Toolsley Blog

Updates

Mon Apr 18 2016 02:00:00 GMT+0200 (CEST)

File Signature Verifier

Implemented support for signed hash lists (ex.: Bitcoin releases). Both the signature of the list and the hash of the file are checked seamlessly.

Hash&Validate

Added single algorithm mode. Example: https://www.toolsley.com/hash.html#only=md5

PGPigeon

Fixed a bug where the Key List would stop functioning after importing certain types of keys.

Introducing File Surgeon

Wed Oct 07 2015 02:00:00 GMT+0200 (CEST)

Years and years ago ~~in a galaxy far away~~ when dialup was still prominent and simply re-downloading files that got corrupted for some reason or another was a major issue due to traffic caps, fees or just the sheer waste of time involved a tool named ZIDRAV (short for Zorba's Incredible Data Repairer and Verifier) was conceived.
It wasn't pretty, straightforward, user-friendly or well engineered but it worked.

What did it do?

It allowed two people to work together to fix a corrupted file with the least amount of data transfer necessary to do so.
It was a 3 step process

The owner of the damaged copy would create a checksum-map using ZIDRAV and send it to the owner of an intact copy.
The owner of the intact copy would then use the tool to create a patch file that contained only the parts where the checksum-map of the intact copy differed from that of the damaged one (ie. where the corruption was)
This patch file was then sent back to the owner of the damaged file and the file could be repaired.

ZIDRAV became analogous with this file repair method and earned a bit of fame and/or notoriety in the process. There was an attempt at resurrecting it several years later and it even made it into some Linux distributions' repositories but eventually the maintainers lost interest and it faded into obscurity.

Superior file-delta solutions exist nowadays but most of them require one party to have a copy of both files at the same time so they just don't serve the same purpose as ZIDRAV did.

Enter the latest Toolsley tool.

File Surgeon

Repair damaged files with the help of someone who has as intact copy.

File Surgeon is basically a ZIDRAV-compatible file repair solution (down to the files involved). It can be used as-is or in conjunction with the Windows version of ZIDRAV.

The steps are the same:

Step 1: The owner of the damaged file creates a checksum-map file and then sends it to the owner of the intact file.

Step 2: The owner of the intact file creates a patch file from the checksum-map and the file.

Step 3: The owner of the damaged file applies the patch file

Caveat emptor

The JavaScript API standardization process has not yet produced a workable solution for saving large files from browsers. It's possible to read tens of gigabytes of local data into a browser safely but writing is a hack at best that doesn't work on all browsers and comes with severe limitations where it does. What this means for this tool in particular is:
Step 1, checksum-map creation is virtually unlimited and will always work regardless of size since checksum maps don't grow as large as the limitations.
Step 2, patch creation is limited to 500megabytes of corruption in Chrome, 800megabytes in FireFox, 600 megabytes in IE and the rest is unknown.
Step 3, patch applying has the same limits on total file size for the repaired file.

Workarounds

ZIDRAV for Windows could be used as an alternative for both Steps 2 and 3 if the patch or the file is too large to save from the browser.
Additionally there are two alternatives supported for Step 3.

The creation of an Xdelta compatible VCDIFF file. Xdelta is one of the more advanced file-delta solutions mentioned earlier. It's cross-platform and should have no issues applying patches to large files
The creation of a shell script for *nix and OSX that applies the ZIDRAV patch file without having to use ZIDRAV or any other tool. It simply uses dd which is included by default on those systems.

Check it out and let us know what you'd like to see next!

Bugfixes for September

Tue Sep 15 2015 02:00:00 GMT+0200 (CEST)

File Signature Verifier

Fixed a bug in Toolsley's openpgp.js fork that broke DSA signature verification

Updated fork with changes from original (also includes a fix for a DSA signature verification bug)

Fixed a bug where SHA-1 signatures weren't processed properly in verification links

File Signature Verifier improvements

Sun Aug 30 2015 02:00:00 GMT+0200 (CEST)

File Signature Verifier

Fixed a bug where files between 10 and 20 megabytes weren't being read properly (also in Hash & Validate)

Added clipboard paste support for keys and signatures

Added support for direct verification links

Small usability fixes

Direct verification links

Similar to Hash & Validate's direct validation links File Signature Verifier can now create direct URLs for verifying files using a given signature.
To use this feature simply load a signature and click on the green link icon that appears next to the signature data.

By default the direct links will also try to fetch the public key corresponding to the signature from the default key server (pgp.mit.edu)
This behavior can be disabled by unchecking the checkbox on the dialog that pops up with the link.

Details on the verification URL format

Header, footer, optional fields, line-breaks and spaces are stripped from the ASCII armored signature. The resulting string is URL-encoded and appended to the URL as an anchor parameter named "s" (Using the anchor ensures that signatures are not leaked towards the server)

So for example:

becomes:

https://www.toolsley.com/verify.html#s=iQEcBAABCAAGBQJUPvAmAAoJEEFvBhBj%2FuZZNF4H%2F2bK126yRoWHIBAcaoA4sSc%2BQ7dLJvuBmMVWAOCpLtIeQFt1di7HZ0snuzXYgMSYm1if0K3kd3mMNB3Bu3nAex3jPYAmZARbeTpbf0jQ37ouNrZFn1vJT2KRw23gl25oLjN2W8XappucAIAhvllJCUT88MTam7dr4hlie2JdDTiG2atU3Az0sAN13KUNL8%2FLddxUr33LaZYMkCSqkhzH4NzTmnrK%2F5bQa5EmJfqee%2FqpexHE73cY0DAT%2BOjpvSgRT5XSWvuzGLIfTpSFzSyApRmDBw%2BknHJ4ju%2BDHqXwl98O6Cn694oIUgKi6IxDvfE7E22JfG8cvQU1DyWsLj5c4QQ%3D%3DOykB

When opened the tool will populate the signature and immediately attempt to fetch the corresponding key from the default key server unless the "fetch" parameter is set to "no".

As always feel free to send your suggestions, bug-reports or comments to toolsmith@toolsley.com

PGPigeon v1.3 released

Thu Jul 09 2015 02:00:00 GMT+0200 (CEST)

PGPigeon

Added support for multiple recipients

Upgraded 3rd party components

Bugfixes for July

Wed Jul 01 2015 02:00:00 GMT+0200 (CEST)

File Signature Verifier

Fixed a bug where key files with the asc extension weren't getting loaded

Fixed a bug where key fetching wasn't working when the tool was accessed through HTTPS

Changed default key server to MIT's

Key server port will now default to 80/443 depending on how the tool is accessed

Note: Key servers need to support Access-Control-Allow-Origin: * as well as HTTPS when the tool is accessed through it to work.
The new default does both.

PGPigeon

Fixed a bug where key fetching wasn't working

Changed default key server to MIT's