Posted tagged ‘KeyStore Explorer’

KeyStore Explorer Now Open Source

October 19, 2013

KeyStore Explorer (KSE), in its various guises, is a PKI desktop application project I have worked solo on since 2001. While it started as open source software it has been a closed project for most of the subsequent time. For the last year development has stalled due to a lack of motivation on my part. My concern has been that my lack of activity would lead to the whole project dying.

I am therefore happy to report that KSE is now officially open source software. The new owner Kai Kramer answered my call to arms and has been busy since late July remediating all of the impediments to open sourcing the application, completing the features I had slated for version 4.2 and adding extra functionality. The result is KSE 5.0 which is licensed under GPL Version 3.

The old KSE website has been decomissioned and now redirects to KSE’s new home at SoureForge

Release notes for 5.0 are available here. Executable downloads for the usual supported platforms are available here. Finally the highlight is the availability, for the first time since 2004, of the source code.

For my own part, I will be stepping back completely from the project to let Kai and the community take KSE forward.

KeyStore Explorer – OSS Update

August 31, 2013

A month ago I wrote about a new owner having been identified for KeyStore Explorer (KSE). This post comprises an interim update on the new owner’s progress in taking over the application.

The new owner has been very busy over the last four weeks and has, in a relatively short space of time, removed all impediments to open sourcing the code base. This involved replacing a third party ASN.1 library (which was used extensively by KSE) with calls to Bouncy Castle.

In addition most of KSE’s icons were sourced from the commercial Icon Experience set. The new owner has replaced these icons with the Fugue set created by Yusuke Kamiyamane.

The new icons give the application a new look:

Click to Enlarge

Click to Enlarge

We have have also settled on an OSS license we are both comfortable with: GPL v3.

Upcoming work by the new owner will complete my unfinished work on new features for version 4.2 and perhaps add a few more items of functionality.

There is still a lot of work to be done but I am confident that KSE is in good hands.

New Owner Found for KeyStore Explorer

July 30, 2013

In October last year I wrote a post asking for a new owner to take over and open source my neglected KeyStore Explorer application. I am pleased to say that someone has stepped up to the plate. The individual concerned is an experienced developer currently employed in the PKI industry.

I have handed the code over to the new owner who has started the process of removing the various impediments to open sourcing the project. Current expectations are that it could take 1-2 months to complete this task but this could change as it is a fairly large job. The current choice of OSS license is LGPL – again this could change before the OSS release.

I will provide more details closer to the OSS conversion work being completed.

New Owner Wanted for KeyStore Explorer

October 18, 2012

Update – New Owner Found.

“Owner wanted for a ten year old freeware key management application that answers to the name KeyStore Explorer. KeyStore Explorer is fun and rewarding to maintain, has a clean codebase and comes packed with utility. However, this mature application still has a lot of potential for a new owner to add useful functionality. KeyStore Explorer’s author can no longer take care of it and so KeyStore Explorer requires a new home to get the love and attention it deserves.”

Okay, so KeyStore Explorer (KSE) is not an old dog looking for a home. However, it does require help if it is to continue to evolve.

Since KSE went freeware it has become increasingly popular. With more than 1,500 downloads every month I like to think that it is helping lots of folks out. However, it pains me to admit that, after ten years of development, I am no longer the best person to look after KSE. this is because I no longer have the time to maintain it, far less drive it forward.

What I do not want is for KSE to die a slow death because I am not prepared to let go of the helm. So I am using this blog post as an advertisement to attract a new steward for the utility. I am open to ideas as to what type of ownership this would entail although open sourcing the application seems a logical choice which I am in no way opposed to. Continuing the application as a freeware application or commercialising it are other (less attractive) options that have occurred to me.

You may ask why I don’t just open source it myself. Well there are two reasons. Reason number one is that open sourcing and simply casting the application to the void is not enough to ensure the application’s future. I believe that there has to be a defined owner or owners to take charge of its direction. Reason number two is that there are a couple of impediments that will need to be overcome before the codebase is open source compliant. These impediments are not trivial but nor are they, in my opinion, insurmountable with the current availability of open source alternatives.

