-------------------------------------------------------------------------------
10/25/2003
Joshua Teitelbaum
Added GETGPGEXEHASH command. This takes Os, Arch, OS Version to determine
which version of GPG is needed to ship to the client, and the current hash of
it.
Added support on client and Server.
Currently, the Server is stubbed, and returns BADBEEF for only Os=Microsoft.
TODO: Unstub it...for now, it the communication protocol that I want to work
out. Not necessarily the entire implementation
-------------------------------------------------------------------------------
10/26/2003
Joshua Teitelbaum
New Account Creation:
The end goal is to pass:
Creating an account:
At the server, convert the keys to binary and commit
The new process will entail:
a) Get the GPG EXE for the target architecture
b) unlink existing pubring.pgp, secring.gpg
c) Create new keys
d) Push to server using new protocol
Then, login....
Going to enhance the login protocol to include the hashes of the pubring.gpg and
secring.gpg. The server should now store pubring.gpg, secring.gpg, and their
corresponding hashes as purported by the client.
I have to update the schema. The schema is going to be updated in an *additive*
fashion. That is, to keep things running, and *TESTABLE*, I'll Add fields, not
take them away. Then, when things are working, I can take them away from the
true schema.
The (temporary) schema is:
AsciiArmoredPublicPGPKeyRing TEXT NOT NULL,
AsciiArmoredPrivatePGPKeyRing TEXT NOT NULL,
EncryptedHashOfAsciiArmoredPrivatePGPKeyRing TEXT NOT NULL,
AsciiArmoredPublicPGPKey TEXT NOT NULL
-------------------------------------------------------------------------------
11/9/2003
After some thought....
I think I will unconditionally download the public and private keys.
However, they will be stored in ascii armour format. In case anyone wants them.
It's good for transmission...
If the goal is to create an account with one transaction such as...
The client will have to encode, in hex, the public key ring and private key ring after they have been ASCII armored.
-------------------------------------------------------------------------------
11/16/2003
To make things simpler, I am dusting the MAC of the private key ring.
-------------------------------------------------------------------------------
11/22/2003
Ok, I am going to make the new account applet today.
It will simply show all the fields.
DONE!!!! Server and client now talking!
Next, login!!
Ok, I need to improve upon serialization of the public/private keyring stuff on server.
Currently, I will be sucking in all the userbase fields, when really, depending on the context, I should only be
sucking in what I need.
Consider bitflags to build the SQL statement, to get only the fields I need.
-------------------------------------------------------------------------------
11/23/2003
Public Key protocol enhanced. Now getting AsciiArmoredPublicKey, but binhexed up in xml attr
Ok, so what is going to happen?
In this first stage of development, I will not do PGP keyring manipulation.
That will be in the second phase, after I get all the kinks out with the PGP replacement.
Ideally, I would like to get a macintosh OSX, and linux builds to work with the bridge before the keyring stuff.
Immediately next, encryption to the discovered public keys.
For now, I will do the following Phase 0:
1) Get public key for each user from server
2) Concat public keys to temp file.
3) Import keys to (transitory anyway) key ring.
4) Encrypt message using public key file
Phase 1:
Ideally, this is what will happen:
1) Get public key from file, if not in file, goto server
2) If found from server, then Import to public key ring
3) Encrypt using public key file.
Again, although not ideal, I think I would like to get Phase I to happen later, when I have more builds
to test on, and can ensure that my bridge works on multiple (more??!) platforms.
-------------------------------------------------------------------------------
12/06/2003
Encryption and decryption done!!!
Saves item to sent-items, reserializes unsent messages, does attachments, etc!!!
YAY!
-------------------------------------------------------------------------------
12/09/2003
Smoothing: Let's work off this todo list:
1) ensure protocol downloads keyring, and it can separate it's key with public keyring
2) make two methods: update public keyring
3) update private keyring and passphrase (change passphrase method)
4) which means change the change passphrase applet
5) put a hash of the gpg.exe's in the java client
6) begin fan out of all the different bridge types
7) ensure works with netscape and java plugin.
---------------------------------------------------------------------------------
5/10/2004
On point #7..this was a bitch.
