Dominik Schadow

More and more people start using JCrypTool. As you can imagine, we are extremely happy about that! And more and more people start providing feedback via the SourceForge thumbs up or thumbs down button. This is probably the easiest way to get in touch with us. And the comment field provides room for a short review.

I‘m having mixed feelings about this field. On one side it is of course nice to read ,I love feature xyz to do this and that.‘. But on the other side it tempts people to mention that JCT crashes or that they immediately found a bug. Yes, this happens.

Don‘t misunderstand me, of course there a bugs in JCrypTool. And we do want to fix them. Every single one of them. So please, use our bug tracker, or our forum, or our mailing list to report a bug. We will fix it. Always. And we want you to continue using JCrypTool without having to work around that particular bug all the time. It‘s your choice, get involved.

I released a new XML Security Tools build today. This release includes only some documentation updates which are available in the Eclipse wiki too (in the Documentation/ User Guide section).

JCrypTool is running for the Best RCP Application with the Eclipse Technology Awards again. The finalists will be announced on March 1st, the winner on EclipseCon 2010.

We released a refreshed JCrypTool Release Candidate 1a for download today. This releases fixes the not working language switch via the preferences and the not working Algorithms view on Linux (other systems were not affected). The clean up of the internal package usage in the Algorithms view is a positive side affect of this bugfix. The new FlexiProvider version 1.6.0p6 is available in this release too.

Release Candidate 2 is scheduled for April. The reason for this long time is that we want to extend the documentation (online and context help) and provide the a complete theoretical part for this release. And end user documentation requires a lot of time. At the moment we expect the final version to be released sometime in summer this year.

JCrypTool 1.0.0 Release Candidate 1 is available for Linux, Mac OS X and Windows. For the first time we released versions for 32bit and 64bit for all supported operating systems. Download the new release today!. This release does not contain any new features but does complete and enhance the features from previous milestone releases and fixes different bugs.

This is the first release candidate as we are getting closer to the final version. There will be at least two more release candidates until the final release will be available. As always we are interested in any feedback and bug reports, so feel free to get in touch with us via our forum or the mailing list.

A new XML Security Tools build is available. This new integration build on the official Web Tools download page contains a complete English online help for the whole plug-in as well as several UI enhancements and different bug fixes.

The German tutorials are completely up to date too.

JCrypTool 1.0.0 Milestone 6 is available for Linux, Mac and Windows systems on our download page.

There are again plenty of changes and updates, see the JCrypTool 1.0.0 Milestone 6 - New and Noteworthy page for the new features.

This is the last milestone release, JCrypTool is more or less feature complete. We are now entering the end game and will publish some release candidates at irregular intervals. So the next weeks will complete the online/ context help and as well as some missing details in the UI. Get ready for the final version...

Your feedback, ideas, wishes and bug reports are as always welcome, so feel free to contact me or use the forum/ mailing lists on our home page.

A new XML Security Tools release is available for download. This release contains some minor UI enhancements in the XML Encryption Wizard which should make it easier to use. And I continued working on the documentation (a.k.a. online help) which now contains some parts of the XML Encryption Wizard too. As a reminder: all documentation is developed in the Eclipse wiki. Feel free to open a Bugzilla account and to help me

Extending the Eclipse help is simply writing html pages. And linking between those pages is easy as long as the pages all reside in the same plug-in. Cross plug-in references (linking from plug-in A help page to plug-in B help page) requires just a little bit more information in the link:


<a href="PLUGINS_ROOT/plug-in-id/path/page.html">My other plug-in</a>


PLUGINS_ROOT will be replaced automatically during runtime. All you have to do is to replace the plug-in-id with the targets plug-in id and fill in the complete path to the html file. Even $nl$ parameters are possible here.

The W3C has published two first drafts XML Signature Syntax and Processing and Canonical XML of the upcoming version 2.0.

The new XML Signature version promises more simplicity and more performance. Chapter 10 lists the differences to the current version. In short: New namespace dsig2, Canonical XML 2.0 and a completely changed transformation model which isn't that general any more (which is good, since the completely open one we are using now may lead to a lot of security problems). The new one now separates between selection and canonicalization, which includes the new Selection element. In short this element chooses the data object that is to be signed.

