October 21, 2009

By Karen Kenworthy

IN THIS ISSUE

"I wish we had more time! There's a lot more to say about the Version Browser, and Digital Signatures too. But those chats will have to wait until another day."

Wow.

I had no idea, when I wrote those words back in October, 2008, that "another day" wouldn't come for more than a year! And judging from the e- mail, postal mail, and even phone calls I've received during that time, many of you didn't expect me to be away this long either. I'm really sorry.

It's hard to say exactly what kept us apart. It wasn't one thing. It was a series of events and situations, some important, some not. To answer the most often asked questions, my health is fine (some of my family members haven't been so blessed, but we're all still here, thank the Lord). In fact, I was able to take a short vacation this spring, something that hadn't been possible for years.

And I haven't stopped creating new Power Tools programs and updating older ones. To the contrary, I've had more fun programming during the last 12 months than I have in a long time. I'm really looking forward to sharing what I've built with all of you over the next few weeks and months.

Now that I'm back, we'll have plenty of time to catch up. But for now, let's get right down to business. Old business, that is. Let's catch up with the "new" version of my "Version Browser" program, resuming where he left off, late last year!

Version Browser

Those of us with very good memories might remember way back to the year 1993, when personal computers were steam-powered. Everyone kept a rick of firewood and a wooden barrel of water at their desk, just to keep the old PC running. We won't talk about the frequent boiler explosions, and horrible bit burns they caused. In those days, they were all just a brutal fact of life.

But there were moments of grace during those difficult times. One was the birth of one of my first Power Tools, the Version Browser.

Like all newborns, this program started life small and simple. It allowed you to browse your computer's hard disks, and view something called "Version Information". This block of data is sometimes found inside important computer files, mostly file containing computer programs.

As its name suggestions, version information includes a file or program's "version" -- those cryptic multipart numbers like 1.0 and 4.2.6.1. As you know, the bigger the number, the newer the program. This little bit of program trivia allows folks to identify the latest and greatest version of a file, when extra copies are found on the same disk.

But version information can contain even more useful data. A program's full name, the name of its author, and the name of any larger product to which it belongs, can all appear inside a file's version information. So can a program's copyright and trademark statements, the author's comments describing the program, and the version of Windows the program supports.

And true to its original mission, from its inception the Version Browser could display it all!

But, like most software, my little program grew larger and wiser as the years rolled by. Over time it searched outside the version information block, learning to reveal a file's size, and the dates file was created, last modified, and last accessed. As a toddler it discovered the program "associated" with various data files (the program Windows would automatically launch if the data file's icon was double-clicked).

Later, it mastered the grown-up job of exporting all information about a folder full of files to a "tab-separated value" file. This allows the program's collection of file facts to be imported into most spreadsheet programs.

My budding youngster even learned to print the information, building on its original ability to display a file's details on a computer screen. Not content with monotonous text, the latest version of the program even allows you to select a font and text color. It can also automatically print multiple copies of its reports.

File Attributes

One of the Version Browser's newest tricks is the ability to uncover a file's "attributes". Always helpful, Windows keeps track of several attributes, using them to manage and categorize files and folders.

All attributes are simple "yes/no" characteristics. Either a file or folder has a particular attribute, or it doesn't. And thanks to Windows' generosity, any particular file or folder can have none, all, or just some attributes.

Best of all, the newest Version Browser knows and tells all!

So, what are these attributes of which I speak? To make sure you're always clued in and in-the-know, here's the lowdown in a nutshell:

Read-Only or R/O: If a file has this attribute, Windows will block all attempts to change the file's content. Programs and people can read the file, but that's all.

Hidden: This attribute causes Windows to hide the file or folder. Its name will not be displayed on-screen (unless you ask Windows to display hidden files and folders -- Windows isn't very good at keeping secrets).

System: Files and folders that are a part of Windows itself have this attribute. It's a way for Windows to keep track of itself, and to discourage users and programs from meddling in its affairs.

Archive: This attribute indicates the file has been modified at least once, after it was last backed up. In other words, this incarnation of the file hasn't been copied to a safe place. Note: not all backup programs remove this attribute after making a copy. It's mostly used by Windows' own backup programs.

Temp: "Temp" is short for Temporary. As you've guessed, files and folders with this attribute are created and used for a short period of time, then deleted once they've served their purpose. Or at least they're supposed to be deleted after use. But some programs are a bit careless and wasteful, leaving temporary files behind for others to find, instead of cleaning up their own mess.

Compressed: A file or folder with this attribute has been compressed, allowing it use less disk space than an uncompressed version of the same data. Accessing compressed data is slower than reading and writing uncompressed info. But, depending on the type of data a file or folder contains, the amount of disk space saved by compression can be considerable -- from 50 to 90%.

Encrypted: Yep, this attribute indicates the file or folder has been encrypted. If you, a program, or even Windows itself, try to read encrypted data without providing the right password, you'll see gibberish. If your disk contains important information you'd hate to see fall into the wrong hands, encrypting the file or folder is the way to go.

Offline: This odd little attribute indicates a file or folder isn't on your computer's hard disk at all. Instead, the data is stored elsewhere, such as on a tape or backup disk not currently connected to your computer.

Not Indexed or N/I: Have you noticed when you ask Windows to search for a file or folder, it may ask you if you want to search "non-indexed" files (warning you this might be slow)? Well, this is how Window keeps track of what information has been "indexed" (pre-scanned and stored in an index), and what hasn't.

