Users Guide 2.x - Customize
Installation and Initialization
Creating, Viewing and Editing Notes
Encrypting and Decrypting Files and Directories
Customization of PDS
Default File Locations
PDS maintains a default directory for both encrypted data (Notes and Files) and a default directory for KeyStores. These are configured during the initialization process.
To view or change these default directories, select "Options -> Locations" from the main toolbar. On the Default File Locations tab (Figure 1), use the directory browser to navigate to the new defaults. Once updated, save the new configuration with either the Ok or Apply buttons. Both of those buttons will save the changes from all the tabs, and the Ok button will also close the Locations Dialog.
To switch tabs using the keyboard, use Ctrl-Tab to move left to right, and use Ctrl-Shift-Tab to move right to left.
KeyStore Search Path (KSP)
PDS Notes and Files each contain metadata about the encrypted data. Among that metadata is the Alias of the Key used to encrypt the data as well as the KeyStore in which holds that Key. When a PDS Note or File is decrypted, PDS searches all the directories in the KSP for a matching KeyStore. Initially the KSP contains only the default directory, but as your use spreads across multiple systems and OS's, the need for multiple directories in the KSP increases.
To add or remove directories from the KSP, select "Options -> Locations" from the main toolbar and click on the KeyStore Search Path tab. To add a new directory, select the Add New Directory button (Figure 2) and then to navigate to and select the directory to be added. To remove a directory, select the directory in the tab and click on the Remove Directory button.
Changing the Default Key
Should you need to change the Default Key, select "Key -> Edit" from the main Gui (or select the Edit Encryption Key button on the ToolBar). You will need to select the KeyStore containing the Key, and once you do, you will be presented with a dialog (Figure 3) with options related to Keys. Select the Key that you want to make the Default Key, and then select the button "Set as Default Key."
Modifying a KeyStore Passphrase
To change the KeyStore pass, select "KeyStore -> Change passphrase" from the main Gui (or select the Edit KeyStore button on the ToolBar). You will be presented with a warning dialog (Figure 4) confirming that you have a current backup of the KeyStore. Once the KeyStore backup has been made, select "Yes" to proceed to the dialog (Figure 5) to change the passphrase. You will then need to select the KeyStore that you will be changing the passphrase on, and then provide the current and new passphrases.
Modifying a Key Passphrase
To change the passphrase for a Key, select "Key -> Edit" from the main Gui (or select the Edit Key button on the ToolBar). You will then need to select the KeyStore that contains the Key which will have its passphrase changed.
Next, select the Key which you will change the passphrase, and then select the "Change Passphrase" button. You will then see a warning dialog (Figure 6). After ensuring that the Notes are protected by this Key are closed, and also that you have a valid backup of the KeyStore containing the Key, select the "Yes" button to proceed. The next dialog (Figure 7) will collect the necessary credentials. Once this form is completed, select the "Modify" button to change the passphrase associated with that Key.
PDS has optional features that can be enabled or disabled. These features are in one of three groups: dialogs, progress monitors, and timestamps. These features are either enabled or disabled, except for the timestamps; timestamps may be configured when enabled.
Except for prompting on exit, the dialogs can be disabled on the Settings dialog (Figure 8) as well as the dialog itself.
The same is true for the directory encryption and decryption progress monitors. These progress monitors are features within the Java language, and they provide progress on a per-file basis. While this is great for large files, when encrypting smaller files, each time there is sufficient IO a new dialog pops up (and grabs the cursor's focus). To avoid excessive popups of Java progress monitors, you can disable the per-file Java progress monitors and rely upon PDS's per-job progress monitors for directories. Please note that when encrypting or decrypting an single file, the Java progress monitors are always enabled, and they will display with sufficient IO.
The last group of settings applies to appending timestamps to the files and directories that you encrypt. (This does not apply to any of your Notes.) For the file that is created when encrypting a file or directory, you can select appending the date, time and/or timezone to the name of the encrypted output file. The final option, "Also Append to Top-Level Directories", allows you to append the same timestamp to the top-level directory when encrypting a directory. While the value of the timestamp on the file name allows you to see at a glance when that backup was created, a timestamp on the top-level directory allows you to decrypt that directory right alongside the original directory, without overwriting any of the files in the original directory. That's because the encrypted directory is extracted to "ParentDir/Dirname-Timestamp".
Using the Unlimited Strength Policy Files
Some JREs provide support for AES ciphers larger than 128 bits by default. Oracle, and before it Sun, does not.
Should you wish to use AES ciphers larger than 128 bits, and you are using a JRE from Oracle, you may need to upgrade the "policy files" that came with your JRE to the "unlimited strength" JCE policy files. Here are the links to those files:
Inside each download will be two JAR files that will need to be copied to "<java-home>/lib/security" (please see the included README).
As Oracle recommends using the latest Oracle JRE, this will require copying these files after each update of the JRE.
Should you be using an Oracle JRE, it is recommended that you use a 128 bit AES cipher and avoid the need to update the unlimited strength policy files with each release.
Should you wish to use 256 bit AES ciphers, it is recommended that you use another JRE.
Verification, Configuration and Other Tasks