Encryption Wizard
Release History

• New GUI support for applying and verifying digital signatures, with the same approach as in the command-line implementation. New "Sign" and "Verify" actions are in the same places as the familiar "Encrypt" and company.
• New GUI options control prompting for signature-related actions while performing the other primary actions like encrypting.
• Changed the smartcard scanning process at startup ought to complete much quicker (and without as much meaningless noise in the running log).
• Changed the panel for key selection will no longer show keys that are not specifically flagged as intended for the current operation. (This is configurable to a limited extent in Advanced Options for the sake of older key configurations.)
• Fixed long pauses while displaying a file chooser for a Microsoft OneDrive folder for the first time in a session.
• Fixed drag-and-drop of files into file selection text fields should no longer misbehave when the text field happens to be close to other graphical widgets.
• Fixed window lockups during startup if any initial files have been given but permission problems require an error popup to be shown.
• Fixed launching in a virtualized desktop environment missing the necessary display capabilities should properly be detected as a headless (and thus command-line only) environment.
• Fixed very long pathnames in the main window's list of files should properly scroll horizontally again.
• Fixed opening windows via the "gear icon" should no longer allow their accept/close/etc buttons to appear properly "on the screen" yet still behind your desktop's taskbar.
• Changed the "fallback launch batch file" for misconfigured Windows systems will also be copied into the application data folder, alongside the other files.
• Changed if the default smartcard library list has changed and you have a saved list, you will be asked whether to keep using the saved list or switch to the newer default list. (Merging the lists will be supported in a future release.)

Known Issues:

• There are known issues with the ActivClient smartcard middleware when signing using a smartcard key. These issues were addressed in the 7.4 version series of ActivClient. Users wishing to apply digital signatures with a CAC are advised to upgrade to the latest version.
• The displayed information for digital signatures created by CACs and other smartcards is the "friendly name" by which the signature key is shown on the CAC's certificate list, rather than the Subject field inside the CAC key itself. (In practice, these are usually closely related but not always identical.)
• Signing/verifying while also performing another action (e.g., encrypting) does not mention the signing/verifying keys on the other action's summary panel after gathering information from the user.
• Signing/verifying while also performing another action (e.g., encrypting) does not mention a successful signing or verifying on the "Success" popup window at the end; only signature-related problems are described.

• New support for using --sign in the same command as -e/--encrypt or -a/--archive, and using --verify in the same command as -d/--decrypt or -x/--expand. You will need to pass additional keying options as appropriate, of course
  Be advised that for now, a single key may be provided for signing in the same operation as encrypting/archiving. Additional signatures may be applied to the new file by running --sign as its own primary action.
• New options to specify public certificate files versus private keystore files:
  • --key-public=FILE loads public certificates from FILE no matter what FILE's extension is, and only when public certs are needed. The --x509 option is now formally a synonym for this option.
  • --key-private=FILE loads private keystores from FILE no matter what FILE's extension is, and only when private keys are needed. The --p12 option is now formally a synonym for this option.
  • The -k/--key=FILE option will act as either of the above --key-* based on the file extension of FILE. Example:

        -e --sign file.dat -k EncCert.cer -k SignKey.pfx

    will be interpreted as

        -e --sign file.dat         \
          --key-public EncCert.cer \
          --key-private SignKey.pfx
        

    Most people will be able to continue using -k/--key as they have been. If you are using unconventional file extension names for your PKI, the -k option might no longer be sufficient.
• Changed the version string to use zero padding, to more closely match other AFLCMC MPS software packages.
• Fixed output in command-line mode should have fewer arbitrary lines from the running log, unless it's something really bad that you need to know about.
• New existing short option -o now also has an alternate long spelling of --overwrite (it's embarrassing how long that got overlooked).

• Encryption Wizard has moved from AFRL to AFLCMC! With its new management came a new major version number; no breaking incompatibilities have been made to encrypted files. The locations of the program office, the support contact information, and so forth have changed, please take note.
• New support for digitally signing encrypted files. At present this is limited to the command-line --sign and --verify options as primary actions.
• Changed the long form of the -k/--x509 option to -k/--key, as the option has accepted other file types for a considerable time (including private keys) but we just didn't update the interface. The --x509 and --p12 forms may also be used.
• Known Issues to be addressed in an upcoming release:
  • The signature-related options must currently be used on their own; they are intended to additionally work alongside the other command-line primary actions (for example, --encrypt and --sign).
  • User's Guide is not fully up-to-date.
  • The transition from AFRL to AFLCMC has left some of the code in limbo, most especially the status of the Government edition (EW-Govt).
• Fixed passphrase masking in the interactive command-line to be less clunky on more terminals.
• Changed the "restore attributes during expansion" option default setting: it will default to off on Windows (where NTFS can't really do that without effort on the part of the local sysadmin), but will still default to on everywhere else.

