Pygar's Skeleton Closet

Purpose

It could be argued with overwhelming evidence that every software development project is characterized by underfunding, understaffing, and unrealistic deadlines. This state is dictated by the principles of organizations. If it were otherwise, an increase in executive bonuses and a redoubled effort to over-promise would quickly restore the natural state for developers. The sad part is that those who build the present state of systems chaos impose a hardship on those who come after. Our heartfelt apology goes out to the reader.

By way of partial atonement, this document records the pitfalls that are foreseeable during the continued progress of the Pygar Project. We have here a description of several kinds of problems:

  1. Failures to follow the software architectural model.
  2. Shortcuts adopted to meet a deadline by overlooking details.
  3. Workarounds introduced to overcome a real or perceived deficiency in the Java SE or EE support structure.
The problems are discussed below. First let us comment on the general state of the two implementations of Demo 0: Demo0P and Demo0G.

The Demonstrations

The sole purpose of Demo0P is the proof that the library of software components necessary for Blind Encrypted Data Matching is sufficient to its announced purpose. The demonstration data was deliberately kept ridiculously simple because of a potential customer who asked for this specific data (matching text fragments) and would not allow access to realistic data. Anyhow it works as is but there were shortcuts detailed below. This demo is also useful because it runs easily on a small laptop.

Demo0G is more ambitious as software because it will be suited to run over a Java EE server and is therefore suitable for demonstrating the enterprise application of the software process. Although demo0G should be more advanced than demo0P, its software design takes a step back from the purity of the state-machine design model in demo0G. Furthermore, it replaces a shortcut in demo0G with what has become a workaround in demo0P due to apparent difficulties in the cryptographic libraries supplied with Java SE 6.0.

The software for both demonstrations leave room for further improvement!

Failures to Follow Model

Shortcuts

Workarounds

The two demonstrations have avoided writing any code to manage identities. The reasoning here is that this is a very important, complex job that is best left to different experts. However we still need the identity management function so we have used Sun Microsystems "keytool". This worked perfectly for demonstration demo0P but that software used a shortcut that skipped a few steps in the encryption cycle. These steps were implemented in demo0G; however, it turns out that the private and public keys produced by keytool do not work correctly with the WRAP_MODE and UNWRAP_MODE modes of the Cipher software. As a consequence, we were forced to either abandon keytool and replace it a great effort or to implement the wrap key and unwarp key functions with our own code. We chose the latter. Note also that the keys from keytool work with Java SE 6.0 versions of the signature functions so the failure of the SE libraries is partial. It may also be the case that the Sun documentation is too deceptive in this functional topic for anyone to dope out how to use the libraries correctly. It is unfortunate that Sun sank into the corporate graveyard before this area of documentation was cleaned up.