Release Notes 2.x

From PDS Software Solutions LLC
Jump to: navigation, search

RELEASE NOTES - Personal Data Security 2

Before using PDS, please verify the authenticity of the application you have received.
The steps to verify the application can be found on the PDS Wiki under "Validating a release".

Use of Personal Data Security (PDS) may be illegal in countries where the encryption of
personal data is illegal.  Wikipedia has a list of countries and their import restrictions
related to cryptography: http://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography 

PDS is a data security product that provides affordable unlimited strength encryption in an
easy to use application.  PDS does not provide the actual encryption components; those are
provided by the trusted open source Java Cryptographic Extensions (JCE) within your Java
Runtime Environment (JRE).

PDS is not sold, but instead is licensed under the End User License Agreement (EULA) contained
within the application.  The EULA is displayed during initialization and is also available on
the PDS Wiki.

Before you run the application you will first need to extract the files from within the zip or
tgz file.  The extracted directory may then be moved to a more suitable place (e.g. Desktop,
Applications, Program Files, etc.).

Running the application consists of 2x clicking the PDS application (Mac) or the pds.jar file
(Linux / Windows).  Additionally, start up scripts exist to run PDS with extra options.  For
more information on the options, please refer to the PDS 2 Users Guide on the PDS Wiki.


Should PDS not start, please confirm that:

 1.  A suitable Java runtime environment (JRE) is installed.  Required is Java 6 or newer.
     Recommended is the latest JRE from Oracle.
 2.  For Mac release:  If prompted, the Java for OS X release from Apple should be installed.
               Please see below for more about Java for OS X.
     For Linux and Windows:  Ensure that a Java executable is in your path.  Also, Java
               should be configured to launch a jar file.  If this is uncertain, you may
               start PDS using an appropriate startup script or by manually running this
               command from a terminal window:
               $ java -jar /path/to/pds.jar


Once up and running, the Quick Start document within the application should be enough to get you started.

For more information about PDS, including the Users Guide, please consult the links below.


Sources for information:

	Website:	https://www.trustpds.com
	Wiki:		https://www.trustpds.com/wiki
	QuickStart: 	Within PDS - select the blue question mark.
	Users Guide:	https://www.trustpds.com/wiki/index.php/Users_Guide_2.0
	README.txt:	Within the software release.
	Change Log:	In the Release Notes.
	Release Notes:	This document.


Contact points include:

	Question:	 pds.question@gmail.com
	Bug:		 pds.bug@gmail.com
	Security:	 pds.cert@gmail.com
	Suggestion:	 pds.suggest@gmail.com


  • Known issues
 - When decrypting a directory, the last modification time will be correctly
   assigned to all files and directories.  However, as directories are  decrypted
   first, when subsequent operations write decrypted contents into a
   directory, the time stamp on that directory will be updated to the current
   system time.  Should you need to maintain the time stamps on directories at
   the time of encryption, decrypting the directory to a ZIP file, and then
   extracting the contents of the ZIP file will maintain the directory time
   stamps.
 - The optional ZIP compression of directories is performed after the
   encryption of each file.  As encrypted (random) data does not compress very
   much, the value of enabling compression is very limited.  Hence, the default
   compression level is 0 (none).


  • Known issues with Java
 - http://bugs.java.com/view_bug.do?bug_id=4681995
   Zip64 was implemented in Java 7 (u55).  Prior to that, ZIP archives were
   limited in both size (~4GB) and files (65536).
 - https://bugs.openjdk.java.net/browse/JDK-6550137
   https://docs.oracle.com/javase/8/docs/api/java/util/zip/ZipEntry.html
   Directory encryption and decryption relies upon the ZipEntry class.  This
   Java class does not provide full support for hard or soft links.  During
   directory encryption, both types of links are dereferenced, resulting in
   unique directories and files being written during decryption.  Also,
   canceling an operation while operating on a soft link to a file has been
   observed to result in an abrupt (no clean-up) end to the operation.
 - https://bugs.openjdk.java.net/browse/JDK-8064546
   https://bugs.openjdk.java.net/browse/JDK-8061619
   These bugs appear to be the same JRE bug.  When hit, a BadPaddingException
   (BPE) will be thrown.  If seen in PDS, it will typically be after
   decrypting a directory.  In older JRE's, the exception was (correctly)
   ignored, but JRE changes caused the BPE to be thrown when calling close()
   on a CipherInputStream that had not been read to the end of the stream.
   It seems that newer JRE's are again not throwing this exception when
   closing a stream that has not been read to the end.  PDS uses ZIP streams
   when encrypting directories, and it appears that the decryption of a ZIP
   stream may read less that written; thus the exception.  PDS suppresses
   this exception within the GUI but logs the exception to standard error.
   To prevent logging of the BPE, the best solution is to upgrade to the
   latest JRE.  Alternatively, the exception only seems to be seen when
   extracting files; thus, decrypting a directory to a ZIP file (instead of
   extracting the files) is an alternative to replacing the JRE.  For
   effected versions of Java, please see the referenced URLs above.