• Fixed the "Help -> Restart" functionality on Windows platforms.
• Fixed more robust error dialogs during early startup.
• Fixed GUI startup under certain Linux desktop environments.
• Changed more futureproofing under the hood for upcoming Java releases.

• New standalone mode for the random password generator, via using options -G/--genpass and -ugui/--usermode=gui together. After installing shortcuts on Windows systems, a new Password Generator entry will be present in Encryption Wizard's folder for the user's Start Menu.
• New controls for the random password generator settings. Settings specific to a use case can now be easily distributed by organizations with policies requiring such controls. See the new generator GUI for details, or --genpass-param=help output.
• New override for users needing control over which Java runtime is used: the environment variable AFRL_EW_JAVACMD can be set to the full path to the preferred Java launcher, for example,

      C:\SpecialInstalls\jdk-X.Y\bin\javaw.exe   or
      /usr/local/share/jdk-X.Y/bin/java

  This environment variable will be checked by EW itself at startup (if needed to switch from a minimally-functional Java installation to a proper one), and also by the Windows "fallback launch" .bat file (if filename associations on a user's PC are broken). If you have installed launcher shortcuts under Windows for a particular JVM, this environment variable will still override the specified JVM.
• Changed how passphrase entropy is calculated and displayed in the random password generator and the passphrase entry window.
• Changed the screens asking the user to choose a file/folder will accept drag-and-drop of a file/folder into the text field.
• Changed the shortcut installation confirmation on Windows to now allow user control over storing Java path location. Until now the full paths would always be stored, but if such paths are specific to the Java version, it's often better to not do that. The correct choice will depend on IT/IA policy and user preference.
• Changed startup on Linux platforms to avoid using the GTK Look&Feel with Java versions earlier than 17. Users of earlier Java who know they will not encounter the harfbuzz library issue can override the Swing defaults by passing "-Dswing.crossplatformlaf=X" where X follows the same rules as the argument for "swing.systemlaf".
• Fixed the password panel's show/hide toggle can normally not be "focused" by pressing Tab, but this can be enabled with "-Dafrlew.debug=passpanel.showcanfocus:true". Note that toggling via the spacebar will also require Tab presses to return to one of the text fields.
• Fixed loading and migrating a much older saved preferences file without ever having loaded it in an intermediate version.

• Changed the Windows startup sequence and fallback launch .bat file. Storing EW's JAR file in an offline OneDrive folder involving embedded spaces should no longer gives errors at startup.

• Fixed launching EW-Unified under recent Java releases (no functionality changes, only third-party libraries). Note: a bug in the Java installation itself, JDK-8248505, can still prevent EW-Unified from functioning. If your copy of the JRE may be affected by this issue, EW should detect and warn you at startup.
• Fixed some spurious warnings on non-Windows systems.

• New paths for smartcard libraries included in the default search list, including 64-bit OpenSC under Linux and additional ActivClient 7.1 locations under Windows. If you are using a saved custom library list, your settings will not be affected by this change.
• Fixed kerning and other kinds of letter spacing in text panels should use older rendering, to work around a font bug in a range of Java releases. Eyestrain begone!
• Fixed text fields for filenames should no longer allow leading whitespace to creep in at the start of the field.
• Fixed a regression in 3.5.6 saving a Keychain file under EW-Govt.
• Changed the "ask for output location" toggle into a set of options.

• New -C/--config for redirecting or disabling the location of the saved user preferences file; this is primarily meant for special cases.
• Fixed decrypting with CAC/PIV keys on some systems; clicking the "Access Card" button should once again Access the Card rather than halting the decryption entirely and leaving the user wondering.
• Fixed startup of EW-Govt under Java 12 and later.
• Changed how startup interacts with certain Ubuntu-derived JRE installations. Users should have an easier time launching the GUI on such systems.

• Fixed AES key length selection bug on certain Windows systems. (If this bug affected you, it would entirely prevent encrypting; no files have been mistakently encrypted with the wrong key size.)

