QUICK START for Personal Data Security 2
TABLE OF CONTENTS:
1. ACCELERATOR KEYS
2. OVERVIEW OF THE APPLICATION
3. THE QUICK START
1. ACCELERATOR KEYS
Menu: ----------------------------------------------------------- Cmd + Shift + Key - Mac Ctrl + Shift + Key - Linux / Windows A - About PDS * N - New Note C - Close Note O - File Locations D - Delete File P - Password Generator E - Edit Note Q - QuickStart * F - Encrypt File R - Save Note As G - Decrypt File S - Save Note H - Encrypt Directory T - View KeyStore I - New KeyStore U - Edit KeyStore J - Decrypt Directory V - View Note K - New Key X - Exit * L - View Key Y - Settings M - Edit Key Z - Import License * Unavailable with Mac Look & Feel Editor: ----------------------------------------------------------- Cmd + Key - Mac Ctrl + Key - Linux / Windows Key: X - Cut Z - Undo C - Copy Y - Redo V - Paste
PDS helps protect your confidential digital information. It does so by providing a few simple ways to encrypt and store that information. The recall of your information is also simple; available in ways that fit many computing lifestyles.
PDS was designed to be installed within a Linux, Mac or Windows Desktop environment. PDS can also be installed to a USB drive, using either the Desktop configuration or a configuration unique to the USB instance. PDS maintains different configuration states for Linux, Mac and Windows, so whichever OS the USB device is plugged into, that is the PDS configuration state that will be used.
Regardless of the installation type, Desktop or USB, PDS will:
1) Secure information, such as authentication credentials, in an easily accessible format.
* Use PDS to create Notes that can be securely edited or viewed read-only. * Import text files into secure PDS Notes.
2) Backup your data in a format suitable for archival purposes.
* Encrypt any files that are supported by your Operating System. * There are no size limitations imposed by PDS. * Encrypt individual files or recursively encrypt directories. * Linux users can also encrypt files and directories directly to tape drives.
3) Retrieve your information without disrupting the encrypted archive copy.
* View the files in an encrypted directory archive. * Extract the files in an encrypted directory archive. Options include: * Extract all the files. * Extract only the files that match a specific sequence of characters. * Extract all the files to a compressed ZIP file. * And of course, decrypt files that were encrypted individually.
4) Encrypt information that you need to transfer across unsecured areas.
Things to know about PDS:
1) No temporary copies of your files are made on persistent storage.
* Notes are only decrypted in RAM. * Files and directories are encrypted and decrypted directly via streams.
2) Credentials in RAM are zeroed after use.
Access to your data requires a Key, and every Key is protected by your authentication credentials. This makes it possible to carry your confidential information on your USB drive, or burned to disk, with a level of protection that your information will not be compromised if the media is lost or stolen.
Most of us have several, or more, sets of authentication credentials to manage. By using PDS Notes, you can secure and organize all of your authentication credentials in one tool that runs anywhere there is a Java 6 or newer (preferably newer) runtime. Further, you can create one master Note that contains the authentication credentials for all the other Notes and encrypted files and directories that you will create in PDS. This means that you will only need to remember one set of credentials, and those credentials will provide access to all your other credentials. Further, this also means that your digital information can be securely available to you - anytime, anywhere.
To start using PDS, please review the Users Guide at https://www.trustpds.com. For the impatient, please continue to the actual QuickStart below. Before you know it, you will be encrypting your files and protecting your digital information using very-high grade encryption. How high is the encryption quality? Well, PDS is able to provide encryption via the AES algorithm sing Key sizes up to 256 bits. While that in itself is a very good start, any implementation that has flaws will only be as strong as the weakest known flaw. For that reason, details of the cryptographic implementations and their use within PDS are described on the PDS wiki. Having tried to follow the best practices to deliver a secure encryption solution possible using the Java language, I hope that awareness of the implementation details will help uncover flaws, either now or if they appear in the future.
3. THE QUICK START:
PDS provides the ability to create encrypted notes that can be edited or viewed (a read-only edit) within the PDS GUI. These notes remain internal to PDS and are referred to as PDS Notes, or just Notes.
Encrypted files that PDS creates from existing files, such as office documents, multimedia files, archive files, etc., are external to PDS and cannot be viewed or edited within PDS. These files are referred to within PDS as "External" Files (or just Files). Similarly, a directory can be recursively encrypted by PDS, and the result is a (External) File.
PDS also supports encrypting Notes, or Files, several times over. As you would expect, the Notes will not be able to be viewed or edited until they have been decrypted back to their initial encryption state - as a Note.
All PDS-encrypted Notes and Files must be associated with an encryption key. Similarly, each encryption Key must be associated with one KeyStore. Therefore, before you can create a Note or encrypt a File, you must first create a new KeyStore to hold your Key(s) and then create a new encryption Key.
Creating a KeyStore and an encryption Key are easily accomplished within PDS by following the steps below.
Creating a KeyStore:
1. Within the GUI, select KeyStore -> New... (or click on the KeyStore icon)
2. In the New KeyStore dialog, type in a name for your KeyStore (e.g. myks).
3. Type in a complex (a) set of Credentials for your KeyStore, twice.
4. Select Create. (b)
(a). Complex being either 16 (or more) characters, or 8+ characters consisting of both upper and lower case A-Z characters and at least one other character.
