Release Notes 2.x

From Personal Data Security: Encryption to Fight Cybercrime and Identity Theft
Jump to: navigation, search

RELEASE NOTES - Personal Data Security 2

Before using PDS, please verify the authenticity of the application you have received.
The steps to verify the application can be found on the PDS Wiki under "Validating a release".

Use of Personal Data Security (PDS) may be illegal in countries where the encryption of
personal data is illegal.  Wikipedia has a list of countries and their import restrictions
related to cryptography: 

PDS is a data security product that provides affordable unlimited strength encryption in an
easy to use application.  PDS does not provide the actual encryption components; those are
provided by the trusted open source Java Cryptographic Extensions (JCE) within your Java
Runtime Environment (JRE).

PDS is not sold, but instead is licensed under the End User License Agreement (EULA) contained
within the application.  The EULA is displayed during initialization and is also available on
the PDS Wiki.

Before you run the application you will first need to extract the files from within the zip or
tgz file.  The extracted directory may then be moved to a more suitable place (e.g. Desktop,
Applications, Program Files, etc.).

Running the application consists of 2x clicking the PDS application (Mac) or the pds.jar file
(Linux / Windows).  Additionally, start up scripts exist to run PDS with extra options.  For
more information on the options, please refer to the PDS 2 Users Guide on the PDS Wiki.

Should PDS not start, please confirm that:

 1.  A suitable Java runtime environment (JRE) is installed.  Required is Java 6 or newer.
     Recommended is the latest JRE from Oracle.
 2.  For Mac release:  If prompted, the Java for OS X release from Apple should be installed.
               Please see below for more about Java for OS X.
     For Linux and Windows:  Ensure that a Java executable is in your path.  Also, Java
               should be configured to launch a jar file.  If this is uncertain, you may
               start PDS using an appropriate startup script or by manually running this
               command from a terminal window:
               $ java -jar /path/to/pds.jar

Once up and running, the Quick Start document within the application should be enough to get you started.

For more information about PDS, including the Users Guide, please consult the links below.

Sources for information:

	QuickStart: 	Within PDS - select the blue question mark.
	Users Guide:
	README.txt:	Within the software release.
	Change Log:	In the Release Notes.
	Release Notes:	This document.

Contact points include:


  • Known issues
 - When decrypting a directory, the last modification time will be correctly
   assigned to all files and directories.  However, as directories are decrypted
   first, when subsequent operations write decrypted contents into a
   directory, the time stamp on that directory will be updated to the current
   system time.  Should you need to maintain the time stamps on directories at
   the time of encryption, decrypting the directory to a ZIP file, and then
   extracting the contents of the ZIP file will maintain the directory time
 - The optional ZIP compression of directories is performed after the
   encryption of each file.  As encrypted (random) data does not compress very
   much, the value of enabling compression is limited.  Hence, the default
   compression level is 0 (none).

  • Known issues with Java
   Directory encryption and decryption relies upon the ZipEntry class.  This
   Java class does not provide full support for hard or soft links.  During
   directory encryption, both types of links are dereferenced, resulting in
   unique directories and files being written during decryption.  Also,
   canceling an operation while operating on a soft link to a file has been
   observed to result in an abrupt (no clean-up) end to the operation.
   These bugs appear to be the same JRE bug.  When hit, a BadPaddingException
   (BPE) will be thrown.  If seen in PDS, it will typically be after
   decrypting a directory.  In older JRE's, the exception was (correctly)
   ignored, but JRE changes caused the BPE to be thrown when calling close()
   on a CipherInputStream that had not been read to the end of the stream.
   It seems that newer JRE's are again not throwing this exception when
   closing a stream that has not been read to the end.  PDS uses ZIP streams
   when encrypting directories, and it appears that the decryption of a ZIP
   stream may read less that written; thus the exception.  PDS suppresses
   this exception within the GUI but logs the exception to standard error.
   To prevent logging of the BPE, the best solution is to upgrade to the
   latest JRE.  Alternatively, the exception only seems to be seen when
   extracting files; thus, decrypting a directory to a ZIP file (instead of
   extracting the files) is an alternative to replacing the JRE.  For
   effected versions of Java, please see the referenced URLs above.
   Note that Zip64 was implemented in Java 7 (u55).  Prior to that ZIP
   archives were limited in both size (~4GB) and files (65536).

  • Known issues with Java - Mac only
 - With the release of Java 9, certain legacy Java libraries, including those
   that provide the Mac look and feel, have been migrated to the OpenJDK.
   The migration made access to the legacy libraries unavailable from Java 9
   forward.  For that reason, PDS releases for Mac now include a release for
   Java 6-8 and a second for Java 9+.
 - Certain keystroke shortcuts are not available on Mac.  This is documented
   in the PDS QuickStart.
 - Selecting the native option to "Quit PDS" will result in the Quit dialog
   being displayed once.  If canceled, another option to Quit must be used.
 - A number of Java applications, including PDS, have crashed, possibly due
   to certain display devices.  Related issues in the OpenJDK are 8057830,
   8133783, 8146278 and 8173981.

Change Log - 2.3.2 Release

  • Bug Fixes
 - Corrected the Save Note tooltip to display the correct tip.
 - Fixed the inability to properly cancel a thread encrypting a directory.
   This issue was only able to be demonstrated on Windows.
 - PDS icon on title bar of Notes distorted - so removed.  Mac/Java 9 only.
  • Improvements
 - Support for Java 9+ on Mac.
 - Added new feature for a non-persistent override of the default setting
   for the progress monitor when encrypting a directory.
 - Updates to several dialogs.
 - Additional licensing options to support
 - Default output directory for encrypted files/directories changed to the
   same directory as the source. 

