Secure9 Mail revisions

advertisement
Secure9 Mail changelog:
11Aug-in MessageCompose.java, split onEncrypt into onEncrypt, encryptAction, and getPassword.
-Need to convert password from String to char[]. How to clear password after encrypt but allow undo
encrypt before send?
-Need to edit MessageView.java to same three methods to allow password decryption if no stored key is
found.
-Finished encryption actions. Clicking encrypt from message compose gives dialog "No key found for
'(recipient email)' - Use password OR Setup Key buttons. Clicking Use password shows new dialog for
password input. If password is correct length, it encrypts, if not, it gives length error in toast message but
does not encrypt or disable message text fields (ie. error checking should be good to go, before it would
give length error but disable all fields.).
12Aug-MessageView.java was split into the three methods. Decryption without stored key mirrors encryption
without key.
-Removed extra blank menu item in message_compose_options.xml. Renamed encrypt action string from
"Encrypt" to "Encrypt / Decrypt".
-Password now stored in char[] array. Password is overwritten/cleared as soon as encrypt/decrypt actions
are complete.
-Updated welcome message
-**In account settings, encryption key option needs to be removed.
13Aug
-Fixed bug where received message would say "no key found for (your own email, not the sender)".
-Rebuilt apk with this fix and a new icon.
-Working on progress bar for encryption/decryption.
-Worked a little bit on XML for adding Key Management preference menu. Possibly add "Always encrypt"
setting (per account, so user can have an account that always encrypts, and one that doesnt).
-Set decryption to throw exception if BEGIN CIPHERTEXT: and :END CIPHERTEXT are not found
(unsupported message format)
14Aug-Progress bar finished for encryption and decryption. Had errors/temporarily gave up using one for "undo
encryption". Probably unnecessary anyway. ie. MessageCompose.java still has decrypt(), and undoing
encryption calls it rather than using the decryption thread.execute()
-Updated .apk with progress dialogs.
-Refactored package to com.fsck.k9000. Allows side-by-side installation with K9, also needs to be a
different package name on the Android market.
15Aug-Split into methods getPin() for existing key and getPassword() for no key.
-Changed key found/key not found icons
-Set static array with email "test@test.com" to test simulated key found (to make sure getPin() worked in
MessageView and MessageCompose)
-You can test this by sending the message to test@test.com, but adding your own email address as CC or
BCC.
-This will be more usable when key management is implemented, but we needed the getPin() to work for
our keys that will be stored encrypted.
-For now this pin must be four characters. Since there is no actual key file, the pin is repeated 4 times (16
characters) and used as a temporary password.
-Updated .apk
-Can probably delete EncryptionSettings.java in activity.setup
18Aug-Added "Encryption Settings" to message view preference menu
-Configured encryption preferences window. No actions linked yet but all options are in place and
working.
-updated .apk
-Need to add option to menu "Remember PIN" - user can uncheck and require short pin every
encrypt/decrypt, every decrypt, or to have the phone remember it.
19Aug-Added a couple more options to encryption settings screen, set default values for list options
-Fixed bug where account settings button also linked to encryption settings
-Fixed bug where "back" button from encryption settings page caused force close.
-Couldn't get a custom java file to open encryption settings without crashing. Added it to Prefs.java so that
depending on what button was clicked this class calls our settings too. Ready to add in options/start testing
file output/input for keys.
-Updated .apk with working settings screen/fixed global settings and account settings. Settings screens
good to go, just need to implement a few lines of code to remember settings and start testing file handling
for keys.
24Aug-Removed 128/256 bit encryption option
-Coded getters/setters for encryption settings (encrypt all and encrypt subject are "Per account", others
are "global" for all accounts).
-Created "secure9mail" project on Google Code
-Since encryption settings page is done and preferences are stored in code, time to start working on
file saving, viewing, and opening/reading. Figure that out then start working Diffie-Hellman in.
-Updated app name to Secure9 Mail. Updated "About" page strings and google code link
-Updated .apk
25Aug-Changed "ask for pin when..." list preference and "default to key" check box preference to be account
specific.
-Now all encryption settings page options are account specific, including key management.
-Updated the rest of the strings from K9000 to Secure9 Mail
-Found bug where account specific encryption settings are not being remembered on reboot. Not sure why
this is...
-Added "Encrypted with Secure9 Mail" to ciphertext in messages
-Encrypt subject preference now works for messageCompose, but decrypting a message with an
unencrypted subject crashes.