Handwritten Signatures

My favorite new feature of the Version Browser is its ability to detect and validate "Digital Signatures".

To understand a digital signature, let's first look at something we've all created and used -- a handwritten signature.

At one time or another we've all put ink to paper and signed our name to a letter, check, or (in the case of some of you) an autograph. Besides taking part in a long-standing, quaint historical tradition, what have you done?

First, signing a document shows "authorship". By affixing your signature, you're publically stating that you are the author of the check, contract, or letter. Sure, anyone can write words and numbers on your blank check or letterhead. But it's legally meaningless unless you sign your name, proving you're the text's author and are responsible for its content.

Second, assuming others can recognize your signature -- distinguishing it from all other names signed by all other people on earth -- your little bit of handwriting "authenticates" your claim of authorship. In other words, your unique and irreproducible signature proves it was you, and only you, who made the claim of authorship.

Handwritten signatures are far from perfect. Documents can be modified after they are signed, making it appear the signer wrote something they did not. And the signature itself can be forged, making authentication difficult. Still, despite all their shortcomings, we've built a considerable system of banking and law, based in part on the signature's limited ability to claim authorship and prove authenticity.

But signatures are for the world of pulp and pigments, right? Well, no. Today there's something called a "digital signature". This new and improved descendant of the original signature does everything its ancestor does, and more, and better!

Digital Signatures

A digital signature is a small, special block of data added to the end of some files (usually a file containing a program, though some other types of files can be signed too). Like their handwritten counterparts, they show who created a particular file, irrefutably revealing a file's author. What's more, they guarantee the file hasn't been altered since it was signed.

To understand this magic of digital signatures, we need to talk a moment to talk about "hashes". All digital signatures contain a "hash" of the signed file's data. As we've seen before -- when discussing Karen's Hasher" -- a hash is a large number computed using a complex mathematical formula. All the bits making up a file are fed into this formula, and the hash value comes out the other end.

Hash values are so large (nowadays they often contain 256 or more bits), and the formula is so cleverly devised, that no two different files anywhere in the world will produce the same hash value. Change even a single bit of a file, and the hash value changes too.

What do hashes have to do with digital signatures? When a file is signed, the current hash value of its contents is stored inside the signature. Later, to see if a file has been changed, just compute the hash value of the file's current contents, and compare that to the hash value stored in the signature. If the two values are the same, the file is unchanged. Any difference in the hash values proves the file was modified after it was signed.

Besides the file's original hash value, a digital signature also contains the name of the file's signer. Normally, this is the file's author, or the person who wrote the program or created the file. The signature also contains the date and time the file was signed. This neat fact allows digital signatures to resolve legal disputes where the exact time of signing is important.

Pretty cool, eh? But some of you are wondering, why can't a digital signature be forged? Couldn't a clever person, or even someone not so clever, simply change the hash value stored in a signature to match the new hash value of an altered file? And couldn't they put any author's name or signing date into a signature, replacing the original information? After all, a digital signature is only made of bits. And bits can be changed …

The answer is, yes a digital signature can be altered. But people who do that will get caught. That's because of a clever encryption trick called "public key encryption". You see, digital signatures are encrypted, using a key (a large, seemingly random number) known only to the legitimate signer. Anyone trying to create a forged signature would have to know the real author's encryption key. And this key is among an author's most tightly- held secrets.

The beauty of public key encryption is that you can decrypt a signature without knowing the author's key. All that's needed is a second large number that can only decrypt data, not encrypt it. The full story is a bit too complicated to go into here. But the simplified version is that Windows comes equipped with a collection of "public keys". These allow Windows to decrypt any digital signature.

The newest version of the Version Browser fully supports digital signatures. It can tell if a file has been signed, and will let you know if the signature is valid. The program will also display the author's name and the date and time the file was signed.

There's one more thing you should know about Digital Signatures. I digitally sign all my programs and their installers. To be sure your copy of one of my programs is an exact copy of the original, just ask Version Browser. Among the information the program will display, print, or export, you'll find the signature's status and contents. If my signature is present and valid, you can be sure your copy of my program is genuine. If my signature is missing, or invalid, the file has been damaged or altered and shouldn't be trusted.

Window can also show you a file's digital signature. Just right-click any signed file and select "Properties" from the context menu that appears. When you see the file's Properties dialog, click its Digital Signatures tab. If there's no such tab, or the information shown there indicates the signature is invalid, your copy of my file is mangled or altered in some way. But if the signature is present, and valid, you've got an exact, unadulterated copy of the file, just as it left the author's hard disk!

I'm sorry I went on so long. But I've missed our visits. There's so much catching up we still have to do. But that will have to wait for another day. In the meantime, if you'd like to put the Version Browser to work on your computer, visit its home page at:

    https://www.karenware.com/powertools/ptbrowse

As always, the program is free for personal/home use. And you can download its complete Visual Basic source code too!

You can also get the latest version of every Power Tool on a shiny CD. These include three bonus Power Tools, not available anywhere else. The source code of every Power Tool, every issue of my newsletter, and some articles I wrote for Windows Magazine, are also on the CD. And owning the CD grants you a license to use my Power Tools at work.

Best of all, buying a CD is the easiest way to support the KarenWare.com web site, Karen's Power Tools, and this newsletter. To find out more, visit:

    https://www.karenware.com/licenseme

Until we meet again, don't sign anything without reading it first. And if you see me on the 'net be sure to wave and say "Hi!"