RELEASE.NOTES

Personal Data Security (PDS)
Copyright (c) 2009, 2010, Brett Lee, Ph.D.
All rights reserved.

http://brettlee.com/pds/
pds@brettlee.com


Contents:
===============================
1.  Legal Warning
2.  Starting the Application
3.  Troubleshooting
4.  Known Issues
5.  Desired Enhancements
6.  Change Log





1. Legal Warning:
===============================

Use of Personal Data Security (PDS) is illegal in countries where
encryption is outlawed.



2. Starting the Application
===============================

Note: These details only apply to users of the ZIP file.  You can ignore
      this section if the application was installed with Java Web Start.

Prior to starting the application, you **MUST** extract the JAR file
to disk-based storage.  When first started, the application creates
a small directory structure relative to the JAR file.  Without that
directory structure in place, this application may not function.


Start the application:

	GUI::  Right (or double) click the JAR file
	CLI::  java -jar path/to/file/pds.jar


CLI execution - detached from the console:

	Windows::  javaw -jar  path/to/file/pds.jar
	Unix::     nohup java -jar path/to/file/pds.jar &


** For releases prior to 007, you **must** issue the startup command from 
   within the directory containing the JAR (e.g. `java -jar pds.jar`)



3. Troubleshooting: 
===============================

I.  Debugging:

General:

Execute the jar from the command line and observe any output.  Messages
sent to the console exist but are very limited; instead, popup dialogs 
are used to indicate problems.

Memory:

When editing large files (> 10 MB) you may run out of memory on the heap.

To help with this you can adjust the startup and maximum heap size using
a variation of these parameters:

	-Xmn16m		(start with 16 MB)
	-Xmx256m	(set the maximum at 256 MB)

For example:
	java -jar -Xmn16m -Xmx256m pds.jar

Obviously, the values you use will depend upon your system, and this
will only get you so far.  Ideally, the program should use a paging 
mechanism when editing large files rather than trying to swallow them
whole.  If you need to work with very large files you can create and save them
using a standard editor and then encrypt / decrypt them using PDS, as only the
editor has the memory limitation.


II.  KeyStores:

When the application starts, it creates the following directories:

	mydata/mykeys	(for keystores and keys)
	mydata/myfiles	(for data files)

You do not have to create your files there.  When you create a new
encrypted file, the encrypted file will contain the absolute path
to the keystore at the time it was created.  When opening the file
the application will look there first.  If the keystore is not there
the application will check "mydata/mykeys" for a similarly named
file.  If one is not found there, a prompt will be issued.

** Note that the prompt is currently not implemented.  In the meantime
you can make a backup of the file and edit the backup, or you can
copy the keystore to the "mydata/mykeys" directory.


III.  Encrypted Files:

Encrypted files can be created, copied or moved anywhere.  Each file needs
access to the keystore in the path indicated in the files' header.


IV.  For more instructions, please see:

Help -> Contents in the application.
http://brettlee.com/pds/




4. Known Issues:
===============================




5. Requests for Enhancement:
===============================

Usability:
 - Add additional columns in the Edit Keys dialog to show both the cipher and
   the strength of all keys in the keystore.
 - Ability to select multiple files for encryption/decryption
 - Ability to Transfer Cipher Keys between KeyStores (for now, use "keytool")
 - Add the ability to select a cryptography provider (namely, Bouncy Castle).
 - Before enabling the ability to select a certain Key/Padding/CBC combinarion,
     ensure that the system support this (e.g. DES/112).  This is currently
     done for AES keys over 128, but complete checks are needed.
 - Implement the editing options undo and redo
 - Cancel currently executing encryption of external file
     Long running encryption jobs do not have the ability to be canceled
     Should start these jobs in a new thread and provide a progress dialog
     with the option to cancel the job.
 - Provide a the ability to browse for key if the key is not found.
     The absolute path to the keystore is stored in each encrypted file.
     As this application is meant to work from multiple hosts and operating systems,
     if the keystore is not found via the absolute path, the application makes a 
     second check for the keystore in a directory tree relative to the JAR file;
     that directory is ./mydata/mykeys.  If the keystore doesn't exist there,
     the application prints a message but does not present a dialog to browse for 
     the keystore.  In this event the keystore is not found and you will not be
     able to open the encrypted file.
 - Widening the Internal Frame resets the horizontal scrollbar to the widest width.
     It would be preferable to have the horizontal scrollbar resize when the
     JInternalFrame was resized, but there is no window resize event for this
     component.  Iconifying and de-iconifying was the closest event I saw, but
     that was not ideal either, so would like to find a solution to this.

Increased Security:
 - Text in the PDS text editor is not completely scrubbed from RAM after use.
     The text is stored in Document object and added to the Document via an
     immutable String.  Encryption + Strings == Gasp!
 - Support for Key Wrap (but how to protect the wrapping key?)

