Create encrypted messages, images, files as HTML with Portable Secret

Martin Brinkmann
Dec 22, 2022
Security
|
13

Portable Secret is an open source tool that is designed to encrypt messages, images or files and save them as HTML files. These files may then be shared, opened in any browser, and decrypted by providing the password. They require no tools other than the browser itself.

The developer revealed that they created Portable Secret for two main reasons: to send data over insecure channels, and to store sensitive information in insecure locations.

Unlike many other encryption options, like VeraCrypt or PGP, Portable Secret requires only a modern web browser for the decryption part; this removes a high barrier from the entire process.

Using Portable Secret is straightforward as well. Visit the Secret Creator website, or host one of your own on your system. The basic HTML page lists everything that is needed to encrypt the data.

Here are the steps involved:

  1. Use the reload buttons to create random Salt and IV numbers.
  2. Set a password; this password is required to decrypt the data.
  3. Password hint: optional, may provide a hint regarding the password, or a fake hint.
  4. Select the type of data that you want to encrypt:
    1. Message: type the message.
    2. Image or File: select an image or file from the local system.
  5. Activate the Generate secret button to encrypt the data.
  6. Select "save secret.html" to save the encrypted HTML page to the local system.

That is all there is to it. You may then store the HTML page on the local system, copy it to external storage devices, upload it to the Internet, or share it with others.

enter password

Recipients need to open the HTML file in a browser and type the password to access the data.

Security depends strongly on the selected password. Selection of strong unique passwords is advised to keep the data protected against brute force attacks or guesses.

How it works

The developer explains that the HTML file contains an encrypted payload and JavaScript that uses the browser's Web Cryptography APIs. Decrypting does not require an Internet connection or any other tool on the user device.

The code itself that is used to decrypt the data requires three simple steps: use the password to generate a key, use the key to decrypt the payload and display the decrypted message or file.

Closing Words

Portable Secret makes it easier to share encrypted data or store it, as it requires nothing but a modern web browser and the code to run the secret generator. While it may not be suitable for all use cases, storing hundreds of images come to mind, it may work well for others.

Now You: what is your take on Portable Secret? Would you use it? (via Hacker News)

Summary
Create encrypted messages, images, files as HTML with Portable Secret
Article Name
Create encrypted messages, images, files as HTML with Portable Secret
Description
Portable Secret is an open source tool that is designed to encrypt messages, images or files and save them as HTML files.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Emir-Stein Center said on December 23, 2022 at 6:19 pm
    Reply

    Thanks for the info Brinkmann. This will be handy for sending password protected files to my average Joe friends.

  2. Anonymous said on December 22, 2022 at 10:45 pm
    Reply

    i just use AEScrypt (https://www.aescrypt.com/)

    simple, easy – and is available for mobile OS too, whats quite impotant nowadays.

  3. VioletMoon said on December 22, 2022 at 7:46 pm
    Reply

    okay–what to do with this?

    asKx0lNEMQdaqGc8uvXrXBYdOrdkI3OLhA4kfnC2FkRqZFiItDmIQObacI7ynCL+ZkLwKxN37tQTLq+QIQTOB0OifwsX5D8jRbE3rTNDazPSaNJmHbseRbK0eC6rlYFfpbhCgeoelyIQEM/KPDllI3mQwXzuO+N8vIKBt6xfesocEAIkb+IEgosKqueQJltkgI07Sc8nw1Zn2vGaI2REd/Vi5/O8rdHSkSbLIomdvO3vmYhfp/ZfMw==

    hint–it’s blowfish

    secret is the same as portable secret – try

    or

    10v3 70 h4v3 y0u 0v32 f02 ch2157m459h4ck5 15 4 92347 5173 f02 23f323nc317’5 4 w0nd32fu1 d4y h323 1n p424d1537h3 w1n732 501571c3 c323m0ny w45 w0nd32fu17h4nk5 f02 3v32y7h1n9

    which is Leet–approved language in New Zealand level one

    or

    01101100011011110111011001100101 0111010001101111 01101000011000010111011001100101 011110010110111101110101 01101111011101100110010101110010 011001100110111101110010 011000110110100001110010011010010111001101110100011011010110000101110011 01110100011001010110110001101100 0110110101100101 01110111011010000110000101110100 01110100011010010110110101100101

    binary

    now i can send my message packaged with peazip via a self-destructing email and a keyfile sent via phone–maybe the recipient won’t take a screenshot because all of this stuff can be intercepted and deciphered rather easily, and a screen shot makes all of this stuff pointless.

  4. Paul(us) said on December 22, 2022 at 7:01 pm
    Reply

    Nice find Martin. I even want to write “A really nice find!”
    Thanks, Martin.

  5. VioletMoon said on December 22, 2022 at 6:50 pm
    Reply

    May as well use PeaZip, generate a key file, send the payload via disposable email, and the keyfile via phone–some such thing.

    The Problem I see is at some point any encrypted payload is decrypted at which time security becomes an issue. What will the recipient do with the information–even if the email is self-destructing and the link is limited? Screenshot and save? Pointlessly encrypted.

