCl-js implementaion of Ed25519 DSA (Digital Signature Algorithm) and SHA-512 for hashing the mnemonic seed.

Once it is served to your computer, has no further communication with the server or any other entity. No cookies or local data storage are created when the pages run in your browser. Therefore, secret data exist only temporarily within the browser while it is open, unless manually copied elsewhere. The browser cache should be cleared before closing it. The clipboard should also be cleared if a secret was copied to it.

For enhanced peace of mind, save this HTML page to your computer when it is blank and move it to an offline computer before using. Review the dowloaded code, which includes the two libraries nacl.min.js and nacl-util.min.js, obtained from Github user dchest (Dmitry Chestnykh). The originals are available at these links along with non-minified (and possibly more recent) versions:

  1. tweetnacl-js 1.0.3
  2. tweetnacl-util-js v0.15.0
TweetNaCl.js was ported from TweetNaCl / NaCl.