It turns out that user.home is fux0red on MS VM's. The SUN VM will return c:\Documents and Settings....
while MS will return C:\WINNT\JAVA etc.
User.dir seems to work across the board, but it's not exactly the semantic I'm looking for.
For crying out loud, I want $HOME, but anyway....
Ok, back to the other points:
On point 1) I remembered that I should separate out the public key and the public key ring for serialization.
FillContextInfo on the server should only pull in the full keyring when absolutely necessary, like the request
mandates it...and that's only for freakin logins!!!!
Otherwise, we only need the broken out public key.
Ok, I'll work on that later.
First, lemme think on what I'm going to do to allow imporation of foreign public keys:
a) When we first log in, we get our public key ring and expand to: pubring.gpg
b) Save a copy of this to pubring.gpg.login
c) When we want to add a key, make a copy of the current pubring.gpg --->{pubring.gpg.copy}
d) rename pubring.gpg.login to pubring.gpg
e) Import the key
f) export to ascii and upload our public key ring to the server
g) rename pubring.gpg.copy to pubring.gpg
h) Import the key again for future use
i) done!
---------------------------------------------------------------------------------
5/13/2004
After some preliminary testing, I've finally got the public key permanent imporation working.
As always, I just hijacked a method that normally called Import(), and did ImportPermanent(), and it
appears to work.
Well, what is next?
1) Update the server with the new public key ring.
Enhance protocol to have a new message.
That will complete the circle of ImportPermanent().
2) Seems like a GUI management tool of public keys is warranted.
I'll make a dialog that displays the public keys, etc..
Here are the verbs needed:
a) Display all key roots (Name, stength, etc)..
b) Show ASCII of a key on double click
c) Delete a key
d) Import keys via Paste into window
e) Import keys via File
I'm going with this as the BARE MINIMUM.
Obviously, I'm not going to get all tricky, and do lots of stuff.
I just want this basic set of features to work.
Advanced users may not be so pleased and want to to see the all key emails, and the exportability, and the photos.
I'll do the update of the public key now, and tomorrow, should work on the new GUI panel.
---------------------------------------------------------------------------------
5/14/2004
Update of public key ring now done.
Now, onto the key management panel.
Some notes
1) Get the panel to launch with the correct UI form factor
2) The panel should call the bridge's list all keys, or maybe the bridge should have an up-to-date copy of all keys
3) Parse them
4) Display them
For now, the key list panel will have
Name and email, followed by the creation date.
Internally, I'll make a list of parsed public key objects and keep them around.
I think I'll make another todo list, this is turning into blurbs, and less of a simple
global action item list (without having to read the entire thing!!!!)
(done 5/14/2004)
---------------------------------------------------------------------------------
5/15/2004
Doing key manager today.
Ok, that is looking good....except for the fact that key updates are slow.
Converting them so that they fit within an attribute seems like a bad idea.
Ok....time get get more sane about this.
Maybe on the way over, I'll do the goreally slow trick.
However, on the way in, I'll make it an attribute.
Anything to avoid CDATA :) heh...I can't handle CDATA.
FSCK.
5/24/2004
deadaddict writes:
note: i am a winy bastard - fullfilling my every wish will not impact your decision to be chosen (although making the changes you are already making certainly have impacted your chances)
first: a possible nifty demo (i tried this myself, thought it was crashing, but it didn't) - this actually seems to work very nice:
go into pgp keys (win32 mainstreem pgp app) with a lot of public keys in your keyring. select all. edit-copy. Now you have your entire keyring in your clipboard. now go paste your entire keyring into key import text of cryptomail. wait. wait.
walla! everything imported, everything happy. very impressive.
slew of potential features:
.sig 's(blech!)
word wrap in composing messages (would be nifty, potentially)
status bar at bottom of messages (new and ones you are reading) [instead of the top of the page telling you whats up, the bottom of the page should probably be giving you status]
option to send public key with mail (default .sig to be public key perhaps? option when sending unencrypted to people to include your public key perhaps?)
automagic scanning of new messages to import ppls keys (blech)
is mail signed by default, is there a way to sign mail if not?