Change Log - 2.3.1 Release

  • Bug Fixes
 - In one scenario of appending the time and time zone to encrypted
   files and directories, time stamps were not being added as expected.
  • Improvements
 - Additional dialogs to relay information.
 - Additional CLI information displayed via the "showcrypto" argument.
 - Updates to the QuickStart.

Change Log - 2.3 Release

  • Improvements
 - Minor changes to licensing and a few other dialogs.

Change Log - 2.2.2 Release

  • Improvements
 - Check for active encryption/decryption jobs when closing PDS.  Display
   jobs and confirm the close request if any jobs are found.  The check is
   performed before the existing confirmation that the contents of all
   Notes has been saved to persistent storage.
 - Prevent multiple instances of the QuickStart dialog.
 - Changed the default settings for password generator.
 - Enable all options by default.
 - Added the option "Always prompt to exit?"
 - Display Linux/Unix instead of just Linux in selected dialogs.
 - Add Java "" to selected dialogs.

Change Log - 2.2.1 Release

  • Improvements
 - Very minor updates and bug fixes for modality, dialogs, and the
   default settings.

Change Log - 2.2 Release

  • Improvements
 - Improved modality for better interaction among the PDS components.
 - Progress Monitor Dialogs - Mac only
   Various issues have been observed when Progress Monitor Dialogs were
   enabled.  These issues include instances of out of sync progress
   indicators as well as unexpected behavior when selecting the Cancel.
   button.  This release applies a consistent workaround in the Cancel
   operation, and with that the Cancel operation now appears to function
   as expected.
 - Changes to Accelerator Keys.  Keys D, F, G and H are now encryption
   (Directory and File) and decryption (File and Directory), respectively.

Change Log - 2.1.1 Release

  • Improvement
 - Moved the assignment of the Mac Look and Feel from an external
   configuration parameter to an internal component of the PDS app.
   By doing this, Mac users who do not wish to install Java 6 from
   Apple will still be able to run PDS with the Mac Look and Feel - by
   executing the JAR file directly.  A side effect of starting PDS in
   this manner is that the PDS images that are specific to Mac will
   display as Java or Apple images.

Change Log - 2.1 Release

  • New Features
 - The option to add configurable time stamps to encrypted PDS Files
   and Directories during the encryption process.  Time stamps may
   include the date, time, time zone, or any combination of the three.
   For encrypted PDS Directories there is also the option of adding a
   time stamp to the name of the PDS encrypted Directory without
   adding it to the contents of the encrypted Directory.
 - A configurable password generator that will use a small set of
   characters (A-Z, a-z and 0-9) or a much larger set of characters.
   The number of characters in the password is configurable.  There
   is also an option to copy the newly generated password to the
   system clipboard.
 - The ability to clear the contents of the system clipboard.
 - Improved modality among the PDS Dialogs, to better facilitate
   interaction between different components within the application.
 - A free (as in beer) release.

Change Log - 2.0 Release

  • Security
 - Generation of Secret Keys is improved:
   Replaced the KeyGenerator class with the SecretKeyFactory class.
   PDS uses SecureRandom to generate a 64-bit salt that is fed into
   PBKDF2-HMAC-SHA1 to hash the Secret Keys' passphrase 65536 times.
 - Initialization Vector:
   Replaced the static Initialization Vector (IV) with a unique IV
   (generated by SecureRandom) for every file.  Each unique IV is
   contained within the metadata of the PDS file.
 - Resolved edge cases where the Key and/or KeyStore passphrases
   were not being scrubbed from memory after use.  Added debugging
   of the scrubbing passphrases into the application.  To enable
   and observe, please see the "Improvements" section below.
 - Restricted the scope of classes and methods.
  • New Features
 - Added more decryption options (e.g. verification only).
 - Added support for both Plain and Styled Documents.
 - Added the ability to import plain text files into PDS Notes.
   To import a file, select the "File->Encrypt->File" option within
   PDS and select Base64 encoding; the result will be a PDS Note.
 - Added the ability to use non-rewinding tape devices to encrypt and
   decrypt records on magnetic tapes.
 - Added new warning dialogs where appropriate.  Some can be disabled
   and re-enabled.
 - Added the ability to view and edit encryption Keys.
   There are two views:  Information (Algorithm and Size) and Details.
 - Added the ability to display the current Default Key.
 - Added settings to manage the optional dialogs within the application.
 - Maintaining the backward compatibility with earlier Notes and Files.
  • Improvements
 - Better support for Mac - Implemented Mac look and feel.
 - Fine grained control over authentication.
   In previous releases, some dialogs unnecessarily prompted for
   both the KeyStore and Key credentials when only one was needed. 
   This release prompts for the minimal amount of credentials required.
 - More robust error messages in dialogs.
 - Verification of the clearing of authentication credentials.
   To enable, set:	showzero=true
     e.g.  $ java -Dshowzero=true -jar /path/to/pds.jar
   PDS will attempt to clear the credentials as soon as possible, printing
   the result to the terminal window.
 - Verification of the cryptographic functions.
   To enable, set:	showcrypto=true
   PDS prints selected cryptographic operations to the terminal window.
 - PDS uses the universalJavaApplicationStub to start the JVM on Mac.
   This open-source product provides the much needed support for newer
   JREs on OS X.  Thank you Tobias!  For more information, please see:

(C) PDS Software Solutions LLC, 2016
By using this website, you signify that you agree to be bound by the express terms of use.
We value your privacy.
Personal tools