  • Known issues with Java - Mac only
 - http://bugs.java.com/view_bug.do?bug_id=8133783
   This bug results in a crash of the PDS application in a number of Java
   releases.  It is related to issues to 8057830, 8133783, 8146278 and 8173981
   in the OpenJDK, and appears to be in the backlog awaiting votes.  Filing an
   issue with the Oracle JRE at http://bugreport.java.com may elicit activity
   on this issue by the OpenJDK developers.
 - When attempting to run PDS, you may be prompted to install Java for OS X,
   regardless of any other Java installations on the system.  The reason for
   this appears to be caused by the Oracle Java VM attempting to detect
   if Apple Java is present, and in so doing triggering a series of events
   that ends up triggering OS X to require that Apple Java is installed:
   http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8024281
   Fixing this bug, and thus removing the Apple Java 6 dependency, is slated
   for Java 9.  In the meantime, you may opt to run the PDS executable Jar
   file directly, instead of running PDS as a Mac application, and thus avoid
   needing to install the legacy JDK from Apple.  But if you do decide to
   install the legacy JDK, the "upside" is that 1) PDS uses the most current
   JRE available on the system, and 2) Mac users will have a very compact
   JDK that provides both the "keytool" and "jarsigner" commands to verify
   the authenticity of the PDS executable.  To install Java for OS X:
   1. When prompted to install Java for OS X, select the "More Info" option
      within the Apple pop-up dialog.  This should open a browser window to:
      https://support.apple.com/kb/DL1572
      While not currently indicated at the URL above, the Java release does
      install and function on macOS "Sierra", also.
   2. Select the "Download" button to download the Java for OS X release.
   3. 2x-click the package and follow the instructions to install the JDK.
      Once installed, it will require ~50MB on disk, which is much better
      than the current Oracle JDKs which take ~500MB.
      When installed, the Java for OS X release will be installed in:
         /Library/Java/JavaVirtualMachines/.
      Similarly, Oracle/OpenJDK JDK's are installed in:
         /Library/Java/JavaVirtualMachines/
      Seemingly to focus on Applets (why...?), Oracle JREs are installed in:
         /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/
      For a full list of Apple releases of Java, please see:
         https://support.apple.com/downloads/java
      For more about Apple and Java, please see:
         https://www.java.com/en/download/faq/java_mac.xml
 - As released, PDS is configured to run using Java 6 (or newer).  To
   override this to force PDS to use Java 8, you will need to modify the
   Info.plist file within the PDS app.  Valid options for the JVMVersion
   for PDS 2 include 6, 6+, 7, 7+, 8, 8+.
 - Selecting the native-looking "Quit PDS" option provides a confirmation
   prompt.  Selecting the option to cancel the Quit operation eliminates
   the ability to use the "Quit PDS" option a second time.  A reading of
   the QuitHandler documentation seems to indicate that this is the expected
   behavior:  "Once used, the QuitResponse cannot be used again to change the
   decision."  So, if you cancel a QuitHandler, you should then close PDS by
   selecting the close button in the title bar of the PDS GUI.
 - https://bugs.openjdk.java.net/browse/JDK-8074185
   The above is a JRE bug on Mac.  When it occurs, the JVM sends a 10 line
   error message to standard error.  Note that you can prevent this error
   from being generated by horizontally increasing the size of the Dialog
   so that the title bar above the files and directories is not partially
   hidden by the right side of the Dialog.  Also, there may be some
   "stickyness" in the size of the File Dialog (JFileDialog) between
   invocations, so the dialog will only need to be resized if the size is
   subsequently decreased.


  • Other known issues - Specific conditions
 - The XFCE 4 Desktop Environment provides a button on the frame of dialogs
   that will roll dialogs up and down with a single click.  The use of this
   button is known to provide inconsistent behavior, sometimes working
   properly and other times not.  For this reason, it is recommended that
   the use of this feature be avoided within the PDS application.


Change Log - 2.3 Release

  • Improvements
 - Minor changes to licensing and a few other dialogs.


Change Log - 2.2.2 Release

  • Improvements
 - Check for active encryption/decryption jobs when closing PDS.  Display
   jobs and confirm the close request if any jobs are found.  The check is
   performed before the existing confirmation that the contents of all
   Notes has been saved to persistent storage.
 - Prevent multiple instances of the QuickStart dialog.
 - Changed the default settings for password generator.
 - Enable all options by default.
 - Added the option "Always prompt to exit?"
 - Display Linux/Unix instead of just Linux in selected dialogs.
 - Add Java "os.name" to selected dialogs.