You may get the impression from the paragraph above that I just want to chuck the codebase at a willing participant and walk away. What I propose instead is that I provide the successful applicant(s) with the following:

  • The full codebase including the mostly complete, unreleased version 4.2 features.
  • Licenses  for all supporting tools and third party libraries.
  • Ownership of the existing domain for long term use or as a means of redirect to a new home for KSE.
  • My ongoing support via email with any questions regarding the application and codebase.

All I require, as the original author, is that my name remain associated with KSE.

If you would like to be the new owner of KSE and think you can do the application justice then drop me a line at the Lazgo Software contact page. We can talk details and I will endeavour to answer any questions you may have. If a deal is struck I will post the outcome on this blog.

A History of KeyStore Explorer – Part Three

May 18, 2012

KeyStore Explorer (KSE) has existed, in one form or another, since 2002. These days it is a freeware offering but it has not always been that way. KSE started as an open source project before morphing into a commercial project. It is only relatively recently that it was re-licensed to be free for all to use once again. As the utility is now almost ten years old I feel it is a good time to write a potted history of KSE.

This post continues from Part Two and concludes the history.

KSE Freeware

This history continues in late 2009. At the time version 3.4 of the commercial KeyStore Explorer (KSE) was under development but I was growing bored with it. Managing a business was losing its appeal and I was running out of ideas for new features.

First of all I resolved to close Lazgo Software as an enterprise so that I could reclaim the time it was taking to run it. However, before I could do that I would have to cease selling KSE. I was reluctant to go back to an open source model so decided to try something different again by making KSE freeware. This would allow me to keep the utility available to those who had paid for it and make it available to a larger audience without giving away my IP. After putting so much effort into the code I was reluctant to give it away again.

To differentiate the freeware version from the commercial versions I gave it a new major version number of 4.0. Despite the version jump the only difference between 4.0 and 3.3 was the inclusion of the minor features I had already developed for 3.4 and an absence of any licensing code. KSE 4.0 was released in April 2010. I started the process of killing Lazgo Software Ltd immediately after that.

With version 4.0 released I started development of 4.1. I wanted to see if I retained any interest in KSE now that I was free of the shackles of the business. The focus of 4.1 was to expand the selection of signature algorithms to include the various extended length SHA variations. This would be tricky as it would require an upgrade of the Bouncy Castle libraries and therefore the provision of a mechanism for users to upgrade their JRE’s crypto strength. I got some way through the implementation but it took many months to get there. Finally I simply ran out of steam. It was time to park KSE and come back to a decision on its future at a later date.

I took a break and dabbled in a few other pet projects instead. The most enjoyable was my time spent writing a turn-based zombie strategy game, inspired by the classic game Laser Squad, using Microsoft C# and XNA. That was great fun although I have never finished it. I did a lot of studying and dabbled in mathematics and meteorology. It was also during this time that I started blogging on topics including my experiences with scrum, agile and amateur meteorology. It was great having so much free time again. Nine months passed pleasantly without my touching KSE or deciding what to do with it.


In September 2011 I picked KSE development back up again. I can’t remember why but I just had an urge one morning to start hacking away at it again. It was tough getting back into it after so long away. Nonetheless I quickly found I was enjoying it again. My enthusiasm for KSE was back and I resolved to get 4.1 out the door as soon as possible.

In the 18 months since 4.0 had been released I had noticed a marked increase in the number of downloads KSE was enjoying. It was a no-brainer working out why that was happening. An application will be more popular if it is free as opposed to paid-for. I reckoned that I may be able to leverage the application’s growing user base by combining it with my new-found interest in blogging.

The idea was to start telling users exactly what I had planned for KSE and to publicly invite suggestions for enhancements. Even if I ran out of ideas to progress KSE’s feature set a motivated user-base never would. In addition I could offer a beta test programme for 4.0 and get extra testing from real users. This would be a massive help to me if it worked out.

Using this blog I posted the development updates, invited users to submit enhancements and got a beta test program up and running. The reaction from users was pretty awesome. Many people gave up their time to test and submit bug reports and many more provided their own ideas to improve KSE. I have no doubt that the first beta test programme for 4.1 led to a better finished product. In addition the backlog of user submitted enhancements I am even now working through will continue this process of improvement.

Buoyed by the feedback I hammered through the remaining features of 4.1 making a final release available in March 2012. The expanded signature algorithm support was the main feature but many smaller enhancements were also included.