Canonical XML 2.0 brings in more performance and more security. It is still designed for XML 1.0, not XML 1.1 (so still no canonicalization for XML 1.1 out there). And as written above it is required for XML Signature 2.0.

Since these are the first public drafts some things will change until the final recommendations will be available.

I moved from Actions to Commands lately for all XML Security Tools operations. Except some removed icons, the XML Security context menu doesn't look much different. So why all the work (or trouble)? Well, Commands are much cooler: clean separation of UI and business logic, and therefore reusable. Yes, it's possible to reuse Actions too, simply duplicate the code...

The main reason for the change was to integrate closer with the rest of the Web Tools Platform. The XML Security extension is now available in the Package Explorer, Project Explorer and Navigator view, but only in the XML perspective. The editor extension (the same menu) is available in the WTP XML editor at all times (in any perspective). Achiving that is much easier with Commands (Menus and Handlers) than with Actions.

The layout changes should make it easier to use the XML Security Tools commands. The menu entries with icons use the regular wizards and require much user interaction. The menu entries without icons are the so called quick functions with minimum user interaction.

The next step is to provide a simplified menu in the XPath view: after entering an XPath expression simply select the desired resulting element and choose sign or encrypt. The XML Security wizard should already take into account which element is selected. This is not done yet, see BugZilla for my progress on that. And I'm working on the documentation, the English version in the Eclipse wiki, the German version as tutorials on my home page.

The latest XML Security Tools version is available on the WTP Incubator download page. The promoted version available here does not include the latest changes. The next integration build on this site will be available after the English documentation is completed. So visit the committers download page for continuous updates and the WTP download page for more or less stable integration builds.

JCrypTool 1.0.0 Milestone 5 is finally available for Linux, Mac and Windows systems on our download page. Be aware that it is not possible to use the update manager in Milestone 4a or older to update to the new version. We are sorry for the inconvenience, but there are more changes included in Milestone 5 than the update manager can handle (mostly p2 related). So please download the complete archive ones more.

See the JCrypTool 1.0.0 Milestone 5 - New and Noteworthy page for an overview of the new features and updates.

Reasons for the delay? Well, it took us much more time than expected to include p2. There were a lot of pitfalls, and we jumped from one to another.

But nevertheless, this milestone moves us really close to the final version 1.0.0, only one more milestone should follow the next months. Milestone 6 is already scheduled for November, depending on the time we are feature complete. There are some open tasks so far: Actions View is incomplete, Command Line is completely missing and the online help is not as complete as it is supposed to be. The first steps Cheat Sheet is not completed yet too. Those tasks must be contained in milestone 6, before we enter the endgame and release our first release candidate. So there is still enough to do.

Your feedback, ideas, wishes and bug reports are as always welcome, so feel free to contact me or use the forum on our home page.

Since I have updated to Snow Leopard lately I ran into the JVM 64 bit problem. SWT is simply not available for Mac OS X with 64 bit. This hit me when launching JCrypTool the first time after updating. The solution to fix this is to add -d32 as a VM argument for in the run menu entry and voilà, the RCP is running again.

In case you want to deploy a feature based RCP for more than one platform (with the delta pack): Do not forget to add the org.eclipse.rcp feature either as included feature to one of your features or add it directly to your product configuration. The org.eclipse.rcp feature includes all the platform dependent plug-ins and fragments (like SWT win32). So in case your export doesn't contain the platform dependent files (and fails to launch) verify that this feature is added...

Even if you do deploy to one platform only but do have a feature based RCP you have to add the org.eclipse.rcp feature. Otherwise you have to add all required platform dependent fragments yourself.

Version 1.4.3 of Apache XML Security (Santuario) is available. In case you do use this API you should update as soon as possible to the new release. This release doesn't provide any new features, but includes a lot of bug fixes, including a correction for the relatively serious security vulnerability that has been discovered lately.