    That may be why intelligence agencies rely on memory–or at least the DGSE. Any information worth encrypting is worth memorizing–e.g. a list of embedded agents.

    One may want to read more about the Oral Tradition:

    https://www.britannica.com/topic/oral-tradition

    My father, uncle, and grandfather were Freemasons. The amount of material memorized by the time one reaches the title of 32nd Degree Mason is phenomenal.

    Make up coded language . . . ? Use Morse Code, yes.

    .-.. — …- . – — …. .- …- . -.– — ..- — …- . .-. ..-. — .-. -.-. …. .-. .. … – — .- … -.. .. -. -. . .-. .-.. . – — . -.- -. — .– .– …. .- – – .. — . – …. .- -. -.- …

    One can copy the above and find a Morse Code reader online. Still too easy!

    https://morsecoder.org/english-to-morse-code

    Lots of love and thanks.

  6. Anonymous said on December 22, 2022 at 2:37 pm
    Reply

    Nice approach, but for my personal usage I prefer Picocrypt to transfer smaller files via insecure channels (such as USB sticks):

    https://github.com/HACKERALERT/Picocrypt

    In my opinion Picocrypt is a tiny but extremely nice tool.

    For larger files I use external USB hard disks with either Veracrypt or dm-crypt/Luks.

  7. Tom Hawack said on December 22, 2022 at 11:23 am
    Reply

    Particularly handy for girls when you’ve forgotten their birthday, to send you an encrypted message with “My birth date” as the password hint :=)

    Regarding this ‘Portable Secret” : is it that i’m not waked up (yet), is it that I’m dumber than I thought, but I lack to understand how you start it. Is it an application? Where do you download it? Is it an on-line app? I miss something.

    1. Tom Hawack said on December 22, 2022 at 12:21 pm
      Reply

      Found it, online : ‘Portable Secret Creator’ at [https://mprimi.github.io/portable-secret/creator/]

      1. Martin Brinkmann said on December 22, 2022 at 1:01 pm
        Reply

        There is a link on the repo that points to the creator, thanks for posting it for everyone!

  8. John said on December 22, 2022 at 7:41 am
    Reply

    I like 7z encryption for this kind of stuff. Simple to use and gets the job done. I don’t even have to compress the contents.

    Store, encrypt and encrypt filenames too. Send as attachment. Done!

    I have faith that 7z encryption (AES-256) will be around much longer (and on many more systems) than the crazy world of browser APIs. Most browser makers are so intent on stealing your data, it’s like using an encryption tool from the NSA.

    I’m sad that I feel this way about most browsers (except Firefox and a few small independents) but it’s the world we live in. Google, Safari, Chrome-clones, Apple, Microsoft? All of their code feels dirty.

    1. riri0 said on December 22, 2022 at 11:05 am
      Reply

      you are probably the luckiest person on earth that you do not need to deal with people that:

      a. hates more apps, the less the better. requiring yet another app to open a file is a big nono

      b. hates a “setup” process. opening a site or a link to the app store, downloading, installing and opening the app and the app may or may not have a setup process, or ask additional permissions that people find annoying to deal with those popups.

      c. or hate prerequisites required to open a file when a setup process is not involved, like download a portable version of an app, extracting or installing it, then opening the app, and using the said app to open the file.

      d. hates listening to a sender giving you a lecture, no matter how brief, on “how to open” or “how to play” or “how to use”. It doesn’t matter how simple or easy it is, they just hate it.

      And if you tell me i should ignore or don’t deal with those people, among those type of people are my family. So you want me to abandon or disown them for this kind of thing? 7-zip is not a preinstalled or out of the box experience. A browser is. You only need to worry about telling the other side to get a “new phone” if their phone is too old, or go to your PC/Laptop/Android Tablet if for some reason it doesn’t work on their apple device.

      1. John said on December 22, 2022 at 7:58 pm
        Reply

        You sound very angry. It makes your comment sound funny. Calm down…

        A very small subset of people will actually ever send encrypted stuff to family. I have never had to in decades of computing. Ever. I do send, save and store encrypted stuff for myself. I suspect this is what you do too.

        7-zip isn’t the only application available to deal with 7z archives but you know this (which is why I asked you to calm down because you are not thinking straight).

        How often do you send encrypted stuff to you Mother, Grandson, Daughter? Would you use this method? LOL. No. You read my comment, got triggered, responded and moved on – leaving this hackish method a long forgotten memory.

        I still stand by my position. If it’s valuable data you need to encrypt, I wouldn’t trust the Apples, Googles and Microsofts of the world. Everything they do is dirty. Everything.

        You might be a fanboy of one of these companies which might explain you odd reaction.

      2. tintwat said on December 23, 2022 at 3:54 am
        Reply

        +1 for using 7zip for encryption, and also for not wanting to use a browser for this purpose. Browsers are huge, complex and constantly getting security fixes, not what you want in your encryption tool.

        However, PicoCrypt, as recommended by anonymous in the comments, looks interesting.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.