What is fusionKey?
FusionKey is an extension for Chrome and Firefox that adds a wonderful little key icon on the upper right of the browser. When you click it, one of these things will happen:
- If the page contains text that has been encrypted (for instance, in an email to you), FusionKey will decrypt it if only you supply your Master Key.
- If the page contains a space where you can write (say, an email Compose or Reply box), FusionKey will pop a box where you can write something away from prying eyes, and then will encrypt it and put it in the original page so you can send it out without the email service, or anyone else, knowing the contents.
- If on the other hand the page contains a box for a password, FusionKey will make a secure password just for that website and put it in that box.
- If neither of the above applies, FusionKey will just say hello and offer some help. Sorry, we can't deliver donuts over the Internet.
the names "passlok" and "synthpass" are used to refer to the app
This is because FusionKey is the (hopefully amicable) fusion of two different apps of mine, hence the name:
I know it may be kind of confusing, but it's a start. If you want more in-depth information on either of these, they have their own info pages, at these places:
You can also use the independent PassLok and SynthPass apps, which can be installed through these links:
- PassLok is a cryptography suite. It pops up if the page contains encrypted material or has sizable input regions, as in email services. Besides encryption and decryption, PassLok hides data into text and images, splits data into bits that can later be combined, and can be used to sign data. Did we mention it also allows you to set up secure chats involving text, sound, and video?
- SynthPass is a password generator and manager. It pops up if the page contains password input boxes. By default, passwords are generated on the fly rather than retrieved from storage, but you can also store your own creations if you insist. It syncs through the browser so there's no separate server to worry about.
I know it may be kind of confusing, but it's a start. If you want more in-depth information on either of these, they have their own info pages, at these places:
You can also use the independent PassLok and SynthPass apps, which can be installed through these links:
What's this "master key"?
Your Master Key is the way to tell FusionKey that it's really you at the computer. Otherwise, anyone could sit at the keyboard while you're having a cup of coffee, and then decrypt your encrypted email, log into your bank accounts, and generally cause untold mayhem. Unlike most system administrators out there, FusionKey is never going to force you to make it a certain way or change it periodically, because it contains clever algorithms to compensate for user ineptitude. Even more, FusionKey will do its utmost to forget it so even a hacker who sits at your machine one stormy night won't be able to get it.
But with great power comes great responsibility. Here's your side of the deal:
Your Master Key can be the same for encryption and for making passwords, or it can be different if you want. FusionKey will remember the last used Master Key for five minutes, after which time it evaporates from memory. If you need to switch it before that time elapses, you can manually delete it in the password-making dialog, or click "Switch Ident." on the encryption side of things to start fresh with a new Identity.
But with great power comes great responsibility. Here's your side of the deal:
- You've got to remember your Master Key. Like I said, it's not stored anywhere, so if you forget it you're in trouble. But since we're all human, FusionKey will give you a clue to let you know when you got it right: a four-letter word (sorry!) in its own Hashili language that appears as soon as you stop typing. Hashili is hard to remember but easy to recognize once you get the right word.
- Do yourself a favor and take the time to make a good Master Key. FusionKey will measure its "information entropy" and tell you how good it is, again using a more sophisticated algorithm than pretty much anything else out there. It will reward your cleverness by making everything faster if your Master Key is Good or better, and punish your laziness by making everything slow if it is Weak. We're pretty sure nobody will choose a Terrible Key willingly, but you can if you insist.
Your Master Key can be the same for encryption and for making passwords, or it can be different if you want. FusionKey will remember the last used Master Key for five minutes, after which time it evaporates from memory. If you need to switch it before that time elapses, you can manually delete it in the password-making dialog, or click "Switch Ident." on the encryption side of things to start fresh with a new Identity.
What's an identity?
"Identities" allow you to have different "Locks" (PassLok word for "public key," which perhaps doesn't explain anything) even if you keep using the same Master Key. This can be useful, for instance, if you use several emails accounts and you want to make them appear as belonging to different people.
