Mary Robinette Kowal recently launched a novel called Ghost Talkers. In the book, there are men and women who can talk to ghosts. During World War I, there is a special corps which uses the ghosts to receive information from the front. It’s a fascinating idea, and cryptography plays a big role in the story. During the warm-up for the launch of the book, Mary has been playing a bunch of secret message games with her fans. I have long had a interest in cryptography. It was one of my favorite things to study in my programming classes.

So Mary’s launch games got me to thinking again about passing secret messages. One of the the most secure systems for doing this is called a one-time pad. I poked around the internet for a bit but I couldn’t find a good printable way to use it by hand. There is some software, but it all appeared to be lame. So I have built one that you are free to use.

I’m not going to explain the ins and out of why a one time pad is awesome. There’s plenty of resources on the internet for that. I’m just going to tell you how to use it. In the version I’m presenting, you will only use uppercase letters, numbers 0-9, and a few selected symbols. 48 characters in all.

What You Need

An Encrypt/decrypt chart. pdf format A Encrypt/Decrypt Worksheet (not strictly necessary, but super useful) A one time pad. This is the generator. Just click the link and it will generate a one-time pad for you. Print two copies, one for you and one for your secret-passing buddy. The pads are randomly generated in your browser. Once you hit reload or click away, you will never ever get that pad back.

Using the One-Time Pad

Encrypting a Message

First, get the things I mentioned above.

Once you’ve printed two copies of your one-time pad and given one to your messaging partner, it’s time to encrypt your first message. Write the message you want to encrypt in some boxes on a message worksheet. I’ll encrypt the message HI! I AM BRYCE. And I will use underscores for the spaces. Some people just omit the spaces altogether.

Look at the first box on your one-time pad. The character in that box will be the “shift” for your first character.

On your Encrypt/Decrypt chart, scan down the leftmost column to find the row with your “Clear Text” character, in my case an “H”. Then move to the right until you are in the column of the “Shift”, in this case “#”. the box where that row/column intersect is your encrypted text. In this case, it is an “A”.

Now cross off that first square of your one-time pad. You will never use that square again.

Continue, using one square on your one-time pad for each character in your message. Remember to cross out each square as you use it. Here’s my message, encrypted.

Now you are done! Write the encrypted message on another piece of paper, or send it in an email or a tweet. It doesn’t matter who else sees it, because it is encrypted!

Decrypting a Message

Now your friend has received and read your message, and sent you a message, J#NP8?X_!HJ, . Continue using the remaining boxes on the same one-time pad. For ease, you can write the encrypted message on a worksheet. Take note of the next open box on your one-time pad, this is the “shift”. Then follow the column down until you see the encrypted text. Go left to discover the clear text. In my example, I scan the first row until I see the column that has the “shift”, in my case the “C”. Then I look down that column until I see the encrypted text, in my case a “J”. I follow the row left to discover what the clear text character is. In my case it’s an “H.”

Write the clear text character above the encrypted text character on your worksheet, cross off the used shift on the one-time pad.

Now I continue in the same pattern until all characters have been decrypted.

Keeping it Secure

If you do two things, you’ll keep your notes ultra secure.

One-Time pad means use it one time. Once you use up the pad, generate another and use it. Both parties must keep their copies of the pad safe.

Weaknesses

I’m using javascript’s built-in random number generator. Mathematically speaking, it is only pseudo-random, not “truly” random. Maybe someday I’ll make a version that uses random.org’s api. Random.org uses atmospheric data which is much more “actually” random. For a regular person, though, I think you’ll be fine.

In Conclusion

Use this to send love notes to your spouse, or have the coolest pen-pal ever. Don’t use this system to plan your crimes or commit acts of terrorism. In fact, don’t do crimes or terrorism at all. Just be cool, all right?