-if encryptAll is selected, onSend calls onEncrypt but doesn't fully finish before sending. (Sends
unencrypted)
-Updated .apk
26Aug-Fixed "test for encrypted subject" in messageView. Preference "encrypt subject" now finished and works
either way on received message (If subject is not encrypted it remains unchanged, if it's encrypted it
deciphers and displays plaintext)
-encrypt all preference is working. If the setting is checked, clicking send automatically calls encryption,
the automatically sends once the message is encrypted.
-Fixed random strings here and there (error messages, etc).
-updated .apk
31Aug-Fixed to/from "get address" for searching stored keys. Previously it would show a 'friendly' view with
name, etc. Now it only returns the email address a composed message is TO, or a received message is
FROM. Added two methods in Address.java marked by comments.
-Fixed encryption settings activity crash. Code was combined with prefs.java temporarily. Now working
through EncryptionSettings.java like it should be.
-Starting to work with file management to implement keys.
-Updated .apk
2Sep -Started writing getKey() & setKey() methods. Right now they don't do much other than set a file with
both email addresses and a static key. Once
they are implemented and working with the file
system properly, diffie-hellman can be added in.
-Fixed typo in "Key not found" dialog.
4Sep-Encrypting and decrypting with key files. Key management in preferences screen does not work yet, but
given the option of password or key on a new email address, clicking "Setup new key" creates a key file
and encrypts with it. If key already exists, messages are automatically encrypted with the key. On received
messages, it checks for a key. If one exists, it decrypts with it. If not, it prompts for password or key setup.
Currently the "key" is just hardcoded "passwordpassword" character array. However, once the file
management portion of this is done, we can
implement diffie hellman.
-User preference "ask for pin when..." not yet implemented with actual key use. Nor is the pin to securely
store the keys.
-Preference "Remove/Revoke key" deletes entire key store temporarily (for testing).
-Linked "Remove account" action to method deleting key store only for that account.
-Linked "Setup Key" option to new page where it gets local account, remote email address. Clicking create
genereates the dummy key. When diffie-hellman is implemented this will generate a DH message to send
to the other party.
-For now, key files are being stored to /sdcard/(accountname)/(remoteEmail).txt. This will be changed to
internal (secure) storage.
-Setting up key to remote user generates/sends automatic email (does this in the background). This email
instructs user to click decrypt to set up key, which generates the key in the background and notifies user
that this was done.
-Updated .apk as version 0.6.8
6Sep-Keys are now being stored in protected internal storage as .key files.
-Using arrayList to store key names. When one is created, the filename is added to the arraylist. When it's
deleted it is removed. This makes it easier to view/delete keys. You just list the items in the arraylist. If
you want to delete one, you just operate on the name of the key. Easier than scanning internal storage for
.key files
-Big problem: this storage location is overwritten when the app is upgraded. Researching how to fix this.
-Key storage is a little messy. Running new key method from another class causes null context issues (even
passing it). Had to copy newkey() code to two different places as a temporary solution to this problem.
-Can't seem to create subfolders in protected internal storage. Because of this, keys are being stored as
(localAccount)(remoteEmail).key files. Would like to have
/data/data/com.fsck.k9000/files/(localaccount)/remoteEmail.key.
-Clicking "View Keys" in Encryption Settings opens list with keys linked to the calling account.
These names are being returned from the keyList arraylist. If we need to manage/remove one, just use the
name stored in the list.
-Fixed key setup automated email - If you are generating a new key it will send the automated message to
the other party. If you're generating a key based off a received automated email, it will not send the email
again.
-Updated .apk to version 0.7.2
7Sep-Fixed settings not being remembered on reboot.
-Created key properties page when you click on a key under "Manage Keys"
-Implementing (localemail).keyList file that holds .key file names. - Have to store file names so they can be
repopulated to a list on reboot. There doesn't seem to be a way to list files on the protected internal storage.
Still a very rough implementation at this point.
-updated .apk to version 0.7.4
8Sep-Key files now being recognized after reboot.
-In Manage Keys>Key Properties, delete action now works.
-Stopped keyboard popup in new key and key properties windows (edittext objects are disabled, text is for
display only)
-"Default to key" preference now gives user choice to encrypt with key or password (if unchecked).
*Decrypt unfinished
**Bug: Decrypting with password brings up EncryptionNewKey - can't figure out why... very
weird/shouldn't be happening.