Identities are called "Users" in the original PassLok, but I changed the name for FusionKey since it's unlikely that several people will use the same account in Chrome or Firefox. The data stored under each Identity is independent of the others, just as if they were completely different users. They can use different Master Keys, too, though this is not necessary.
If you want to use FusionKey interchangeably with PassLok for Email and have email accounts on differing services, you have to make an Identity for each, since the other app uses the local email address automatically in order to make its Locks. Otherwise you may be fine with just one Identity, which will save you a click when FusionKey asks you to enter your Master Key.
Identities are called "Users" in the original PassLok, but I changed the name for FusionKey since it's unlikely that several people will use the same account in Chrome or Firefox. The data stored under each Identity is independent of the others, just as if they were completely different users. They can use different Master Keys, too, though this is not necessary.
If you want to use FusionKey interchangeably with PassLok for Email and have email accounts on differing services, you have to make an Identity for each, since the other app uses the local email address automatically in order to make its Locks. Otherwise you may be fine with just one Identity, which will save you a click when FusionKey asks you to enter your Master Key.
are there any tutorials?
I haven't got around to making tutorials specific to FusionKey, but those made for PassLok and for SynthPass remain valid. There are links for those in the respective Help screens, which are available depending on which of the two apps opens when you click the FusionKey icon.
PassLok is considerably more complex and harder to learn, and so it also has a special tutorial webpage at https://passlok.com/learn
PassLok is considerably more complex and harder to learn, and so it also has a special tutorial webpage at https://passlok.com/learn
who are you?
My name is Francisco Ruiz and I'm a professor of engineering at a major university in Chicago (Google me). Even though I have spent more time than I can afford on FusionKey and all the other apps, I don't need the money to make a living, and all the help I've gotten so far (mostly from pretty smart students) has been free, so this is why FusionKey is free. Ain't that nice?
Why are you doing this?
I became intensely paranoid about my email a few years ago, before Snowden blew the whistle on the NSA and Mueller began his famous investigation. You may disagree with me, but I believe everyone has a natural right to communicate privately with whomever they want, not by permission of the state, or of the other people for that matter. I have developed my apps to empower the little guy (that may be you) and take this right into his/her/its/whatever's own hands.
With due respect for constituted authority, here's my middle finger for Big Brother and those who think they know what's best for you, and then force you to accept it.
With due respect for constituted authority, here's my middle finger for Big Brother and those who think they know what's best for you, and then force you to accept it.
what's the privacy policy?
Now, wouldn't it be precious if, after having blabbered so much about your right to privacy, FusionKey were stealing your data or otherwise taking advantage of it? But fear not because this is not a possibility.
Specifically:
Specifically:
- What we collect from you: FusionKey works without accessing servers other than those associated with the browser itself (Google, and perhaps Mozilla for the Firefox version), and this only for syncing settings across your devices. All sensitive data is encrypted with your Master Key before those servers can see it, though, so they couldn't see the plaintext even if they wanted. We don't have access to this data. There is a link to upload Locks to the PassLok General Directory, which is under our control, so that other users can get them, but Locks are not private and don't allow anyone to decrypt or otherwise see your private data. Posting Locks in the General Directory is entirely optional, too.
- What we do with the collected data: The only data of yours we may have access to is your non-private Lock, if you post it in the PassLok General Directory. There it sits, waiting for someone to retrieve it after providing your email address. Otherwise we do absolutely nothing with it. We don't know what Google and Firefox do with your synced data, but they couldn't do much anyway since they'd need your Master Key, which is only inside your head, in order to decrypt it.
- What we share with others: only your Lock, if you post it voluntarily in the PassLok General Directory. This is done as a convenience to you since people must have your Lock in order to encrypt data that only you can decrypt. It is also entirely optional (and so far not very popular, either).
any other versions?
Actually, yes! PassLok Universal is pretty much the same as FusionKey, but with the simpler interface of PassLok for Email replacing the full PassLok interface. A few rarely used functions are missing, but you may prefer the cleaner interface and simpler workflow. PassLok Universal is available both for Chrome and Firefox.