Release Notes 2.x
RELEASE NOTES - Personal Data Security 2
Before using PDS, please verify the authenticity of the application you have received. The steps to verify the application can be found on the PDS Wiki under "Validating a release". Use of Personal Data Security (PDS) may be illegal in countries where the encryption of personal data is illegal. Wikipedia has a list of countries and their import restrictions related to cryptography: http://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography PDS is a data security product that provides affordable unlimited strength encryption in an easy to use application. PDS does not provide the actual encryption components; those are provided by the trusted open source Java Cryptographic Extensions (JCE) within your Java Runtime Environment (JRE). PDS is not sold, but instead is licensed under the End User License Agreement (EULA) contained within the application. The EULA is displayed during initialization and is also available on the PDS Wiki. Before you run the application you will first need to extract the files from within the zip or tgz file. The extracted directory may then be moved to a more suitable place (e.g. Desktop, Applications, Program Files, etc.). Running the application consists of 2x clicking the PDS application (Mac) or the pds.jar file (Linux / Windows). Additionally, start up scripts exist to run PDS with extra options. For more information on the options, please refer to the PDS 2 Users Guide on the PDS Wiki.
Should PDS not start, please confirm that:
1. A suitable Java runtime environment (JRE) is installed. Required is Java 6 or newer. Recommended is the latest JRE from Oracle.
2. For Mac release: If prompted, the Java for OS X release from Apple should be installed. Please see below for more about Java for OS X. For Linux and Windows: Ensure that a Java executable is in your path. Also, Java should be configured to launch a jar file. If this is uncertain, you may start PDS using an appropriate startup script or by manually running this command from a terminal window: $ java -jar /path/to/pds.jar
Once up and running, the Quick Start document within the application should be enough to get you started.
For more information about PDS, including the Users Guide, please consult the links below.
Sources for information:
Website: https://www.trustpds.com Wiki: https://www.trustpds.com/wiki QuickStart: Within PDS - select the blue question mark. Users Guide: https://www.trustpds.com/wiki/index.php/Users_Guide_2.0 README.txt: Within the software release. Change Log: In the Release Notes. Release Notes: This document.
Contact points include:
Question: email@example.com Bug: firstname.lastname@example.org Security: email@example.com Suggestion: firstname.lastname@example.org
- Known issues
- When decrypting a directory, the last modification time will be correctly assigned to all files and directories. However, as directories are decrypted first, when subsequent operations write decrypted contents into a directory, the time stamp on that directory will be updated to the current system time. Should you need to maintain the time stamps on directories at the time of encryption, decrypting the directory to a ZIP file, and then extracting the contents of the ZIP file will maintain the directory time stamps. - The optional ZIP compression of directories is performed after the encryption of each file. As encrypted (random) data does not compress very much, the value of enabling compression is limited. Hence, the default compression level is 0 (none).
- Known issues with Java
- https://bugs.openjdk.java.net/browse/JDK-6550137 https://docs.oracle.com/javase/8/docs/api/java/util/zip/ZipEntry.html Directory encryption and decryption relies upon the ZipEntry class. This Java class does not provide full support for hard or soft links. During directory encryption, both types of links are dereferenced, resulting in unique directories and files being written during decryption. Also, canceling an operation while operating on a soft link to a file has been observed to result in an abrupt (no clean-up) end to the operation. - https://bugs.openjdk.java.net/browse/JDK-8064546 https://bugs.openjdk.java.net/browse/JDK-8061619 These bugs appear to be the same JRE bug. When hit, a BadPaddingException (BPE) will be thrown. If seen in PDS, it will typically be after decrypting a directory. In older JRE's, the exception was (correctly) ignored, but JRE changes caused the BPE to be thrown when calling close() on a CipherInputStream that had not been read to the end of the stream. It seems that newer JRE's are again not throwing this exception when closing a stream that has not been read to the end. PDS uses ZIP streams when encrypting directories, and it appears that the decryption of a ZIP stream may read less that written; thus the exception. PDS suppresses this exception within the GUI but logs the exception to standard error. To prevent logging of the BPE, the best solution is to upgrade to the latest JRE. Alternatively, the exception only seems to be seen when extracting files; thus, decrypting a directory to a ZIP file (instead of extracting the files) is an alternative to replacing the JRE. For effected versions of Java, please see the referenced URLs above. - http://bugs.java.com/view_bug.do?bug_id=4681995 Note that Zip64 was implemented in Java 7 (u55). Prior to that ZIP archives were limited in both size (~4GB) and files (65536).
- Known issues with Java - Mac only
- With the release of Java 9, certain legacy Java libraries, including those that provide the Mac look and feel, have been migrated to the OpenJDK. The migration made access to the legacy libraries unavailable from Java 9 forward. For that reason, PDS releases for Mac now include a release for Java 6-8 and a second for Java 9+. - Certain keystroke shortcuts are not available on Mac. This is documented in the PDS QuickStart. - Selecting the native option to "Quit PDS" will result in the Quit dialog being displayed once. If canceled, another option to Quit must be used. - A number of Java applications, including PDS, have crashed, possibly due to certain display devices. Related issues in the OpenJDK are 8057830, 8133783, 8146278 and 8173981.
