889.2.1
(Windows/ATE) Fix bug introduced in 889.1 which caused various problems in control operations.
889.1.1
Fix a licensing problem in which the ISAMPLUS license bit for existing licenses was being disabled. Problem was introduced in 889.
889.1.2
(Windows/ATE) Locking the keyboard with tab(-1,7) no longer conflicts with ATE functions that rely on data being sent back through the keyboard channel (e.g. ESC sequences or TAB(-10,x) command for file transfers, launching windows files, etc.)
889.1.3
(Windows) XCALL MESAG and MSGBOX now make sure that the screen buffer is flushed before the box is displayed. (Previously it was possible that the last PRINT statement prior to the XCALL may not have been visible.)
889.0.1
(Windows/ATE) ATE 3.0.141 fixes some problems with FTP transfers, including an intermittant timeout at the end of a transfer. The port and timeout options are now implemented.
889.0.2
(Windows/INFLD) Misc minor problems resolved. The + and - keys on the numpad were acting as if hit twice. Using a blank to remove a leading - sign in an alphanumeric field was clearing the space in front of the field. TYPE { (character set acceptance) was being confused with TYPE } (line editing and inmemo mode); only the latter should disable the Windows edit control version.
889.0.3
INI file options that take a Boolean argument are now somewhat more internationally minded. Responses beginning with the following are all treated as true:
T (True)
Y (Yes)
1
ON
Sí
Si (Sim)
OU (Oui)
Al (Allineare)
V (Verdad,vrai,verdadeiro)
Responses beginning with the following are considered false:
F (False,Falso)
N (No,Non)
0
OFF
Any other starting letter will be checked against the current LDF file to see if it matches the single-character yes or no definitions.
889.0.4
(Linux) First round of support for the EFS encrypted file service. This is a feature currently being added for a single developer but which may be made available as a license option in the future. Basically it allows files to encrypted and decrypted on command (via an XCALL) using AES encryption, but more importantly you can read and write directly to encrypted files (just as if they were normal files). The objective is to provide a higher degree of privacy protection for sensitive data by closing three of the main security gaps in most organizations: 1) hackers breaking into the network and stealing data files directly; 2) employees or other insiders copying data from the server to the their PC and then to email or removable media, and 3) stealing backups.
The new EFS.SBR handles most of the operations related to encryption:
XCALL EFS,0,STS ! check if EFS is available
XCALL EFS,1,STS,KEY ! specify new encryption key
XCALL EFS,2,STS,FSPEC ! check if FSPEC file encrypted
XCALL EFS,3,STS,ISPEC{,OSPEC} ! encrypt ISPEC {into OSPEC}
XCALL EFS,4,STS,ISPEC{,OSPEC} ! decrypt ISPEC (into OSPEC}
STS (F,6) is returned as follows:
0 = success
-1 = EFS not available
-2 = EFS not licensed
-3 = param error
>0 = errno
KEY (X,32) should be mapped as follows
MAP1 KEY,X,32
MAP2 KEY$,S,32,@KEY
By specifying the unformatted KEY parameter, it will not show up in the trace log even if TRACE=XCALL is set. Furthermore, if your key is less than 32 bytes long, the remaining key bytes will be supplied from a default internal ashell key. By taking advantage of this feature, even if your part of the key was exposed and a copy of the file stolen, the culprit would still need a licensed copy of A-Shell to decrypt it.
ISPEC, OSPEC (string) are AMOS or native filespecs.
When the EFS license option in enabled, A-Shell will automatically detect when a random, ISAM, or ISAMPLUS file has been encrypted and thus there is no need to specifically identify to A-Shell which files are encrypted, except with you create a new file. In that case, for RANDOM files created with ALLOCATE, use XCALL ASFLAG,512 prior to the allocate to set the encryption flag. (As with other ASFLAG values, the setting only lasts until the end of the current program.) For ISAMPLUS, you can use the new ISMUTL /E switch (requires ISMUTL.LIT 1.3(128) or higher). For old ISAM, you can first use ISMBLD, then use XCALL EFS,3,STS,ISPEC to encrypt the DAT and/or IDX file(s). (An ISMBLD switch may be added if there is a demand.)
Note that direct reading and writing of encrypted files only works for "contiguous" files (random, ISAM, ISAMPLUS). For printfiles, if you want to encrypt them, you will probably need to use XCALL EFS after closing (and after spooling, if applicable) the file. Similarly, you would use XCALL EFS again to decrypt it before accessing (viewing, reprinting) the file later.