• New splitting/concatenating support for files.
• New tab in Advanced Options affecting compatibility with older versions. The tab contents will grow as needed.
• New entry in the "Help" menu to launch the User's Guide in the system PDF reader, if the Guide is present.
• Fixed interaction between "delete originals" and a previous failed decryption attempt.
• Fixed adding a file to the GUI, then later adding the same file and a new file at the same time, no longer causes errors.
• Fixed [Windows only] launching from the Start menu will no longer point certain file choosers (from "Browse" buttons) at the Windows system folder.
• Changed hashing output with -H/--hash can be written to an "OUTFILE" via -t/--output, for those environments prohibiting standard output redirection.
• Changed how special Unicode sequences are implemented on platforms where font support is uncertain. Anyone seeing empty boxes or question marks should report it as a bug!
• Changed how public keys are loaded from X.509 certificates to properly detect unsupported key algorithms. Additional algorithms for key types will be added in future releases.

• Fixed launching wth -s/--smart, so double-clicking an encrypted .wzd file in Windows will properly attempt to decrypt it rather than offering to encrypt it a second time.
• Fixed the creation of FIPS-compliant X.509 certificates in the "Tools -> Generate Public/Private Keys" utility when running a FIPS 140-2 certified edition of Encryption Wizard.
• Fixed decrypting files on a CD/DVD will once again properly ask for an output location unconditionally, instead of attempting to write the files back to a read-only optical drive.
• Changed the Legion of the Bouncy Castle has fixed the bug in their FIPS implementation that incorrectly required high-strength keys to be available at launch even when only 128-bit keys were being used. Starting with this release, EW-Unified no longer requires unlimited strength jurisdiction policy files merely to launch.
• Changed hashing on large files should be faster.
• Changed how EW starts up, shuts down, and is logged in between. Users with unusual runtime environments may need to be aware of this, but the change will be transparent to the majority.

• Support for running under Java SE 9. Java SE 8 remains the minimum JRE version.
• New digital signatures (finally!) on the executable JAR file. The certificate used for Public and Unified editions has a root CA commonly included in most Java installations; the certificate for the Govt editions varies.
• Fixed launching the JAR file via a UNC "\\servername\path\to\the\EW.jar" path should be more robust now.
• New "OUTFILE" syntax hook for filename arguments to certain options. This is intended to help in particular corner cases; see -vh help output for details.
• New option --list-inputs to assist when doing tricky expansion and/or matching.
• New startup hooks and automatic logfiles to aid users and IA staff when running in restrictive environments.
• Changed the treatment of files given at startup which turn out to be unreadable (e.g., permission problems). Previously this would halt processing; now a diagnostic will be issued listing the files, but whatever-you-told-it-to-do will keep going. Users invoking EW as part of a scripted operation should ensure that files are reachable prior to lauching.

• New 32-bit path for the ActivClient 6.2 smartcard DLL included in the default search list. If you are using a saved custom library list, your settings will not be affected by this change.
• Fixed saving Keychains via their sibling window.
• Fixed passphrase output when using -a/--archive with -g/--randper.
• Changed requesting semi-random logfile names during special startup conditions should be more flexible.
• Changed handling of archive entries with unsafe embedded pathnames. This will continue to improve, but the present treatment will allow for recovering more inadvertently-dangerous files.

• Move to Java 8 as the minimum JRE version.
• Introducing the Unified edition, which will become a standard edition going forward, and represents the best of the previous two options:
  • Like the Public edition, Unified editions require no special approvals to download and use, and may be redistributed without restriction.
  • Like the Government edition, Unified editions are FIPS 140-2 validated. The Unified editions include a FIPS cryptography module provided by The Legion of the Bouncy Castle. Note: a known bug in the module prevents it from properly working under all conditions if you are not using unlimited strength jurisdiction policy files. The bug is fixed in their next release; until then, EW-Unified will disable FIPS 140-2 mode if started up with the default policy files.
  • Custom editions thus have a choice of FIPS 140-2 cryptography providers.
• Adds support for the SHA-3 family of hash algorithms.
• Secure deletion can now be performed directly on files in the main GUI window. Previously, secure deletion was only done as part of a larger operation, or as an isolated action from the command line or shift-right-click on Windows.
• Adds support for pasting files and text from the system clipboard. Pasted text will act as a self-contained file in the main GUI window.

• Fixed certain FIPS 140-2 libraries being loaded under adjusted SecurityManagers in Java 8u131.
• Fixed shortcuts created by running the "Install" step on MS-Windows should be more flexible with subsequent runs of Oracle Java Updater.

• Fixed passphrase compatibility when decrypting with 3.3.0 and 3.3.1. While the breakage was unintentional, this fix will be made user-toggleable in 3.5, as (strictly speaking) the 3.3.0 behavior was buggy and can someday become a security risk.
• Fixed opening Keychains with a particular flavor of smartcard key.

