I've been looking at the new Java port of PasswordSafe... Looks very interesting! Any chance this will become the "default" password safe implementation?
A question I had when looking over the source: has consideration been given to porting the core Java routines to J2ME? Given that it usually supports very reduced set of classes, I'm not sure the current routines will work. Specifically, I was playing around with getting them to compile for my BlackBerry. The BlackBerry VM, however, does not support things like "Files".
I started trying to write a framework for developing a very flexible & portable core, but I haven't attempted using an encrypted file (I'd rather leave that to the experts). So, all my work has been done on non-encrypted databases. There are hooks in place to handle the encryption/decryption, just null implementations. I'd be glad to share what I have if there is interest.
Glad to see the work that's been done so far!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here's an updated version... Not much new, just better crypto handling (I think). It's at least correctly padding remaining blocks now. There are a few other code changes as well. The junk database creation now works properly, doing both encryption and compression does not. http://www.heddway.com/pwsafe/pwsafej_0.0.2.jar
I've been testing this using databases of between 1K - 4K entries. It seems to hold together just fine, without feeling too slow. Just testing encryption and decryption at this point.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm the guy heading up the Java port, and I'd love to touch base to see what you've been up to. I've long wanted to produce a more pluggable crypto interface, and your file changes might be just the ticket.... with J2ME as a bonus!
Let me know,
Glen.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'd be glad to show you what I've got... It's probably easiest to just have you pull it from a server somewhere, so I'll put it up shortly and let you know. It's not much, just some skeleton ideas for how to accomplish things. I've got it compiling for my BlackBerry at the moment (although you'll see it's not really doing anything, just proving that I can compile the crypto code). I'll clean it up and post a link later today.
My biggest limitation has been the DB format. It seems pretty difficult to work with, but that is most likely because I'm not very familiar with it, and I'm just trying to reverse engineer it using your code as my guide. Any chance/reason for a change here? I've been playing around using a structured DB format - the exported XML from PWS - and it seems like that would be a lot easier to work with... Just decrypt the file, parse using a favorite XML parser and you're off. Might not be that simple, I suppose. Perhaps it is less secure to have "known" data in the encrypted text? If that were the case, the XML could be compressed prior to encryption, which should remove a lot of the known strings... Just some ramblings here.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here's a link to what I've been playing around with... There's not much in the way of interface functionality. I was sidetracked trying to figure out how to get encryption hacked in.
I know it's a bit of a departure from the current PWS file format, but I wanted to see what might happen with a clean slate. Let me know what you think.
I've been looking at the new Java port of PasswordSafe... Looks very interesting! Any chance this will become the "default" password safe implementation?
A question I had when looking over the source: has consideration been given to porting the core Java routines to J2ME? Given that it usually supports very reduced set of classes, I'm not sure the current routines will work. Specifically, I was playing around with getting them to compile for my BlackBerry. The BlackBerry VM, however, does not support things like "Files".
I started trying to write a framework for developing a very flexible & portable core, but I haven't attempted using an encrypted file (I'd rather leave that to the experts). So, all my work has been done on non-encrypted databases. There are hooks in place to handle the encryption/decryption, just null implementations. I'd be glad to share what I have if there is interest.
Glad to see the work that's been done so far!
Here's an updated version... Not much new, just better crypto handling (I think). It's at least correctly padding remaining blocks now. There are a few other code changes as well. The junk database creation now works properly, doing both encryption and compression does not. http://www.heddway.com/pwsafe/pwsafej_0.0.2.jar
I've been testing this using databases of between 1K - 4K entries. It seems to hold together just fine, without feeling too slow. Just testing encryption and decryption at this point.
Hi Mate,
I'm the guy heading up the Java port, and I'd love to touch base to see what you've been up to. I've long wanted to produce a more pluggable crypto interface, and your file changes might be just the ticket.... with J2ME as a bonus!
Let me know,
Glen.
I'd be glad to show you what I've got... It's probably easiest to just have you pull it from a server somewhere, so I'll put it up shortly and let you know. It's not much, just some skeleton ideas for how to accomplish things. I've got it compiling for my BlackBerry at the moment (although you'll see it's not really doing anything, just proving that I can compile the crypto code). I'll clean it up and post a link later today.
My biggest limitation has been the DB format. It seems pretty difficult to work with, but that is most likely because I'm not very familiar with it, and I'm just trying to reverse engineer it using your code as my guide. Any chance/reason for a change here? I've been playing around using a structured DB format - the exported XML from PWS - and it seems like that would be a lot easier to work with... Just decrypt the file, parse using a favorite XML parser and you're off. Might not be that simple, I suppose. Perhaps it is less secure to have "known" data in the encrypted text? If that were the case, the XML could be compressed prior to encryption, which should remove a lot of the known strings... Just some ramblings here.
Here's a link to what I've been playing around with... There's not much in the way of interface functionality. I was sidetracked trying to figure out how to get encryption hacked in.
I know it's a bit of a departure from the current PWS file format, but I wanted to see what might happen with a clean slate. Let me know what you think.
http://www.heddway.com/pwsafe/pwsafej_0.0.1.jar