when composing a new message it says at the top 'new message -- untitled' even after you change your title, should the subject you enter dynamically change the title bar to denote the subject of the new message (thinks so)
ack, you still need new icons - not your fault, just need a graphics guru to take some interest
Bugs:
Title bar is unchanged
is it possible to execute shell code down underneath instead of on top of the current window (less visible to user)
Word-wrap (wow, this is my largest complaint, seriously)
Clicking on from/subject/received don't seem to re-order columns, they should designate sorting order
the seperators between the from/subject/received do not allow user to change the width off the columns, they should
after composing a new message, then attempting to close dialog box, user is told 'changes were made - do you want to save them' even though nothing was typed in
after clicking 'reply' to a message, but not typing anything, if user attempts to close dialog box user is prompted with a 'changes were made' dialog box - this should only occur if the user has typed something into one of the boxes
attatchment window title bar by default isn't large enough to show 'help text' (of add and remove attatchment). having status bar on bottom might solve this problem
status should be indicated at the bottom and not the top of applications
attatchment options should be present in the 'file' menu of a new message
attactment button should not be present on incoming messages that don't have attatchment associated
messageID should not be displayed (perhaps in 'debug' mode or something - which your server may be in, but it's more confusing than enlightening)
features:
address book functionality
file attatchments supported by dragging a file onto the new message dialog box
not saying it should be done, but am curious - is there a way to have a different icon other than the java one for the java applications?
thought on auto-forwarding (and risks associated). what if you only autoforwarded for ppl you've already received mail from. then alice couldn't start doing bad things (unless a friend had hijaccked the account) AND spam wouldn't be forwarded. just a random thought (not sure how intuitive this feature would be, but it might have real utility)
make message signing optional/revealed (default?)
---------------------------------------------------------------------------------
5/28/2004
Re-did public key upload. I made it take a cryptomail xml blob, and it works fine now.
---------------------------------------------------------------------------------
5/30/2004
Sent items now an option, globally and locally per message. The peasants rejoiced. Took a while :(
---------------------------------------------------------------------------------
6/1/2004
Implemented server side sort....
MUST CLEAN UP THE DATATABLE STUFF.
Don't need datatable %n stuff. Maybe I'm stupid. It was an optimization that
1) I didn't test for
2) I didn't need in the first place
Note to self...don't optimize until you have the case for optimization.
Then get pushed to do it :)
---------------------------------------------------------------------------------
6/8/2004
drue Key: os.name = Mac OS X
drue Key: browser = null
drue Key: browser.vendor = Sun Microsystems, Inc.
drue Key: browser.version = 1.1
drue Key: java.vendor = Apple Computer, Inc.
drue Key: java.version = 1.4.2_03
---------------------------------------------------------------------------------
6/14/2004
Made things work with linux.
Have a static compile working.
The next things I should do are
1) find out how strong the encryption is on the private key (128bit IDEA, but really only as strong as passphrase domain)
2) start cleaning up install automation
3) Make a software distribution key for CryptoMail
4) Sign the pre-built gpg exe's
5) consider encrypting the user's public key ring
---------------------------------------------------------------------------------
6/15/2004
Cleanup:
Getting rid of datatable fan out.
make sure cmdatatable is not %d'ed
---------------------------------------------------------------------------------
6/16/2004
Cleanup:
Have to delete messagesession key from datatable
---------------------------------------------------------------------------------
6/18/2004
OMFG...THAT WAS FUCKING PAINFUL.
NOTE TO SELF: REMEMBER HOW YOU FUCKING HACKED GPG.EXE FOR WINDOWS TO GET RID OF THE CONSOLE
FUCKING SHIT. Just set con.in and con.out to stdio shit.
