This afternoon, we (meaning, as usual, OffByZero) released version 3.3 of OBZVault. The reason for the release was to roll out two features requested by a customer:

1. The editor font is configurable, and your chosen font is remembered the next time you open OBZVault.
2. OBZVault can now open plain text files. This allows you to open an existing plain text file and save it as an encrypted file.

From a software development perspective the release was painless with one minor exception, which we ran into because we now use the Java Serialization API to write out header information ahead of the 3DES-encrypted block when we save a file.

We discovered that if you use the Java Serialization API, you must configure ProGuard to leave the serialized classes alone. If you forget, then your serialized data will use ProGuard-obfuscated class names and UIDs. This will typically manifest itself by your deserialization code throwing a ClassNotFoundException when using a non-obfuscated build to read a file saved by an obfuscated build, or vice versa.

[If you have any requests for more information - say for example instructions for your favourite operating system or email client - please either post a comment, or email me.]

The Need for Digital Signing

Nowadays, the content you post on the Internet is a determinant of your reputation.

Most people are sufficiently net-savvy to realise that what they post under their own names online is easily searchable - a quick Google search for either me or Armin will show (amongst a bunch of results for different Duncans and Armins) what we've written about technology, politics, philosophy and religion back to the mid 90s - back when Usenet was a Big Thing and Windows 95 had just been released.

Given how important digital content is, it becomes important that people are able to know that something purporting to be written by you was really written by you, and that it if it was, that it hasn't been tampered by anyone since you wrote it.

This post is a classic example; someone is purporting to have forwarded an email from a public figure (Leonard Peikoff), but those receiving it can't be sure that it's genuine and unaltered. All they can do is ask him, and trust that he's telling the truth.

The solution to this problem is to digitally sign your posts and emails.