MarpX Privacy

Install Private Key Expanders (PKEs)

  1. How your order arrives
  2. Secure handling and redistribution
  3. Shared PKEs and shared confidant codes
  4. Install = add a new roster entry
  5. What winds up where?

How your order arrives

Place orders for Private Key Expanders (PKEs) at When you place your first order, you will be asked the normal questions to support a business transaction. In addition, you will be asked to create a secure seven character key (any combination of capital letters, lower case letters and/or numeric digits). Depending on your order, your supply will arrive either electronically or by mail on a flash drive. Your first order normally takes one extra business today so that we can check your eligibility. You must be in the United States, not a national of a country under U.S. government sanctions, and not personally or part of an entity on the U.S. Consolidated Screening List.


Your first order will include one extra PKE at no charge. You will be asked to use that PKE in a new entry to the roster, with Marpex Inc. as the fellow confidant and the seven character code above as the confidant code. With that confidant relationship in place, we can fulfil your subsequent orders with Extreme Encryption™ security.


Unless you order otherwise, your PKEs will be in batches of up to one thousand units. Each batch is a self-executing ZIP file which has been encrypted. On the first order, use the same seven character code as above to decrypt the batches. In later orders, use Keyless Mode and the Marpex Inc. confidant relationship to decrypt your batch(es) of PKE files.


Once decrypted, the batches may be broken into their individual PKEs by double clicking on the self-extracting file.

Secure handling and redistribution

When your order arrives, best practice is to set it up using a computer that is not connected to the Internet. If you are unable to do that, at least use a computer with strong anti-piracy protection and extract your new PKE files onto a USB flash drive (or some equivalent). The aim is to minimize the exposure of unencrypted PKE files as a precaution against infiltration by malevolent persons.


If you ordered a flash drive, it has the entire MarpxPrivacy program and support files already in place. You are free to make copies of this flash drive for others. The one precaution is to pass along to others only the PKE files that they will individually need for themselves and/or to pass along to their prospective confidants. Think security!

Shared PKEs and shared confidant codes

Encrypt any PKE file that may be at risk when transmitted. Ensure that all recipients understand the security need. They will all need to be aware of how to Set Up To Share Confidential Matters. This includes arranging to share confidant confidant codes for each relationship by some offline method, best face to face, alternatively by telephone or other means.

Install = add a new roster entry

When a PKE is used within a new roster entry, it must at that moment be unencrypted. Since confidant relationships would not yet be in place, manual keys might be needed to decrypt the PKE file.


From there, each participant should follow the instructions of how to Add a New Roster Entry.

What winds up where?

When you add a new entry to the roster, the PKE file (if any) is automatically encrypted and stored in a sub-directory named PKEs within the MarpxPrivacy set of program and support files. You can at this point delete the unencrypted PKE file, or at a minimum store it offline in a secure place.


The roster is re-encrypted every time there is the least change in it -- new entry added, entry edited, or entry deleted. Roster.txt.enc resides in the MarpxPrivacy directory.


MarpX Privacy