PKI:
 - Generating and storing PKC Cipher Keys
 - Encrypting/decrypting external data files using PKC
 - Support of JKS KeyStore's for PKI

Debug: 
 - Accept a "--debug" option for verbose output to the console (or GUI?)
 - Optional logging window on the bottom of the GUI for monitoring console messages



6. Change Log:
===============================

0.020.03 - December 26, 2009 - Bug Fix - Brett Lee
* Failed authentication no longer results in a edit/view window being opened
  - Prior to this, a indeterminate warning dialog was displayed prior to
    opening an invalid view/edit window
* Edit window now opens with the cursor at the beginning of the first line
* Editing for uniformity in both website & email for application support
  - now http://brettlee.com/pds/ & pds@brettlee.com
* Editing of selected text as appropriate
* Application self-signed with a new key


0.020.02 - August 15, 2009 - Additional Functionality - Brett Lee
* Creating a new keystore now supports manually entering the keystore name
  - New KeyStore names may now be provided manually or using the FileChooser
  - If "path" is not provided, the keystore will be created in the default location
* Creating a new file now supports manually entering the file name
  - New File names may now be provided manually or using the FileChooser
  - If "path" is not provided, the file will be created in the default location


0.020.01 - July 05, 2009 - Additional Functionality - Brett Lee
* Minor cosmetic changes
  - Updated text in some dialogs
  - Additional use of PDS logos in dialogs
* Re-added support for key sizes greater than 56 bits
  - This application does NOT provide FULL support for generating keys
  - Instead, it USES the existing Java runtime, and thus this application alone
    does NOT deliver full support for cryptography and thus does not seem to be
    a breach of current US export restrictions on cryptography
  - Still, have sent 3 correspondences to BIS & NSA to make sure (no response),
    as am wanting to follow the rules as best I can


019 - June 17, 2009 - "Web Start Release" - Additional Functionality - Brett Lee
* All dialogs should now be modal
* Executable Jar is now self-signed
* Class files are now obfuscated prior to signing
* PDS Logos appear in application and as a splash-screen icon during startup
  - Logos are the creation of Karen Kroll at Katnap Designs (karen@katnapdesigns.com)


018 - June 6, 2009 - Additional Functionality - Brett Lee
* Added CBC as the standard mode of encryption/decryption
* Added PKCS5Padding to all encryption/decryption operations
* Either of these render all files encrypted with previous releases
  incompatible with this release
  - Kinda harsh, but it needed to be done
  - Application is not in widespread use, so ...


017 - June 4, 2009 - Additional Functionality - Brett Lee
* Removed support for creating keys stronger than DES (56 bits)
  - See http://www.bis.doc.gov/encryption/default.htm
  - This will be changed once approval has been received
  - Pending review, all previous releases have been removed from distribution
* Added a check and notification of the JCE policy installed
  - Strong vs. Unlimited
  - Displayed in the title bar and key availability dialog
* Added support for AES 192/256 key creation if Unlimited policy in place
  - Currently disabled pending BIS review
* Added a dialog explaining key availability during key creation
* Changed the required passphrase length from 10 chars to 8 in all cases
* Removed the build # from the title bar


016 - May 27, 2009 - Additional Functionality - Brett Lee
* Added support for mandating more rigorous passphrases
  - 10 characters or more, upper and lower case, plus some other character.


015 - May 27, 2009 - Additional Functionality - Brett Lee
* Added support for Editing Cipher Key properties:
  - Support editing Cipher Key passphrase.
  - Support deleting a Cipher Key from a KeyStore.
  - Support for setting a Cipher Key to be the Default Key.


014 - May 22, 2009 - Additional Functionality - Brett Lee
* Added the ability to change a KeyStore passphrase
    ( A very risky operation, should backup the KeyStore first )


013 - May 21, 2009 - Additional Functionality + Bug Fix - Brett Lee
* Implemented the "Save As..." functionality while using the editor
* Consolidated two sections of code pertaining to saving dirty pages when closing a InternalFrame
* Stopped printing a debug message to the console during execution


012 - May 19, 2009 - Additional Functionality + Bug Fix - Brett Lee
* Added the ability to Cancel the closing of an editor window (JInternalFrame)
* Set the WAIT Cursor appropriately when encrypting files (i.e. close dialog, set cursor, encrypt...)