-**fileList needs refresh from filesystem every time keys are checked (opening key management, making
new key(checked for duplicate), encrypting/decrypting)
9Sep
-Bug fix for same remote email address keys (different local accounts). Key management should now be
done.
-file list updates now to always have updated info when needed
-decrypting bug from yesterday is fixed.
-Default to Key preference now works with MessageView. Only remaining preference is "ask for Pin
when..."
-Need to implement last preference and key revoke button... Then ready for Diffie-Hellman.
-Updated apk to version 0.7.6
10Sep
-Removing accont now removes all keys linked to that account
-Changed some GUI strings around to be more userfriendly/match K9 3.03
-Replaced K9Mail string references with Secure9 Mail
-Key revocation now implemented (onDecrypt/onEncrypt methods need to be split into a couple more to
clean up). Also, there is no verification of a legit revocation email - it just recognizes the hard coded
subject line.
-all that's left is the "Ask for pin when" preference (thinking about leaving this out of the initial beta release
and just adding it later) and updating to Secure9 Mail URLs in the non-english strings.xml files. (Then
adding diffie-hellman, obviously).
-Will start adding DH next week.
-Updated .apk to 0.7.7
13Sep-PINs partially implemented.
-Pin option "Ask for pin when... Encrypting & decrypting" fully working in MessageCompose.java
-Not yet implemented in MessageView.java (will be easier than compose was)
-Pin management screen added. pin creation/deletion working
-Need to disallow overwrite of current pin.
-Need to verify pin before changing (already verifies before allowing deletion)
-Also need to verify pin before allowing user to change "Ask for PIN when..." preference.
(without it, unauthorized users could just change the preference and completely
bypass PIN protection).
-Updated .apk to 0.7.8, but will stay at 0.7.8 until PINs are fully implemented over the next couple days.
14Sep
-PINs now implemented in MessageView. PINs are now 100% working and linked with preference item.
-Pin settings page now locks out overwriting current pin. Must first delete (requires pin confirmation) then
create a new one.
-Added text object showing current pin status (enabled/linked, disabled for account)
-Still need to protect "Ask for PIN When" preference (require pin confirmation to change settings)/disallow
requiring pin when no pin is configured.
-Updated .apk to 0.7.8.4
15Sep
-PIN implementation complete (for now, anyway).
-changing "ask for pin when" requires pin confirmation if a pin is set up.
-Various bug fixes and usability/string/interface tweaks..
-Updated App name/URL info in other language packs
-Haven't done a TON of testing, but enough to say I believe this version is good to go for Diffie-Hellman.
All other goals complete.
-Updated .apk to 0.7.9 and uploaded to google code. Will start implementing Diffie hellman now.
17Sep
-Fixed bug allowing someone to change Ask For Pin preference without knowing the PIN by canceling
then reloading encryption settings
-Added confirmation dialog for deleting/revoking key. If a PIN is set up, confirm dialog asks for/verifies
pin. If no PIN setup, confirm dialog is just yes/no. Likewise, upon receiving a key revocation alert, if No
pin, simple confirmation.
If a pin is set up, user will confirm their pin before key is deleted
locally.
-Fixed crash/optimized pin verification
-Change "pin icon" for alert dialogs
-Updated .apk to 0.8.0
18Sep
-Fixed Manage Identities bug (not loading menu correctly)
-Added menu button in "Manage Keys" allowing "Create Key" to be called directly from there.
-Copied in 2 other DH source files. Beginning to test DH key generation.
-DiffieHellman.java looks like it will work for Secure9. In the "New Key" screen, there is a "Test DH
Creation" button. This creates two instances of diffie-hellman and generates/displays the shared key based
off each other’s public keys, mod, and generator. All of this is in toast messages right now just to make
sure it works. Will start coding real key storage now.
Also need code to recognize "Key setup" in
MessageView.java Key initiator will finalize key setup after receiving
key response from remote
party with their public key. This shared key will need to be appended to the originator key file, as it will
already have the originator's public/private key stored. The receiver will generate/store key in one session.
Their private/public/sharedcan be computed and stored with the one email.
-Minor code cleanup/split onDecrypt/onEncrypt methods up.
-Updated .apk to 0.8.1 with above fixes and beginning Diffie-Hellman implementation
19Sep
-Create Key is now generating/sending diffie-hellman values. calling onDecrypt (key setup) from received
email generates/stores the key. Still need to code parsing this key file for the shared secret (to actually
encrypt/decrypt with), then code return email containing remote user's public key so that the initiator can
set up their version of the shared secret.