• New logo! As the Software Protection Initiative program comes to a close, its strongest products -- some in the form of software, some in the form of concepts and practices -- are moving to a new home. As before, Encryption Wizard will continue to be included inside our most well-known software: the bootable LPS, now called Trusted End Node Security, or TENS.
• Changed some internal support libraries. Users on 64-bit operating systems should see a speedup in long-running operations.
• This should be the final normal release of the 3.4 series. The next EW major release will be 3.5.0, but we will of course create future 3.4.x releases if any bugs or weaknesses in 3.4.11 or the Java platform are found to threaten users' security.

• Fixed corrupting or deleting Keychains while saving them with default passphrases under Java 7u21 or later.
• Changed the GUI startup scan for Keychain files to a new search order:
  1. Any -y/--keychain files.
  2. Any Keychains in the current working directory.
  3. Any Keychains in the same location as the JAR file.
  4. Any Keychains in the application data location. This can be easily accessed via "Tools -> Platform Support -> Open Application Data Location".
  Note that (2) is rarely useful for most Windows users. Note that (3) is not useful when running the Encryption Wizard JAR while "browsing" inside its own zip file (which is not recommended).

• Fixed directories/folders are properly tracked and displayed in addition to their files.

  The correction of directory/folder tracking can potentially cause an odd situation. Specifically, if this version of Encryption Wizard is used to create an archive that contains directories which are empty, then expanding that archive with older (pre-bugfix) versions may create zero-length files instead of recreating the empty directory.

  The safest way to avoid this situation is by updating the "receiving/extracting" copy of EW to 3.4.9 or later. If doing so is infeasible, then putting a placeholder file into an otherwise empty directory is also an option. (We recommend automating that to reduce the chance of making mistakes.)

• New performance enhancements. The exact changes visible to end users will depend strongly on platform characteristics and the kind of workload presented.
• New methods of launching file managers on Linux. This support is somewhat experimental. If the defaults for your platform do not work, contact the ATSPI office. The currently active method may be tested via "Tools -> Platform Support -> Open Application Data Location" or by clicking the Location link on any File Info dialog.
• Changed More stringent safety/permission checks while adding files to the main window.
• Changed Improved decryption of certain unusual file types.
• Changed Be more aggressive when trying to recover from system provider errors, as we can in some cases avoid third-party bugs.
• Fixed More robustness when running in nonstandard environments.
• Fixed The output of -H/--hash with fewer than two -v/--verbose flags no longer strips partial paths down to only the filename.
• Changed Smarter security when handling and encrypting passwords.
• Changed Improved diagnostics reporting in GUI mode.
• Changed Improvements to command-line archive name handling and option parsing, including new options --pass-file and -M/--match added along with @file "command file" support; see the User Manual or the output of "-v -h" for a description.
• Fixed Unusual filenames archived on certain platforms and then expanded on more restrictive platforms should no longer cause errors; instead the filenames will be manipulated into a safer local form (and the user alerted).

• Fixed secure deletion triggered automatically after crypto operations when the OS has not yet finished closing the file. (One workaround is to disable the secure deletion option; another is to not delete input files during crypto operations, and then manually use secure deletion on the file afterwards.)
• Changed the command-line mode interaction when an option prompt is cancelled. Now a final line will be displayed reflecting the user's decision.
• Changed the password generator to reduce the potential for back-to-back repeated characters.
• New log control unique-name capabilities.

• Fixed locking/buffering on temporary files on certain platform/JRE combinations. Ciphering operations under those conditions should no longer be abysmally slow.
• Changed installation steps on Microsoft Windows platforms with restrictive security policies. Files copied into the user's own application data folder should no longer become unreadable.

• New page in the builtin help, summarizing best practices from the User Manual.
• New --run-platform option adapts most of the Platform Support submenu to the command line. The exact syntax is described in the usual -vh listing.
• New MIME wrapping and unwrapping of arbitrary files via the File and popup menus. This produces RFC 2045 output with some surrounding optional text.
• Changed expansion/parsing of file paths passed during startup. This should result in fewer surprises when launching the GUI with initial filenames.
• Changed the primary cryptography actions to do as many file-related safety and sanity checks as possible before any actual crypto steps. Permission problems, questions about overwriting files, and the like should now all be done before any potentially time-consuming tasks. Also, if the user chooses to overwrite only some existing files and skip others, confirmation will be sought before starting.
• As part of the above work, changed when and how output files are created. If you are processing many files at a time, you might experience problems related to running out of file descriptors. (In practice this depends on operating system and administrative policies.) Should this occur, contact ATSPI.
• Changed how files in a folder tree are individually encrypted. Previously the tree would be "flattened" to save all .wzd files into the same folder. Now the folder tree is duplicated in the output, which should cause fewer surprises.
• Fixed temporary files being left behind, a bug in the JRE on Windows. If EW cannot work around the bug when it occurs, EW will do so when exiting. A warning to the user will be displayed, as a reminder to close the program.
• Fixed cancelling decryptions on very large files.

