A padlock might be the easiest piece of security tech a person can own. You close it, it clicks, and then you need a key to open it up again. It's simple, intuitive. You never need to explain to anyone how a padlock works, and you never need to worry that you're using it wrong. If you want to know if you've locked it, you just give it a tug and the answer's right there.
That sounds simple, but it's a problem security software has been struggling with for a long time. Standard protocols like PGP rely on a web of passwords and key exchanges. A minor slip-up can easily bring down the whole system, especially if you aren't sure what you're doing. Unfortunately for the everyday user, the simplicity of the padlock is a rare thing.
You'll always know what's locked and what's unlocked
A new Chrome app called Minilock wants to change that, and it's available free in the Chrome app store starting today. Developed by Nadim Kobeissi, the program has a simple purpose: encrypting single files for specific recipients. It's solid crypto, but more than that, it makes sense in a way that few programs of its kind do. Like a padlock, Minilock makes it obvious what's locked and what's unlocked. You'll always know who can open what, and you'll never wonder if you've locked it wrong. In the confounding world of modern cryptography, that's pretty impressive.
Signing up is simple too: When you launch the app, you'll be asked for an email address and a password, and get a 44-character minilock ID in exchange. That ID is your public key, and your friends will need it to send you messages, so you'll want to share it widely. If you want to send your friend a file that only they can open, you can just drop the file into Minilock and enter in your friend's ID, ensuring that only their copy of Minilock can unlock the file. It's an easy trick, and if you keep any sensitive documents in the cloud — a copy of your tax return on Google Drive, for instance — it's a surprisingly useful one.
"Chrome is one of the most secure ecosystems out there."
It's also good news for Chrome. Building for ChromeOS means Minilock can launch for Windows, Mac and Linux all at once, but Kobeissi says he chose the platform for security reasons, including Chrome's built-in protection against in-line code execution. It also allowed Minilock to get by with relatively simple code, which has already passed through a number of open audits. "My belief is that Chrome is one of the most secure ecosystems out there," Kobeissi says.
Of course, there's a lot Minilock doesn't do. Unlike encrypted mail or chat apps, it won't actually deliver messages for you, and it doesn't pretend to cover your tracks as you deliver the files. That's a much harder problem than local encryption, and while there are plenty of tools that will help you with it (most notably Micah Lee's Onionshare), Minilock doesn't provide much guidance on what to do with the files once you've locked them up.
That's the price of the padlock model: it's a specific tool, not an all-purpose solution. Kobeissi is already planning new features for the app, like a built-in contacts list and adding enough power to send files up to 50Gb, but the program is unlikely to add many new functions beyond that. The simplicity is part of the point. If you need to do more, there's always Tor, Tails, and a host of other encryption apps, all of which will work nicely in conjunction with Minilock. Just don't expect them to look as good, or work as easily.