011 - May 18, 2009 - "Performance Release" - Additional Functionality + Performance + Bug Fix - Brett Lee
* Performance improvements in the I/O when encrypting and decrypting PDS files.
  - Many thanks to David Lee (dlee@calldei.com) for your EXPERT guidance on this topic.!
* Added support for a default key.  Used correctly, authentication prompts limited to once per file.
* New file format supports the metadata first, increasing performance for initial authentication.
  - No effort was made to maintain backward compatibility for earlier releases.
* Removed some old (pre-CypherStream) code from the CryptoEngine methods.
* Added the "Close" option functionality for the File Menu drop-down.  Supports closing internal frames.
* Added checks for any unsaved changes when attempting to close the entire application.
* Bug fix: Resolved the long delay issue seen when opening files on NFS/Samba shares from Windows.
* Bug fix: Resolved the issue where a keystore could not have "#" in its path - using a better regex.
* Bug fix: Save and Close options are now enabled when file is opened for edit.


010 - May 12, 2009 - "BSD release" - Additional Functionality + Bug Fix - Brett Lee
* BSD License added to the source code and application.
* Multi-Document Architecture (MDA) now supported.
* Now using a stream cipher to support larger files:
  - Encryption of external files appears unlimited.
  - Native (editor) files limited by JVM memory (see "Troubleshooting" for increasing).
* Added detection of any unsaved changes prior to closing each document.
* Added scrubbing of the cleartext passphrases after the encryption/decryption processes.
  - See Bug list for remaining issue with Strings.
* All dialogs should now be modal.
* Added success / fail dialogs to indicate status after creating Keys and KeyStores.
* Added prompt before overwriting existing keystore with a new keystore.
  - Overwriting a Key was already being prompted.
* Added prompt before overwriting existing files during encryption/decryption.
* Added accelerator keys providing better ability to navigate the GUI via the keyboard
* Added ability to hit enter (as opposed to just spacebar) when button is focused
  - See: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4224702
* Short circuited code so that failed passphrases end traversal of the current path
* When a KeyStore is not found, a passphrase prompt is no longer issued for that KeyStore
* Added additional error handling and confirmation.
* Added appropriate filters to the file browser.
* Minor menu naming changes - functionality not affected.
* Tried to change all "Keystore" text to "KeyStore" for uniformity
  - Found the JRE uses "KeyStore" for classes and "Keystore" for exceptions
  - Thus, exceptions should be the exception to the rule
* Release notes updated with some material from PDS web pages.


009 - April 23, 2009 - "External Files release" - Additional Functionality - Brett Lee
* Added support for the encryption of external files.
   - CryptoFile is now subclassed by CryptoFileNative and CryptoFileExternal.
* New encrypted files now have the extension (.PDS) added.
   - The extension is removed when decrypting the file.
* Select Key Dialog
   - Added a scrollbar to the "Select Key" dialog
   - Sized the JTable appropriately.
   - Removed the ability to edit the JTable contents.
* Added additional error handling and validation.
   - Validating the keystore.
   - Encryption and Decryption.
   - Prompts before overwriting (some still remain).
* Moved the "External Files" menu item from the Tools to the Files section.


008 - April 3, 2009 - "USB/CDROM release" - Additional Functionality - Brett Lee
* Added support for external USB's that render existing filenames in an upper case 8.3 format.
   - A known example is where the USB port is on a USB CDROM.


007 - March 28, 2009 - "David release" - Additional Functionality - Brett Lee
* Changed some dialog buttons from "Close" to "Cancel"
* Implemented the ability to cancel along the "Create File" trail of dialogs
* Implemented a system check at startup to initialize mydata/mykeys directories
   - Removed the directories from the release
* Updated the runtime so that the JAR no longer needs to be started from a script
   - It can now be executed from anywhere (e.g. `java -jar /path/to/pds.jar`)
   - Removed the startup scripts from the release
* KeyStores (keys) are now able to be located anywhere
* Cross platform support now realized, tested on Red Hat and Windows XP
   - Create on one, read on the other
* Help -> Contents is now much shorter and refers to a page on the Internet

** In terms of improvement, this release is a significant milestone.
   - All previous releases are being obliterated.
   - Many thanks for your advice, suggestions and guidance David (dlee@calldei.com).


006 - March 24, 2009 - Additional Functionality - Brett Lee
* Added confirmation prompts prior to overwriting existing files, keys or keystores


005 - March 23, 2009 - Additional Functionality - Brett Lee
* Added some checks of the input when creating new files, keys and keystores
* Added confirmation passphrases when creating new keys and keystores


004 - March 16, 2009 - Initial Public "Offering"- Brett Lee
* Changed the Logo and Application Name to support a wider distribution


003 - February 30, 2009 - "OO Build" - Limited Distribution - Brett Lee
* Incorporated OO Design
   - Came up with UML and Objects / Methods
   - Reworked existing functionality to be OO


002 - February 24, 2009 - Additional Functionality - Limited Distribution - Brett Lee
* Minor enhancements


001 - February 23, 2009 - Initial Build - Limited Distribution - Brett Lee
* Proof of concept
   - Ability to Encrypt and Encode to storage
   - Ability to Decode and Decrypt from storage