Users Guide 2.x - Customize

From Personal Data Security: Encryption to Fight Cybercrime and Identity Theft
Jump to: navigation, search


Installation and Initialization

Part 1 - Installation and Initialization

Creating, Viewing and Editing Notes

Part 2 - Creating, Viewing and Editing Notes

Encrypting and Decrypting Files and Directories

Part 3 - Encrypting and Decrypting Files and Directories

Customization of PDS

Default File Locations

PDS maintains a default directory for both encrypted data (Notes and Files) and a default directory for KeyStores. These are configured during the initialization process.

To view or change these default directories, select "Options -> Locations" from the main toolbar. On the Default File Locations tab (Figure 1), use the directory browser to navigate to the new defaults. Once updated, save the new configuration with either the Ok or Apply buttons. Both of those buttons will save the changes from all the tabs, and the Ok button will also close the Locations Dialog.

To switch tabs using the keyboard, use Ctrl-Tab to move left to right, and use Ctrl-Shift-Tab to move right to left.

Fig 1. Setting the default paths

KeyStore Search Path (KSP)

PDS Notes and Files each contain metadata about the encrypted data. Among that metadata is the Alias of the Key used to encrypt the data as well as the KeyStore in which holds that Key. When a PDS Note or File is decrypted, PDS searches all the directories in the KSP for a matching KeyStore. Initially the KSP contains only the default directory, but as your use spreads across multiple systems and OS's, the need for multiple directories in the KSP increases.

To add or remove directories from the KSP, select "Options -> Locations" from the main toolbar and click on the KeyStore Search Path tab. To add a new directory, select the Add New Directory button (Figure 2) and then to navigate to and select the directory to be added. To remove a directory, select the directory in the tab and click on the Remove Directory button.

Fig 2. Updating the KeyStore Search Path (KSP)

Changing the Default Key

Should you need to change the Default Key, select "Key -> Edit" from the main Gui (or select the Edit Encryption Key button on the ToolBar). You will need to select the KeyStore containing the Key, and once you do, you will be presented with a dialog (Figure 3) with options related to Keys. Select the Key that you want to make the Default Key, and then select the button "Set as Default Key."

Fig 3. Changing the Default Key

Modifying a KeyStore Passphrase

To change the KeyStore pass, select "KeyStore -> Change passphrase" from the main Gui (or select the Edit KeyStore button on the ToolBar). You will be presented with a warning dialog (Figure 4) confirming that you have a current backup of the KeyStore. Once the KeyStore backup has been made, select "Yes" to proceed to the dialog (Figure 5) to change the passphrase. You will then need to select the KeyStore that you will be changing the passphrase on, and then provide the current and new passphrases.

Fig 4. Warning prior to changing the Passphrase for a KeyStore
Fig 5. Changing the Passphrase for a KeyStore

Modifying a Key Passphrase

To change the passphrase for a Key, select "Key -> Edit" from the main Gui (or select the Edit Key button on the ToolBar). You will then need to select the KeyStore that contains the Key which will have its passphrase changed.

Next, select the Key which you will change the passphrase, and then select the "Change Passphrase" button. You will then see a warning dialog (Figure 6). After ensuring that the Notes are protected by this Key are closed, and also that you have a valid backup of the KeyStore containing the Key, select the "Yes" button to proceed. The next dialog (Figure 7) will collect the necessary credentials. Once this form is completed, select the "Modify" button to change the passphrase associated with that Key.

Fig 6. Warning prior to changing a Key's Passphrase
Fig 7. Changing the Passphrase for a Key


PDS has optional features that can be enabled or disabled. These features are in one of three groups: dialogs, progress monitors, and timestamps. These features are either enabled or disabled, except for the timestamps; timestamps may be configured when enabled.

Except for prompting on exit, the dialogs can be disabled on the Settings dialog (Figure 8) as well as the dialog itself.

The same is true for the directory encryption and decryption progress monitors. These progress monitors are features within the Java language, and they provide progress on a per-file basis. While this is great for large files, when encrypting smaller files, each time there is sufficient IO a new dialog pops up (and grabs the cursor's focus). To avoid excessive popups of Java progress monitors, you can disable the per-file Java progress monitors and rely upon PDS's per-job progress monitors for directories. Please note that when encrypting or decrypting an single file, the Java progress monitors are always enabled, and they will display with sufficient IO.

The last group of settings applies to appending timestamps to the files and directories that you encrypt. (This does not apply to any of your Notes.) For the file that is created when encrypting a file or directory, you can select appending the date, time and/or timezone to the name of the encrypted output file. The final option, "Also Append to Top-Level Directories", allows you to append the same timestamp to the top-level directory when encrypting a directory. While the value of the timestamp on the file name allows you to see at a glance when that backup was created, a timestamp on the top-level directory allows you to decrypt that directory right alongside the original directory, without overwriting any of the files in the original directory. That's because the encrypted directory is extracted to "ParentDir/Dirname-Timestamp".

Fig 8. Settings dialog

Using the Unlimited Strength Policy Files

Historically, the Oracle JREs did not support AES keys larger than 128 bits by default. To enable AES keys of up to 256, the "unlimited jurisdiction policy files" needed to be installed.

As of the most recent Java 8 releases, and all subsequent releases (verified in Java 9 and 10), installing the policy files to enable unbreakable in the Oracle JREs is no longer needed.

Should you wish to use AES keys larger than 128 bits, and you are using an older JRE from Oracle, you will need to upgrade the "policy files" that came with your JRE to the "unlimited strength" JCE policy files. Here are the links to those files:

JRE 8 - JCE Policy Files

JRE 7 - JCE Policy Files

JRE 6 - JCE Policy Files

Inside each download will be two JAR files that will need to be copied to "<java-home>/lib/security" (please see the included README).

Verification, Configuration and Other Tasks

Part 5 - Verification, Configuration and Other Tasks


Part 6 - Troubleshooting PDS

(C) PDS Software Solutions LLC, 2016
By using this website, you signify that you agree to be bound by the express terms of use.
We value your privacy.
Personal tools