FUCK. WAY TOO LONG ON THE RE-DISCOVERY PATH
47d46
< #include
57c56
< FILE *in; FILE *out;
---
> HANDLE in, out;
135c134,138
< con.out = stdout;
---
> con.out = CreateFileA( "CONOUT$", GENERIC_READ|GENERIC_WRITE,
> FILE_SHARE_READ|FILE_SHARE_WRITE,
> &sa, OPEN_EXISTING, 0, 0 );
> if( con.out == INVALID_HANDLE_VALUE )
> log_fatal("open(CONOUT$) failed: rc=%d", (int)GetLastError() );
139c142,146
< con.in = stdin;
---
> con.in = CreateFileA( "CONIN$", GENERIC_READ|GENERIC_WRITE,
> FILE_SHARE_READ|FILE_SHARE_WRITE,
> &sa, OPEN_EXISTING, 0, 0 );
> if( con.in == INVALID_HANDLE_VALUE )
> log_fatal("open(CONIN$) failed: rc=%d", (int)GetLastError() );
140a148,149
> SetConsoleMode(con.in, DEF_INPMODE );
> SetConsoleMode(con.out, DEF_OUTMODE );
198c207,208
< nwritten = write(fileno(con.out),buf,n);
---
> if( !WriteConsoleA( con.out, buf, n, &nwritten, NULL ) )
> log_fatal("WriteConsole failed: rc=%d", (int)GetLastError() );
318a329,330
> if( hidden )
> SetConsoleMode(con.in, HID_INPMODE );
323c335,336
< nread = read(fileno(con.in),cbuf,1);
---
> if( !ReadConsoleA( con.in, cbuf, 1, &nread, NULL ) )
> log_fatal("ReadConsole failed: rc=%d", (int)GetLastError() );
345a359,360
> if( hidden )
> SetConsoleMode(con.in, DEF_INPMODE );
---------------------------------------------------------------------------------
6/20/2004
OMFG...THAT WAS FUCKING PAINFUL.
Same on linux side.
Also, today I managed to clean up all my shit that happened when I borked the code due to schema changes.
All the file related stuff, and the arbitrary datatable%d stuff is GONE.
BLOW FOR FREEDOM.
Also, I've got the configure and setup on lockdown!!!
Ok, what do we do about the gnupg module that is still distributed by us?
replace it?....
Anyway.....Next thing is to keep going with the installation and testing.
1) Clean up distribution so that automation of installation works
GPG with distro does not need MPI....just libcipher.a
have to fix that.
Also, getting it out of source is a good idea.
Well, here we go...
1) Delete from source control
2) Get latest version of gpg 1.24
3) build
4) try making it work with configuration etc.
5) Linux doesn't even build yet because of some discrepencies with DynaSed stuff.
Ok, I fixed the DynaSed problem...it had to do with some bugs I created when adding new variables.
Now, we have a 1/2 way decent installation mechanism.
I fixed some linking problems, and did more tests for linking against libs that are necessary.
So far, Linux and OpenBSD as servers.
I still should test for libcipher.a....I'll do that tomorrow.
Then I'll move onto documentation, and then apple stuff.
--------------------------------------------------------------------------
6/24/2004
1) Cleanup on aisle 4...delete all files when done.
2) sendmail configuration is better.
ok day today....
Tomorrow, I should concentrate on getting existing keys working. So, when you create an account,
you simply associate another email address with the key set.
--------------------------------------------------------------------------
6/26/2004
too tired for existing key stuff....hard day at work...
tomorrow...and definately complete by Sunday night...for sure...let's map it out tho now:
At new account creation:
a) Take public key file
b) Take private key file
c) Ask user for the exact public key that represents their key (browse for it using existing key manager...)
but this key manager may need a different mode of operation (pick only) ....more code..... :)
d) Tag that key with a new email address, and personal name at cryptomail.org
e) Change the entire key public key ring
f) Isolate the new public key with the tagged cryptomail.org email address
g) Isolate the private key with the tagged cryptomail.org email address
h) Upload the public key ring and private key ring in it's entirety.....
--------------------------------------------------------------------------
6/26/2004
2) ensured exe is not poizoned. (Check hash when DL'ing gpg) 6/25/2004
--------------------------------------------------------------------------
6/27/2004
Simplification.....if you are going to use existing keys, that's fine....Just have
to do it more by hand. (For now) It simplifies things.
a) Get public key and private key block.
b) Ensure public key contains the target user
c) Ensure private key contains the target user
d) Ensure passphrase works by signing
e) upload
--------------------------------------------------------------------------
7/1/2004
Made acid test program to determine if "up is up"
Martin Peck = #1
--------------------------------------------------------------------------