Monday, December 21, 2009

Skeinforce GUI mock ups



Well, it's been a painstakingly slow week, busy at work + hot temperatures here downunder.

Nevertheless there has been some progress. Qt and qmake -as expected- had to have tweaks here and there, but I like simplicity of the Qt architecture, it was snap to learn (well done Nokia.) Qt IDE is definitely easier to use than Xcode on Mac.

Any way I came up with this:

Basically a point-click-paste system to transport passwords using clipboard.

Next, I need to re-factor  the area of archiving encrypted database, so that no ASCII trace is left for attackers (XML leave traces encouraging brute force attacks using known positions in the stream..) Rather than using XML I'll use Qt's x-platform binary stream QDataStream.

Wednesday, December 2, 2009

Command Repository

I will list handy OS X Commands here.

Archiving
This will create a MAC OS X archive of my source tree:

find ./Simpass -name \*.h -o -name \*.c -o -name \*.cpp -o -name \*.xcodeproj|xargs tar cvfz ./deploy/Simpass.tar.gz


Lets put this into a shell script named tarsimpass.sh:

#!/bin/bash
echo Zipping Simpass
find ./Simpass -name \*.h -o -name \*.c -o -name \*.cpp -o -name \*.xcodeproj|xargs tar cvfz ./deploy/Simpass.tar.gz

From bash terminal give the script owner (me) read+execute permission:

chmod u+rx tarsimpass.sh

Finally execute to zip the project:

./tarsimpass.sh

Thursday, November 26, 2009

Skeinforce Newsletter - November 09

All going well. Finished a command line application called simcode, which will allow encrypting and decrypting files using Skein. Simcode was built fine and unit tested OK on Mac including tinyxml, skein, and simpass libraries. Libraries were ported to Windows OK, simcode gave compile errors on getopt(). I'll be pulling getopt() from open source net-snmp for Windows. Welcome to x-platform development!

Installed Visual Studio Express Studio 2008 C++ compiler on my Windows box. Seamless stuff. Build wizards worked fantastically well. Within 10 minutes I managed to port three libraries from Mac to Windows with no drama.

My plan is:

PHASE 1
  • Complete porting simcode into Windows and test x-platform binary compatibility of skein-encrypted files. Investigate and fix wide character incompatibility issues between Mac and Windows.
  • Build up a Google app engine site to deploy simcode and simpass library source code and binaries.

PHASE 2
  • Learn Qt as quickly as possible on Mac.
  • Design and implement Skeinforce GUI on Mac using simpass library I developed earlier.
  • Port Skeinforce to Windows.
  • Deploy Skeinforce GUI binaries and source code for Windows and Mac on Google app engine site.

PHASE 3
  • Release Skeinforce to sourceforge.net

Friday, November 20, 2009

Label Design Pattern

Intent
Provide a system where entities can be assigned labels.

Motivation
Label is a keyword or a reminder that designates the category of an entity. For example the label 'banking' can be used to store entities related to banking, such as account numbers, ATM passwords etc. An entity may have no label or one or multiple labels attached to it. In this system labels can be accessed from entities and entities can be accessed from labels.

Label pattern is a simple user-configured filtering system to allow quick access to a long and tedious entity list. Google applications such as Gmail use Label pattern.

Applicability
Use Label pattern when
  • You have long list of entities that can be categorised in different ways.
  • Entity names are tedious and hard to match exactly therefore an associated label can be used to filter related entities.
  • The user wants to see related entities together for easier management. Example 'ebank' label can be assigned to electronic banking related user names and passwords.


Structure

Participants
  • System
Maintains a list of labels and entities. The System is responsible for the integrity of both lists. Entities can be added, removed, attached or detached labels. When a label has no entity attached it will be removed from the system.
  • Entity
An Entity object represents a unit of data that the user wants to quickly locate and access its contents.
  • Label
A Label is a data structure that holds a label (a keyword). A label is a single case insensitive word.

Acknowledgements
The UML diagram was generated with ArgoUML, a free cross-platform UML generation tool.
ArgoUML Web site: http://argouml.tigris.org/

Wednesday, November 18, 2009

Inspired from GMail label pattern

I am going to follow Gmail label pattern. So:

<>: has a relation
(): composite type

system <> 1 ----------- 1-* entity
entity <> 1 ----------- 1 (name 1 -------------- 1 secret-value)
entity <> 1 ----------- 0-* label
label <> 1 ----------- 1-* entity

So from UI perspective labels will allow filtering. Example passwords in labels 'bank', 'joe', 'email'..etc.

No need to have complex tree structures, and tree navigation. Stick to Google paradigm. Be smart and follow the smart guys..

qmake woes

Sorted out my first Qt hurdle

The pdf book doesn't match Qt 4 installation on Mac. PDF was probably not updated since version 3.*.

Lesson learned: When you get an example program, even from a reputable source, if it doesn't work for you, then you might discover that later revisions in the tools make earlier examples non-functional.

code adjustment:

#define QT3_SUPPORT
#include <qapplication.h>
#include <qlabel.h>
int main(int argc, char* argv[])
{
   QApplication app(argc, argv);
   QLabel* label = new QLabel("Hello Qt!", 0);
   app.setMainWidget(label);
   label->show();
   return app.exec();
}


Note: If you have the line QT += qt3support in your .pro file, qmake will automatically define the QT3_SUPPORT symbol, turning on compatibility function support.

and note command line adjustment for MAC:

ergun$ qmake -project
ergun$ qmake -spec macx-g++
ergun$ make

Try examples under
/usr/share/qt4 or /usr/local/Trolltech/Qt-4.2.2

Project Skeinforce

I am kicking off an ambitious fun project code named 'Skeinforce', named after Skein hash function library by renowned security guru Bruce Schneier.

Well here is my plan:

Phase One
  1. Skeinforce shall be a free GUI tool, secure, light weight and simple to use.
  2. Skeinforce shall be developed using Qt cross-platform C++ development platform initially under Mac Snow Leopard operating system.
  3. Skeinforce shall use C++ encryption utility library that I developed earlier called 'simpass'. Simpass is based on Skein hash functions.

Phase Two
  1. Deploy Skeinforce and Simpass source code to open source community (sourceforge.net), so that Skeinforce can be ported to Windows, Linux and Unix. This is also required as Qt comes with LGPL license. Or... 
  2. Manage my own open source web site for Skeinforce through Google AppEngine.
References: