If you follow these instructions together with the Safety Suggestions to the right, you are using the Ghostphrase tool at its optimum. You may of course choose at your own risk to use more relaxed security options if you want, such as running Ghostphrase on an on-line computer. It is still safer.
.
Text version for printing.
NEW! 18-page html step-by-step instruction with screen shots!
Overview.
Passwords.
User password.
Link password.
Message key.
Keyboard.
Encryption.
Decryption.
Email.
Errors.
Support files.
Uninstall.
Overview
Quick guide: enter three passwords, your text, press encrypt. Send the file as an email attachment, or upload it. To decrypt: enter the same three
passwords, the file name of the encrypted file, press Decrypt. Very easy. Below are more detailed suggestions.
For extreme levels of caution, use Ghostphrase on a stand-alone computer, then send or collect messages as email attachments from/to another computer. The Ghostphrase tool encrypts from its own screen keyboard, and decrypts from its own type of binary files, or .dat or .txt files. NEW! Buy versions allow users the option to enter the message using the normal keyboard. Ghostphrase does not send or recieve emails or access the internet by itself. The person(s) you communicate with must have the same version of Ghostphrase as you do. For maximum security, you should pay for a full version, and regularily update your tool to new versions with new internal keys. The free version runs only four times per day, and is semi-randomly inactivated for two days per month. The pay versions run for 200 times per day, and have no other blocks.
Passwords.
Ghostphrase requires three types of passwords or pass-keys: the User password, the Link password, and the Message key.
The User password. is provided by us. It is the same each time for a given copy of the tool. It is required to run your copy of the tool, both when encrypting and decrypting. It is not used in the encryption algorithms. There is no limit on the number of wrong trials for this password. The User password presented when you download the tool will change on that web page on a regular basis. As a registered user, you will get another User password for your registered copy. The User passwords are only semi- unique, there may be multiple users with identical User passwords.
The Link password. is a user-chosen word or sentence, intended to be unique for each pair or small group of email communicators, should ideally be decided on at a face-to-face meeting, and should ideally be at least 20 characters in length (max: 80 characters). Note that you can use spaces and choose a long sentence which is easier to remember than a long password. Obviously there will be no check for its correctness when you encrypt a message, but if incorrect at decryption, the encrypted message will be deleted. The Link password is stored in the encrypted file. The Link password is used in the encryption algorithms.
Communicating only with people you know is a good way to protect yourself.
The Message key. is entered with the buttons on the Ghostphrase dialog interface. This 24-digit number should ideally be generated by rolling 20-sided dice. It should ideally be unique for each message, and ideally communicated to the recipient on some other channel than the email. The penalties for entering a wrong Message key upon decryption are that you will produce an unreadable 'clear text', and the encrypted file will be deleted.
The Keyboard.
The user enters all text for the User password, the Link password, and for the clear text to be encrypted by mouse clicks on the Ghostphrase dialog keyboard.
Only those characters depicted on the keyboard are thus allowed. There is a Swedish version which can use the three extra characters of the Swedish 29-letter alphabet. Buy versions (3.0, SILVER, GOLD) include the option to enter the message using the normal keyboard. Please remember you are very exposed to keyboard loggers with this option. An easy remedy is to use this option only on off-line computers, and then bringing the encrypted file to another computer that you email or post from.
NEW! With any of the buy options you can now also add a scrambled screen keyboard that is unique for each order. This will obstruct mouse tracking spyware!
Encryption.
When encrypting a new message, enter the User password on the dialog keyboard, then press the User password button. The small boxes at the top left are checked after each password entry. Enter the Link password from the same keyboard and press the Link password button. There will be no check for correctness at this stage. Enter the Message key with message key keyboard on the top right of the dialog box. You can enter the three passwords in any order you prefer. Enter your message from the dialog keyboard, maximum 2000 characters. You will not be able to see your message as you write. If you exceed 2000 characters, the text will be deleted. You can see the current size in a small window. You can shut this off with a radio button if you like. You can manually delete all current text to start over, by clicking the button 'Delete all current text'. NEW! SILVER and GOLD versions include the option to enter, see, and edit the message using the normal keyboard. Please remember you are very exposed to keyboard loggers with this option. An easy remedy is to use this option only on off-line computers, and then bringing the encrypted file to another computer that you email or post from. When you are done, click the Encrypt button. An encrypted file with a unique name of the type: "205_7_22_1" will appear in the same folder as the tool. The first number is a fairly unique number for that message. The two middle numbers represent the month and day, and the last number is the run number of the session. The run number on file names will reset to 5 after reaching 400. The date of the encrypted file is matched with an internal encrypted date stamp, albeit in a different date format. The file name is also copied in encrypted form inside the message.
Decryption.
Use the same procedure for entering the three passwords and keys as when encrypting, but then specify a file name in the Decryption box in the dialog window. The file has to be in the same folder as Ghostphrase. You have a choice of clear text output; text file and screen message, or only screen message. When you click DECRYPT, the encrypted file is deleted. and transformed to a text file with the same name + 'clear', and/or only a screen message. The encrypted file will be deleted before decryption if:
* it is older than two days
* its name was altered
* the wrong Link password was entered.
3.0, SILVER and GOLD editions allow you to choose a date for decryption, blocking all other dates, or choose so the file never expires. This is chosen at encryption.
The clear text file generated by decryption (if you used that option) will be deleted next time you run Ghostphrase. You can save it simply by first re-naming it to something else, printing it, or copying to a Word document. However, we do not recommend saving any clear text messages.
Email.
Some email software add a '.dat or a '.txt' extension to the Ghostphrase file. In the 2.0, 2.5 and 3.0 versions these are read automatically. With 1.3 or earlier versions, you must remove the .dat/.txt, for example by "save as" from the email display and remove the extension from the file name, otherwise Ghostphrase 1.3 cannot read it.
Note that few email clients erroneously incorporates the GHOSTPHRASE file as text inside your email message, and thus deletes the file name and scrambles the crypt. If this happens, you need to change the settings of your email client, or change to an email client that can send and receive attachments normally, otherwise GHOSTPHRASE will not read the encrypted message.
On rare occations, an bad email client might damage the attachment, making decryption impossible. We recommend MS Outlook or Gmail for proper attachment handling. Note that you can also anonymously, instantly post and download your encrypted files from our Message Board, increasing anonymity and confidentiality, and bypassing email clients.
Errors.
Some errors are reported by message box windows, others are put in a log file called Errors.txt in the same folder as the tool. These error messages tell you why something happened, e.g. wrong password. The free 2.0 and 2.5 versions only run max four times per day. The pay versions run max 200 times per day. The free 2.5 versions are also inactivated for two semi-random days per month.
Support files.
The file 'UxTirf' is needed for proper function of Ghostphrase. Do not remove it. Some other temporary files are also produced in the same folder as the tool. There are no cookies planted. There is no copy protection, i.e. you may have several versions of Ghostphrase, or copy it. For optimal performance and management, please keep each version of Ghostphrase in its own folder.
Uninstall.
GHOSTPHRASE is distributed as an exe file, either downloaded or copied from disk or other media. It makes some txt and bin files in the same folder when it runs. As the tool was not installed with an installer, you cannot remove it using 'Add/remove programs.' Just delete the whole folder holding GHOSTPHRASE items, or delete individual copies of exe files as you like.
Back to the top.
Terms and Conditions.