Change Log - 2.3.2 Release
- Bug Fixes
- Corrected the Save Note tooltip to display the correct tip. - Fixed the inability to properly cancel a thread encrypting a directory. This issue was only able to be demonstrated on Windows. - PDS icon on title bar of Notes distorted - so removed. Mac/Java 9 only.
- Support for Java 9+ on Mac. - Added new feature for a non-persistent override of the default setting for the progress monitor when encrypting a directory. - Updates to several dialogs. - Additional licensing options to support Amazon.com. - Default output directory for encrypted files/directories changed to the same directory as the source.
Change Log - 2.3.1 Release
- Bug Fixes
- In one scenario of appending the time and time zone to encrypted files and directories, time stamps were not being added as expected.
- Additional dialogs to relay information. - Additional CLI information displayed via the "showcrypto" argument. - Updates to the QuickStart.
Change Log - 2.3 Release
- Minor changes to licensing and a few other dialogs.
Change Log - 2.2.2 Release
- Check for active encryption/decryption jobs when closing PDS. Display jobs and confirm the close request if any jobs are found. The check is performed before the existing confirmation that the contents of all Notes has been saved to persistent storage. - Prevent multiple instances of the QuickStart dialog. - Changed the default settings for password generator. - Enable all options by default. - Added the option "Always prompt to exit?" - Display Linux/Unix instead of just Linux in selected dialogs. - Add Java "os.name" to selected dialogs.
Change Log - 2.2.1 Release
- Very minor updates and bug fixes for modality, dialogs, and the default settings.
Change Log - 2.2 Release
- Improved modality for better interaction among the PDS components. - Progress Monitor Dialogs - Mac only Various issues have been observed when Progress Monitor Dialogs were enabled. These issues include instances of out of sync progress indicators as well as unexpected behavior when selecting the Cancel. button. This release applies a consistent workaround in the Cancel operation, and with that the Cancel operation now appears to function as expected. - Changes to Accelerator Keys. Keys D, F, G and H are now encryption (Directory and File) and decryption (File and Directory), respectively.
Change Log - 2.1.1 Release
- Moved the assignment of the Mac Look and Feel from an external configuration parameter to an internal component of the PDS app. By doing this, Mac users who do not wish to install Java 6 from Apple will still be able to run PDS with the Mac Look and Feel - by executing the JAR file directly. A side effect of starting PDS in this manner is that the PDS images that are specific to Mac will display as Java or Apple images.
Change Log - 2.1 Release
- New Features
- The option to add configurable time stamps to encrypted PDS Files and Directories during the encryption process. Time stamps may include the date, time, time zone, or any combination of the three. For encrypted PDS Directories there is also the option of adding a time stamp to the name of the PDS encrypted Directory without adding it to the contents of the encrypted Directory. - A configurable password generator that will use a small set of characters (A-Z, a-z and 0-9) or a much larger set of characters. The number of characters in the password is configurable. There is also an option to copy the newly generated password to the system clipboard. - The ability to clear the contents of the system clipboard. - Improved modality among the PDS Dialogs, to better facilitate interaction between different components within the application. - A free (as in beer) release.
Change Log - 2.0 Release
- Generation of Secret Keys is improved: Replaced the KeyGenerator class with the SecretKeyFactory class. PDS uses SecureRandom to generate a 64-bit salt that is fed into PBKDF2-HMAC-SHA1 to hash the Secret Keys' passphrase 65536 times. - Initialization Vector: Replaced the static Initialization Vector (IV) with a unique IV (generated by SecureRandom) for every file. Each unique IV is contained within the metadata of the PDS file. - Resolved edge cases where the Key and/or KeyStore passphrases were not being scrubbed from memory after use. Added debugging of the scrubbing passphrases into the application. To enable and observe, please see the "Improvements" section below. - Restricted the scope of classes and methods.
- New Features
- Added more decryption options (e.g. verification only). - Added support for both Plain and Styled Documents. - Added the ability to import plain text files into PDS Notes. To import a file, select the "File->Encrypt->File" option within PDS and select Base64 encoding; the result will be a PDS Note. - Added the ability to use non-rewinding tape devices to encrypt and decrypt records on magnetic tapes. - Added new warning dialogs where appropriate. Some can be disabled and re-enabled. - Added the ability to view and edit encryption Keys. There are two views: Information (Algorithm and Size) and Details. - Added the ability to display the current Default Key. - Added settings to manage the optional dialogs within the application. - Maintaining the backward compatibility with earlier Notes and Files.
- Better support for Mac - Implemented Mac look and feel. - Fine grained control over authentication. In previous releases, some dialogs unnecessarily prompted for both the KeyStore and Key credentials when only one was needed. This release prompts for the minimal amount of credentials required. - More robust error messages in dialogs. - Verification of the clearing of authentication credentials. To enable, set: showzero=true e.g. $ java -Dshowzero=true -jar /path/to/pds.jar PDS will attempt to clear the credentials as soon as possible, printing the result to the terminal window. - Verification of the cryptographic functions. To enable, set: showcrypto=true PDS prints selected cryptographic operations to the terminal window. - PDS uses the universalJavaApplicationStub to start the JVM on Mac. This open-source product provides the much needed support for newer JREs on OS X. Thank you Tobias! For more information, please see: https://github.com/tofi86/universalJavaApplicationStub