It is now May 2012 so that pretty much brings the history up to date. Work on 4.2 has started and is progressing well. Of the enhancements that will feature in 4.2 every single one is based on a user suggestion. I’m now confident that running out of ideas is no longer going to be an issue so I’ll be continuing development of KSE for the foreseeable future.

KeyStore Explorer 4.2 Proposed Features

April 24, 2012

After a not so fun time last week dealing with the ‘java.lang.IllegalStateException: no splash screen available’ bug I thought I’d post some positive KeyStore Explorer news. Specifically that I have settled on a set of features to comprise version 4.2.

They are as follows:

Secret/Symmetric key generation

Up until now I have neglected to add secret key support in KSE. However, now that even keytool supports secret keys I’m eager to catch up. From 4.2 KSE will be capable of generating 25 different types of secret key entries. This feature is already complete. See the screenshot below for a list of support algorithms.

Click to enlarge

Extended support for Key entries

Secret keys are stored in key entries within KeyStores. Key entries also support storage of lone private or public keys. Until now users of KSE have only been able to delete key entries regardless of what was stored within them. From 4.2 (where the KeyStore type allows it) key entries can be examined, unlocked, have their passwords changed, be renamed, be cut/copy/pasted and preserved when a KeyStore changes type. This feature is almost complete.

Examine CSR

Currently KSE allows CSRs to be generated and signed. In 4.2 it will also be possible to view their details.

Support more KeyStore file extensions

A basic change to support some of the rarer KeyStore file extensions in the various file dialogs (.jceks, .bks, .uber, etc).

Remember last file directory between sessions

Another basic (and self-explanatory) change.

Direct Certificate import and export from Certificate Details dialog

This feature will the direct import as a Trusted Certificate entry of any certificate from the Examine Certificate dialog. No more viewing the certificate’s PEM, exporting it and then re-importing it will be required.

Fixed: java.lang.IllegalStateException: no splash screen available

April 16, 2012

The issue I posted about last night, java.lang.IllegalStateException: no splash screen available, has now been fixed.

Simply uninstall version 4.1 and download and install the patched version 4.1.1.

Bug: java.lang.IllegalStateException: no splash screen available

April 15, 2012

Over the last few weeks I started noticing the following search term appearing in the lazgosoftware and this blog’s keyword search terms:

java.lang.IllegalStateException: no splash screen available

The search term appeared roughly once a day and seemed to suggest that some users were having an issue with KeyStore Explorer. Specifically, given the time frame of the searches, with the newly released version 4.1. However, I could not replicate the issue and none of the beta test users had come across it. Worse still, almost nobody was talking to me about it. A handful of people had reported it but only one of those was prepared to run any diagnostic commands (and that proved to be a dead-end as KeyStore Explorer suddenly started working).

After seeing the search term pop-up once again in my blog today I was getting more than a little frustrated. I knew there was an issue but had nothing to act upon. However, I spent some time this evening trying to replicate anyway. It is tricky trying to replicate an issue you have no details on it but I did manage it finally.

The error message suggested that there was an issue with the splash screen functionality. It turned out that if a user has never had a version of KeyStore Explorer installed before, has not upgraded their JCE policy files and is using Java 7 (rather than Java 6) that the following error dialog will appear after the license agreement and KeyStore Explorer will fail to start:

This explains why the beta test users never encountered the issue (they were users of previous versions) and why the one helpful user found that 4.1 suddenly started working (they subsequently installed and ran 4.0.1).

I have worked out a fix and will look to release it as soon as possible. In the meantime…


  1. Download and install KeyStore Explorer 4.0.1.
  2. Start it and accept the license agreement then close it.
  3. Now you can happily run KeyStore Explorer 4.1.

KeyStore Explorer 4.1 Released

March 17, 2012

I am pleased to announce that KeyStore Explorer 4.1 has been released. I have been working on this release on and off (mostly off) for nearly two years. It is great to finally be able to distribute it. I intend to release more frequently going forward.

My thanks go to the beta test volunteers. The volunteers found bugs and suggested many improvements. Some of the minor improvements made it into 4.1. The meatier enhancements are slated for future releases. I intend to run beta test programmes for all future releases.

Note that to use version 4.1 you may have to upgrade the cryptography strength of your Java Runtime. I have built a wizard into KeyStore Explorer to guide users through this process. Complicating the setup of KeyStore Explorer was not a decision I took lightly. Unfortunately the upgrade is required for me to expand KeyStore Explorer’s feature set.