(b). Note that in each dialog, pressing the ENTER key in the final required text field will submit the information, thus avoiding having to click the "Create" button. This behavior is expected to work in all PDS dialogs.
Creating a new Key:
1. From the GUI, select Key -> New... (or click on the Key icon)
2. In the New Key dialog, type in an Alias (name) for your Key. (e.g. mykey)
3. Select the Cipher type and strength.
4. Type in a complex* set of Credentials for your Key, twice.
5. Select your KeyStore.
6. Type in the Credentials for your KeyStore.
7. Keep the "Default Key" checkbox checked.
8. Select Create.
Congratulations! You have not only created a new Default Key, but you have also completed the dialog that requires the most typing.
The next step is to start creating Notes, encrypting files, and yes, encrypting directories as well. There's quite a bit to of flexibility that you have with PDS related to encryption. For example, many people will need only one Key, and thus just one KeyStore. Others may create multiple KeyStores, each holding multiple Keys, with each Key containing unique complex Credentials (all the while tracking all of those Credentials in one *master* PDS Note.) Beyond that, others may even choose to encrypt their encrypted files a second (or more) time with a different Key.
While the aforementioned strategies are already in use today, this QuickStart will end with something simple; namely, creating a single Note.
Creating a new Note:
1. From the GUI, select Note -> New... (or click on the new Note icon)
2. In the New Note dialog, type in the name of your new Note. (e.g. mynote)
3. Press Enter, or select the Create button.
This request keeps both the Plain Document and Default Key selected.
4. At the Authentication dialog, type in the Credentials for your Key.
5. Press Enter, or select Accept.
Your new PDS Note will be created and opened for editing.
For more information, please consult the Users Guide and the Release Notes,each of which are available online at https://www.trustpds.com.
A small text file that ends with a .PDS extension and is able to be viewed or edited within the PDS text viewer or editor.
A PDS File could be one of two types of files:
1. A file that has been encrypted using this application, but is not suitable for viewing or editing within the PDS text viewer or editor. This type of file would typically be created outside of PDS, however, a PDS Note could be encrypted a second time (using another Key), making the output of the second encryption a PDS File.
2. A directory that was encrypted by PDS becomes a PDS File, though it actually contains the encrypted contents of a directory.
PDS files may be encoded in one of two formats - Base64 or Binary. Notes are encoded Base64, whereas External files default to Binary. Base64 (8b/10b) takes 8 bits and maps them to 10 bits, adding 25% to the size of each file. This is negligible for the typical Note, but for large files it becomes significant. Nevertheless, a good PDS use case for encoding External files using Base64 is to convert a non-PDS text file into a PDS Note. With PDS, you can encrypt any text file using Base64, and after that it will function as a PDS Note.
PDS supports the encryption of files, and it also supports the encryption of directories. To conserve space, directories may be compressed at a level of your choosing prior to being encrypted. When decrypting a directory, you'll have the choice of output format: 1) a single ZIP file, or 2) the files and directories extracted to the file system.
A KeyStore is a Java component that is designed to hold cryptographic objects - like Keys. A KeyStore may hold one or more objects. Inside a KeyStore, keys are referenced by a unique, and always lower case, Alias. A KeyStore is protected from modification by your Credentials. Modifying the KeyStore for ANY reason requires the KeyStore Credentials. Examples of this include adding or deleting Keys. Tampering with a KeyStore without the KeyStore Credentials will result in detection, so it's always a good idea to secure your KeyStore with complex Credentials.
Symmetric Key (Key):
A key is a number of bits (0's and 1's) that fit into a cipher and help mask the cleartext data. Symmetric Keys are called symmetric because the same bits that encrypt the data also decrypt the data. Keys are different sizes based on the algorithms and strengths in which they will be used. For example, algorithms like AES have different implementations that allow them to use different sized Keys. As the encrypted data is what we want to protect, this boils down to protecting the Key. Getting a Key from the KeyStore does not require the KeyStore Credentials, so the Credentials for each Key is the only line of defense. PDS helps enforce Key security by requiring a fair amount of complexity your Credentials.
You may think of a Cipher as a purpose-built machine that is built using a number of other cryptographic components. Some of those components have already been discussed here, but more have not. When a cipher is initialized, it is initialized for either encrypting or decrypting. If initialized for encrypting, "cleartext"is fed into it and "ciphertext" is received out. Just the opposite is true when a cipher is initialized for decrypting.
Public Key Cryptography (PKC):
PKC differs from the Symmetric Ciphers in that PKC uses two different, but connected keys; Encryption done with one Key is then decrypted with the other Key. In practice the owner of the key pair keeps one key private and distributes the other to the public. Algorithms that use this approach include RSA, DSA and ElGamal. PDS does not currently support PKC.
Certificate (or Certificate Chain):
A Certificate is public Key, along with a trusted Chain of Certificates that verify the authenticity of that Key. Most of us are familiar with this when our web browser trusts a https:// website. How did it know to trust that website? Because the certificate the web server presented was trusted (signed, and more) by some entity that our browser had in its "Chain of Trust". Certificates are another type of "object" that may be stored in a KeyStore.