• Changed the "restart with full logging" capability to pull in additional, previously unavailable, debugging text.
• Changed the reading of smart cards to provide a modest speedup when reading large numbers of certificates/identities from a card.
• Changed default password length in the generator to 12.
• Fixed a bug with the command-line parser when calculating file hashes.
• Fixed a bug where certain environments could prevent proper loading and migration of saved options.

• New command-line password generator capability.
• New During cipher operations, if the source is a temporary file, behave as if "ask for output locations" is always on, using a safe starting destination. This should help when opening files directly out of other software (for example, encrypted email attachments won't be decrypted into some obscure location buried in the filesystem).
• Changed the logging subsystem; the Log window and similar outputs should be much less cluttered and noisy now.
• Changed minor improvements to the graphical UI: link directly to the local application data folder (buried and hidden by default on some platforms), improved messages during Windows install/uninstall, much faster password generation under unusual criteria, try to catch accidental uses of "Decrypt" on archive files.
• Fixed the various smartcard windows to not explode if an access check is done without a card, but a card is inserted before the check times out. (The card should be properly detected in such a case.)

• New for the File Info dialog:
  1. A 'Location' line with the full path to the file in question (good for finding output files after encrypting/decrypting, if you forget where the original file was)
  2. Clicking the 'Location' opens a file manager in that path, with the file in question selected if possible
  3. Double-clicking a file in the main GUI opens the File Info dialog
• Fixed the Password Generator to give up if it cannot create a passphrase within a time limit; particularly stringent creation parameters can take excessively long.
• Fixed the Password Generator in those custom builds which require password complexity to be enforced. During encryption, the generator tab's "Add" button will once again not become clickable until a password is generated which meets the same requirements as one typed in by the user. To see which parameters have not been met by a given generated password, hover the mouse over the grayed-out "Add" button. (The "Copy" button remains active for all generated passwords regardless of complexity requirements.)
• Changed the various tests performed during startup. More errors in unusual situations should be handled properly, and users on some platforms should see faster startup times when using the GUI.
• New check for Keychain files (*.wzk) in the Data Path during startup. Users will be prompted to open or skip any Keychains found in that folder, just as they have been for Keychains found in the current directory at startup. To find the exact Data Path for your system, see the System Info window in GUI mode, or use --sys-info on the command line. (Windows users may not have an existing Data Path until performing the optional install step under the Tools menu.)
• Internal changes to code supporting custom build configurations. This has no visible effect on standard EW-Govt or EW-Public editions.

• Fixed a bug where users of the Government FIPS edition storing public keys in their Keychains, or using a CAC/private key to encrypt their Keychains, could find themselves unable to re-open the stored Keychain file. Version 3.4.2 can re-open such Keychains and will automatically correct them to be usable again with older (or non-Government) versions.
• Changed keytool wrapper utility will store public certificates in Base64 encoded PEM format instead of binary DER format, to be accessible to more tools, and will display its command line for users who need access to options beyond what the wrapper utility offers at any given time.

• New keytool wrapper utility for interactively creating a public/private keypair, reachable under the Tools menu.
• New command-line capability to extract metadata into a file during decryption operations. The file can be edited by hand, and can be used to apply metadata during subsequent encryption operations.
• Fixed stored options to use a portable file rather than the native Java Preferences system. Air Force users of certain SDC versions should no longer encounter problems with stored options. (The file is in the 'Data Path' location shown in System Info.)
• Fixed startup issues when trying to run EW when the JAR file is on specific kinds of network storage. Air Force users of certain SDC versions will see warnings and instructions at the very beginning rather than eventually running into problems later.
• Fixed some startup and logging problems occasionally seen when running in a text-only environment.
• Fixed restarting with JVM options inherited from the environment which also contain unprotected whitespace. Air Force users of certain SDC versions should no longer see the restarted window vanish.
• Fixed temporary files handling on Windows systems with unusual temporary folder settings. Air Force SDC users should no longer see temporary files left behind after exiting (which were being cleaned up on the next run anyway but took up space in the meantime).

• Move to Java 7 as minimum JRE version.
• Store and restore file attributes inside archives.
• Support for 256-bit AES.
• New command-line interface.
• Secure erasure and checksum/hashing without running the main GUI.
• Lots of under-the-hood improvements.