Change Log - 2.2.1 Release

  • Improvements
 - Very minor updates and bug fixes for modality, dialogs, and the
   default settings.


Change Log - 2.2 Release

  • Improvements
 - Improved modality for better interaction among the PDS components.
 - Progress Monitor Dialogs - Mac only
   Various issues have been observed when Progress Monitor Dialogs were
   enabled.  These issues include instances of out of sync progress
   indicators as well as unexpected behavior when selecting the Cancel.
   button.  This release applies a consistent workaround in the Cancel
   operation, and with that the Cancel operation now appears to function
   as expected.
 - Changes to Accelerator Keys.  Keys D, F, G and H are now encryption
   (Directory and File) and decryption (File and Directory), respectively.


Change Log - 2.1.1 Release

  • Improvement
 - Moved the assignment of the Mac Look and Feel from an external
   configuration parameter to an internal component of the PDS app.
   By doing this, Mac users who do not wish to install Java 6 from
   Apple will still be able to run PDS with the Mac Look and Feel - by
   executing the JAR file directly.  A side effect of starting PDS in
   this manner is that the PDS images that are specific to Mac will
   display as Java or Apple images.


Change Log - 2.1 Release

  • New Features
 - The option to add configurable time stamps to encrypted PDS Files
   and Directories during the encryption process.  Time stamps may
   include the date, time, time zone, or any combination of the three.
   For encrypted PDS Directories there is also the option of adding a
   time stamp to the name of the PDS encrypted Directory without
   adding it to the contents of the encrypted Directory.
 - A configurable password generator that will use a small set of
   characters (A-Z, a-z and 0-9) or a much larger set of characters.
   The number of characters in the password is configurable.  There
   is also an option to copy the newly generated password to the
   system clipboard.
 - The ability to clear the contents of the system clipboard.
 - Improved modality among the PDS Dialogs, to better facilitate
   interaction between different components within the application.
 - A free (as in beer) release.


Change Log - 2.0 Release

  • Security
 - Generation of Secret Keys is improved:
   Replaced the KeyGenerator class with the SecretKeyFactory class.
   PDS uses SecureRandom to generate a 64-bit salt that is fed into
   PBKDF2-HMAC-SHA1 to hash the Secret Keys' passphrase 65536 times.
 - Initialization Vector:
   Replaced the static Initialization Vector (IV) with a unique IV
   (generated by SecureRandom) for every file.  Each unique IV is
   contained within the metadata of the PDS file.
 - Resolved edge cases where the Key and/or KeyStore passphrases
   were not being scrubbed from memory after use.  Added debugging
   of the scrubbing passphrases into the application.  To enable
   and observe, please see the "Improvements" section below.
 - Restricted the scope of classes and methods.
  • New Features
 - Added more decryption options (e.g. verification only).
 - Added support for both Plain and Styled Documents.
 - Added the ability to import plain text files into PDS Notes.
   To import a file, select the "File->Encrypt->File" option within
   PDS and select Base64 encoding; the result will be a PDS Note.
 - Added the ability to use non-rewinding tape devices to encrypt and
   decrypt records on magnetic tapes.
 - Added new warning dialogs where appropriate.  Some can be disabled
   and re-enabled.
 - Added the ability to view and edit encryption Keys.
   There are two views:  Information (Algorithm and Size) and Details.
 - Added the ability to display the current Default Key.
 - Added settings to manage the optional dialogs within the application.
 - Maintaining the backward compatibility with earlier Notes and Files.
  • Improvements
 - Better support for Mac - Implemented Mac look and feel.
 - Fine grained control over authentication.
   In previous releases, some dialogs unnecessarily prompted for
   both the KeyStore and Key credentials when only one was needed. 
   This release prompts for the minimal amount of credentials required.
 - More robust error messages in dialogs.
 - Verification of the clearing of authentication credentials.
   To enable, set:	showpassclear=true
     e.g.  $ java -Dshowpassclear=true -jar /path/to/pds.jar
   PDS will attempt to clear the credentials as soon as possible, printing
   the result to the terminal window.
 - Verification of the cryptographic functions.
   To enable, set:	showcrypto=true
   PDS prints selected cryptographic operations to the terminal window.
 - PDS uses the universalJavaApplicationStub to start the JVM on Mac.
   This open-source product provides the much needed support for newer
   JREs on OS X.  Thank you Tobias!  For more information, please see:
   https://github.com/tofi86/universalJavaApplicationStub


(C) PDS Software Solutions LLC, 2009-2017 - All rights reserved.
By using this website, you signify that you agree to be bound by the express terms of use.
We value your privacy.
Personal tools
Namespaces

Variants
Actions
Navigation
Tools