-Successfully encrypted and decrpyted message with diffie hellman generated, stored keys. However, DH
generates a key off a 50(ish) character modulus, which in turn generates a key that is between 128 and 131
bits. Our cipher requires 128 bits, so this isn't working half the time. To get around this, I'm cutting the
first 16 characters of the shared secret key (K), and running that through our cipher as the "password".
----Diffie-Hellman 100% implemented and working.
-Implemented 128/256 bit preference. 256 bit isn't that slow on my phone but we'll want to test it a little
more.
-To do: when key initiator sends a key request, the information (modulus, generator, his/her public and
private) are stored in a ".initialKey" file. When the key setup is completed and returned(with the other
persons public key), the values are read out of the initialKey file which is then deleted. All key info is then
stored in a .key file. I'd like a way to alert the user that the key info is there but not complete if they
try to encrypt/decrypt with the initialKey.
-To do: bug testing
-Updated .apk to 0.8.2WorkingDiffie
20Sep-Expanded key management to display and allow deletion of inital keys (If remote party never responds,
etc)
-MessageView.java now detects whether a message was encrypted with 256 or 128bit AES and uses the
correct key length automatically. Use 256-bit AES preference now controls encryption strength only.
Decryption of a received message automatically uses the correct key size.
-Fixed deletion on account remove. All key and inital keys, as well as the account pin, are deleted.
-Updated .apk to 0.8.3. Other than testing and fixing any bugs, I think this is just about done...
22Sep-Set default preferences
-Refactored package from com.fsck.k9000 to com.ebrg.secure9
-Added new screen on first launch (or when there are no accounts added) describing how to use the
encryption portion of the app.
-Added warning when encrypting a message with attachments (or attaching to an encrypted message) that
attachments will not be encrypted.
-Optimized finishing activities Manage Key and Manage PIN
-Cleaned project, published to android market.
-Discovered “multiple setup” bug for diffie-hellman keys. User can set up a key based off received info,
And it will keep overwriting the saved key. Need to test for presence of key and lock user of
Doing this. Maybe delete automated setup email?
23Sep-Fixed attachment encryption warnings to also warn if a user attaches something to an email where Autosend is enabled on that account.
-Fixed key setup so it won’t let you “recreate” over an existing key
-Updated .apk to 0.8.51. Uploaded to Google Code and Android Market
25Sep-Fixed intro screen spacing bugs
-Fixed pin bug
-Fixed undo encryption crash
-Added key icon instead of star in message list (for key setup emails only)
Added “padlock” icon instead of star in message list (for encrypted emails)
-Cleaned up code and merged methods
-Updated .apk on Market to 0.8.52
13Oct-Fixed crash when trying to encrypt message without recipients (android user error report)
-Moved encrypt button to main “compose options menu” rather than having to click “More>encrypt”.
-Button title and icon now automatically change from “Encrypt” to “Decrypt and back when
action is performed.
-Decrypt button/icon now changes dynamically for key setup/revocation emails
-Updated to 0.8.53. Currently testing before pushing update to Android Market.
14Oct-Decrypt and encrypt button are now hidden unless the email being viewed is a key setup/revoke email, or
if it’s encrypted (in message compose it’s there unless Auto-Encrypt is enabled, in which case the send
button is titled “Send encrypted” and the icon has a lock on it).
-When entering New Key screen from message compose, recipient address is automatically copied into
new key recipient address edit text.
-Fixed “key not found” bug.
-Fixed bug where scrolling through message list causes flag icons (key or padlock) to reset to standard star
flag icon. Also optimized performance in scrolling message list (fewer instructions used to set proper
icon).
-Testing for release as 0.8.53
15Oct-Fixed message list screen title from (example) Gmail :Inbox to Gmail: Inbox
-Fixed “Message count -1 for folder INBOX” error
-Stopped logging of POP connectivity errors related to low/no cell or wifi signal.
-Uploaded to Android Market as 0.8.54
21Oct-Increased size of encrypted/key flag icons for message list
-Started implementing SHA256 hashing for pins. Basic hashing working for pin input only.
Will be adding local email and random salt to each pin.
-Once hashing is working properly, we’ll need a method to convert old pins to the new format and
Store them (deleting the old pins).
23Oct-Implemented static and random salt methods (adding and retrieving from stored hash string)
-Hash implementation now complete. Now need to work on storing these in .pin2 files, then add
Automatic conversion for old .pin files to new hashed .pin2 files.
