PixInsight 1.8.3.1123 Ripley: New Project Features

Juan Conejero

PixInsight Staff
Sep 2, 2004
8,380
467
57
Valencia, Spain
pixinsight.com
The next version 1.8.3.1123 of PixInsight, which we'll release tomorrow, comes with important new features to improve generation and management of PixInsight projects.


Sealed Projects

Sealing is a basic, unobtrusive mechanism to protect data integrity using highly secure cryptographic techniques (AES256 encryption with random padding in the current versions of PixInsight). When you write a sealed project, PixInsight computes a SHA1 checksum for the .xosm project file and stores it encrypted in a special .seal data file (on the .data project folder). When the project is loaded, PixInsight will decrypt the .seal file to verify that the project file has not been modified since it was generated. When you load a sealed project without warnings, you can be sure that no one or nothing has tampered with your data. Note that sealed projects force generation of SHA1 checksums for all project data files, which are stored as XML attributes in the .xosm file. This double hashing effectively prevents any changes for the whole project contents.

Starting from version 1.8.3.1123, project sealing is enabled by default (it can be disabled as an option, but this is strongly discouraged). However, when you load a project generated with previous versions, PixInsight detects no seal file in the project and issues a warning as shown below.


Simply click the OK button to load the project, and regenerate it on disk with the new version (with the sealing option enabled) to include a project seal file.

When a sealed project is loaded successfully, a note is written to the console to let you know that the integrity of your data has been verified:


When a sealed project is loaded and the seal verification fails, PixInsight informs you with an error message similar to this:



New Load Empty Project Command

In the new version we have a Load Empty Project item in the FILE main menu:


This option closes all images, icons, text files and tool windows, and resets the whole PixInsight platform to a default state. It is useful to start a new project from scratch without having to exit the PixInsight Core application.


Improved Project Robustness

An important amount of code involved in project input/output tasks has been rewritten to achieve a much higher robustness. Projects are now highly error-tolerant, and can load virtually all of the data available in a project affected by XML errors, missing tools and interfaces, damaged images, ill-behaved processes, etc. The following screenshot shows an example where a missing process was preventing a project from loading some images in previous versions of PixInsight:



In Preparation: Signed Projects

An upcoming version of the PixInsight Core application (before Christmas due January 2015) will include an additional project security feature: Signed projects with X.509 certificates and RSA encryption. Digital signatures will project both data integrity and authentication.
 

Physicist13

Active member
Jul 18, 2013
36
0
will file size be affected much by this? Are there any potential issues when moving file locations? thanks.
Patrick
 

Juan Conejero

PixInsight Staff
Sep 2, 2004
8,380
467
57
Valencia, Spain
pixinsight.com
Hi Patrick,

will file size be affected much by this?
Not at all. A project seal file occupies exactly 320 bytes. Digital signatures will require some more space to store a certificate and some auxiliary data, but it will be just some kilobytes.

Are there any potential issues when moving file locations?
None. PixInsight project files are position-independent by design. As long as you keep the .xosm file and the .data folder on the same directory, you can move them to any location on your filesystem, across different computers, and to any supported platform.
 

Juan Conejero

PixInsight Staff
Sep 2, 2004
8,380
467
57
Valencia, Spain
pixinsight.com
cdesselles said:
Will Signed Projects be a default like Sealed Projects?  Or (hopefully, since I'm the only user of PI on my equipment) will it be optional only?
They will be optional and disabled by default. To sign a project or an XISF image you'll need a digital certificate, which you can obtain from a certification authority. You can also use a self-signed certificate that you can generate very easily on your computer, but most likely it won't be trusted on other machines when you distribute your projects and images.