KeyStore Explorer is available to download from here.

Here are the new features that you can expect to find in 4.1…

New Features in 4.1

Double maximum RSA Key Pair Generation size from 8192 bits to 16384 bits.

Upgrade to latest Bouncy Castle version.

Support 11 new signatures algorithms for Key Pair Generation, CSR Generation and CSR Signing:

  • RIPEMD-128 with RSA.
  • RIPEMD-160 with RSA.
  • RIPEMD-256 with RSA
  • SHA-224 with RSA.
  • SHA-256 with RSA.
  • SHA-384  with RSA.
  • SHA-512 with RSA.
  • SHA-224 with DSA.
  • SHA-256 with DSA.
  • SHA-384 with DSA.
  • SHA-512 with DSA.

Configurable Trust Check settings for:

  • Import Trusted Certificate.
  • Import CA Reply.

Allow the removal of certificates from the end of a key pair entry’s certificate chain.

Make thumbprints selectable and expand choice of thumbprints (applies to Certificate Details dialog).

A History of KeyStore Explorer – Part Two

February 21, 2012

KeyStore Explorer (KSE) has existed, in one form or another, since 2002. These days it is a freeware offering but it has not always been that way. KSE started as an open source project before morphing into a commercial project. It is only relatively recently that it was re-licensed to be free for all to use once again. As the utility is now almost ten years old I feel it is a good time to write a potted history of KSE.

This post continues from Part One.

Money Talks

This history continues in early 2004. At the time version 1.8 of the open source KeyTool GUI (KTG) was under development. Out of the blue I received an email from an IT Security company who had a proposition for me. The company was interested in integrating KTG into one of their products. However, KTG was licensed under the GPL which was not suitable for their purposes. Would I consider, for a fee, re-licensing the source code to them under their own license?

My answer was a maybe and negotiations commenced. This got me thinking. If a proper, grown-up company was prepared to pay good money for a source code license then perhaps end-users would pay for a commercial version of KTG. I decided that they might and started planning a new venture to test this out.

KTG would have to be forked, closed and re-licensed. I also decided to rename it. Firstly because “KeyTool GUI” was a bit of a naff name and secondly to reduce confusion when the tool became a paid-for offering. The plan was to stop working on the open source KTG and start working on the new commercial offering. I settled on the name “KeyStore Explorer” and got to work on finalising the features that had originally been earmarked for KTG 1.8 (notably unencrypted  PKCS #8 private key support). I also had to quickly implement runtime license support and a time-bombed evaluation mode. Source code obfuscation was also added and the code was re-licensed commercially.

(At the time I received some criticism for my decision to re-license the GPL’d KTG source code. Some people suggested that I couldn’t do this. Rather than engage in a debate I left them to their delusions. I own the copyright to the code whether it is licensed under the GPL or not. As such I can re-license it under another license should I choose. In addition my permission is required before any of my GPL code can be re-licensed under any other license. I plan to expand on this and the many other open source misconceptions I have encountered over the years in a future post).

I was determined to run the new venture legitimately and therefore formed a company: Lazgo Software Ltd. I had never run a business before but was looking forward to familiarising myself with the inner workings of a real company. I would have to get to grips with taxes, payroll, dividends, company accounts, marketing and everything else. It may sound perverse but all of this interested me purely because it was all so unfamiliar.

Next came web hosting, the company website and a simple integration with PayPal to enable purchasing. I had to get the hang of PHP and MySQL very quickly to accomplish all of this. Early 2004 proved to be a very busy time for me as I continued with my full-time employment.

Over this time a deal was agreed for a source code license with the IT Security company, contracts were exchanged and a tidy sum materialized in the Lazgo company bank account. I had an initial injection of cash and was ready to release KSE a few weeks later. Selling a single source code license was one thing. Would users pay for runtime licenses? I really had no idea at the time whether or not anyone would be interested in buying a license for KSE.

KeyStore Explorer

Click to enlarge

KSE 2.0 went on sale in May 2004. I offered single, five and ten user licenses as well as site licenses. Over the next few months I was pleasantly surprised to see the sales projections in my business plan smashed. It looked like there was a market for KSE after all and I duly got working on new features.  August and December 2004 saw the release of versions 2.1 and 2.2 respectively. In these versions many UI improvements made an appearance, the Help feature was greatly improved with the introduction of Java Help and functionality relating to CSR, JAR and MIDlet signing were all added.