24Oct-Hash files now being saved and used as .pin2 extensions. Need to work out conversion from old .pin to
new.pin2.
2Nov-Modified all “find pin” and “verifyPin” methods to recognize and work with hashed .pin2 files.
-Added automatic “pin to hashed-pin” conversion. Looks for old pin file when messageList is loaded.
If one is found, it is hashed and re-saved as .pin2, then the old .pin is deleted.
-SHA256 implementation should be complete. Will need more testing before releasing an update though.
3Nov-
-Finshed hash functions – Hashing works in the following way:
Password hashed as follows:
Local account email + pin + 32 char secure random salt
i.e. my.email@somewhere.comP@ssw0rda54d1c2f336....etc............
The random salt is inserted “X” chars into the full combined hashed.
ie. If the pin is 4 chars, the random salt is inserted at
combinedHash.substring(4). Retrieval pulls the 32 char salt out
starting at “input.length”. If input pin is the wrong length, the wrong salt
will be retrieved.

Fixed bugs verifying pin length and match (all related to new hash implementation)

Need to simplify pin verification. Need method in Hash.java that receives: mAccount.getEmail(),
input pin. This method will be accessed by all classes requiring pin verification, and will open the correct
pin file based off the account email. Return true or false for match.
11Nov-Fixed messageList crash when searching for old pin files (null mAccount when viewing integrated inbox)
-Moved all key and pin list refreshing and “boolean pin/keyExists methods” to Keys.java and Hash.java.
Extra method calls, but saves code lines and less chance for error and different behavior in different parts
of the app.
-Cleaned edges of icons so they look better with the black theme.
-Ciphertext is now base64 encoded. Encoding of old byte-encoded messages still works. Need to find
better way to recognize byte/base64 encoded subject lines before this is 100% done.
12Nov-Pin verification now only handles pins as char arrays (never using strings for security reasons). Need to do
the same for keys.
-Subject lines are now using base64 encoding. Detection and decryption is backwards compatible with
previous versions.
-Remote email address EditText in “New Encryption Key” window now links up with the contact list. Start
typing an email and it will automatically finish it for you if the contact exists.
13Nov-Undo encrypt in messageCompose now works with base64 strings.
-”Ask for pin when” setting now forces to “Never (No pin)” if account pin does not exist. (Before, the
setting would change and ask for a pin depending on the setting, even though there was no pin to verify against).
-Code optimizations, minor performance optimizations in messageList flag icon type determination
14Nov-Implementing safer key handling. Keys will only exist and be processed as char[], never as string. (filled
with '0' character as soon as key use is complete).
-Fixed base64 “no subject/pad block error” bug
-In messageCompose, key file is read as char[], key is copied to char[] key. All arrays are wiped with '0'
chars except for password, which is passed to the encryption thread. Password array is converted to bytes for
encryptor constructor. Password[] is then wiped with '0'. At the end of the encryption, the password byte array
(key[]) is wiped with '0' bytes.
-Tested with messageView using old string keys to verify encryption/decryption work the same. Need to
implement char[] keying in messageView (should just be copy paste for the most part), then modify
EncryptionManageKey to do the same with its file handling.
15Nov-Safe key handling implemented for MessageView.java. Also reduced string usage in actual key generation
methods. There's still two times when the key is used as a string (setupReceivedKey() and finishSentKeySetup()).
Need to use byte array constructors for BigInteger class rather than string constructor. These cases of string usage
are less risky than the messageView/messageCompose ones (already fixed) because they only happen once during
the lifetime of the key, rather than at each encryption/decryption.
-Testing for release as 0.8.55
16Nov-Fixed pin verification bug (very minor bug)
17Nov-Fixed “Ask for pin when” setting so that it defaults to, and can only be on “Never” when there is no pin.
Summary text is set to “Never (No pin)” so user doesn't wonder why it's not working. This way it won't interfere
and ask for a pin when there isn't one.
-Removed old unhashed pin generation in EncryptionNewPin. I had left this in for testing pin-to-hash
conversion, but everything seems to work fine with that.
-Removed commented “testing” code and other fluff that isn't needed for the release version. Still testing
but getting close to release.
-Published to Android market as version 0.8.6
29Nov-Fixed Diffie-Hellman bug, bringing default modulus in line with specification. Uploaded to market as
0.8.61. Recommending that all keys be regenerated for security reasons.
19Dec-Moving Secure9 UI, filetype, and logging strings into strings.xml
-Fixed editText focus bug in Manage Key sceren
Download