Providing new features so quickly proved to be a good move when KTG was again forked, but not by me. While I worked on KSE I had abandoned my open source work on KTG. However, there was nothing to stop others from continuing my work. That is, after all, one of the main advantages of open source. I suddenly had competition in the form of Portecle. This was essentially KTG under a another name and again licensed under the GPL. I could also expect the maintainer of Portecle to to start adding new features in future releases. I reckoned that I would have to work very hard to compete with a free offering. To be competing with my own work was odd to say the least.

With sales going well I turned to streamlining the e-commerce side of the business. Initially I had manually fulfilled sales upon notification of purchases from PayPal. This quickly became unsustainable. I moved away from PayPal and signed up with a professional web payments service with a better integration offering. I carried out work to fully automate all aspects of purchasing with license keys and invoices being automatically emailed out on purchase. With most of the drudgery of sales eliminated I had more time to focus on the product.

Click to enlarge

Three more releases followed between March 2005 and February 2006 taking KSE to version 2.5. I focussed on support for new key formats including encrypted PKCS #8, and Microsoft’s hideous PVK private key format. I also invested time and money in making the product look more professional. First impressions are everything and I had to make KSE look as slick as possible if I was going to persuade users to part with their hard-earned cash. It is my belief that the best application in the world will struggle more than it should if it does not look professional.

To describe KTG’s icons as amateurish is being generous and they were still present in KSE up until 2.2. I tackled this by purchasing a license for the excellent Icon Experience icon set and integrated those into version 2.3. I also reworked the splash screen and was quite pleased with the results.

Besides enjoying the development and creative sides of KSE I really thrived on progressing my business skills. During the time KSE was available commercially I experimented with different price-points, promotions and carried out marketing via Adwords. Everything was a new experience to me and that in itself made it all enjoyable.


With the release of KSE 2.5 I decided it was time for some major changes in the product. I had basically been piling features onto the same old creaky UI that had been created for KTG. There were many areas ripe for improvement. At the time the tool sported a single document interface which was unacceptable for a modern application. Users could not utilise copy/paste or drag and drop in the application either nor was there any undo/redo support. Installation options were also lacking with only Windows or manual installations available. The application was written in Java and worked perfectly well on Mac OS X and Linux so why not cater directly to those users? As a commercial application, users would expect all of these features and more.

Click to enlarge

KSE versions 3.0 – 3.3 were written and released between March 2006 and November 2009. I included many new features including a tabbed multiple document interface, cut/copy/paste support, drag and drop export, undo/redo, a Mac OS X disk image, a Linux/Unix self-extracting install, a new Quick Start welcome UI, Tip of the Day, support for many new key and certificate formats (PKI Path and SPC certs, Netscape SPKAC CSRs, OpenSSL keys), support to edit X.509 extensions and many more improvements too numerous to mention here. I also continued to improve the look and feel of the application with custom icons commissioned from Iconaholic (see the modern KSE application and KeyStore icons for examples of their awesome work) and continued by obsession with tweaking the splash screen.

Click to enlarge

For the first time KSE felt to me like a grown-up desktop application. In addition I was miles ahead of any of the competition in terms of features (many open source keytool UIs had sprung up in the intervening years). I had invested heavily in terms of my time and reinvested some of the profits wisely in terms of icons, third party libraries and the many books I had studied over the years on general security, PKI, UI design and business. However, it was all worth it. Sales were still good and I could now say that I knew how to run a profitable business.

Unfortunately by late 2009 a lot of the fun and excitement had evaporated. I had greatly enjoyed the experience up until then but was growing a little bored with running Lazgo Software. I had streamlined all I could but increasingly dreaded my quarterly weekend session with the accounts, dealing with the tax man and the plethora of other really dull things that are involved in running a business. Running the business was not a challenge any more, just a bit boring. Worse still I had no idea what direction I could take KSE in. It supported every relevant crypto format and was feature rich. It just seemed done to me.

So the business definitely had to go. When something isn’t fun any more it isn’t worth it no matter the money it brings in (when I told people this at the time they looked at me like I was nuts, maybe I am). I still had to decide what to do with KSE, however. I will detail what happened next when I conclude this history in part three.