MD5tool distribution notes.
====================

Installation

MD5tool is a self-standing program and requires no setup phase or
runtime components. Once a copy is present on your system,
dragging and dropping onto the desktop will create a shortcut to
access the tool.

An .md5 file of this distribution is provided to try the program out.
You should confirm that the MD5tool's own version of its digest,
reported in Help/About, corresponds with the one calculated in the
session. The Systems Support area of the ECS web presence should
be able to provide you with an independent check of the digest
should you need it.

For completeness, the original, command line based MD5 tool and
its man page are included.

The following text up to and including the section 'Credits' is within
the program under menu option Help/Help.

Overview

MD5tool attempts to address the increasing problem of referring to
electronic files and documents in a legally unambiguous way.
MD5tool provides a convenient way of calculating the 128-bit
'message digests' for files of any type under Windows. 

A digest represents- or stands for the file it was generated from.
Being only 128-bits, it will usually be considerably shorter than the
file and therefore cannot disclose the file content.

The MD5 algorithm is public-domain and it is in wide, international
use. It is of cryptographic strength and its RSA authors have
designed it so that no two files will have the same digest unless they
are identical. Essentially the algorithm is trying to identify which
unique file number the source file corresponds to in a universe of
2128 possible files. MD5 has proven to be very good at this. Very
similar files have wildly different digests and, consequently, there is
no known way of manufacturing two  similar files which have the
same digest.

MD5tool provides an easy to use way of recording and regenerating
the digests of potentially valuable collections of files. By showing
that the digests are identical to those in an earlier archived record it
should be possible to prove legally that a current file is the same as
it was at the earlier time.

Using MD5tool

Files may be provided for processing by dragging and dropping
files onto its desktop shortcut or its open window.

When invoked, MD5tool creates a logging window containing the
date and time of processing, digests and pathnames of all processed
files. This log can be copied onto the clipboard or saved in a file of
type MD5.

The collection of files recorded in an MD5 file are assumed to exist
in a filestore subtree rooted relative to the location of the MD5 file
itself. In these circumstances all the filenames in the saved MD5 file
are relative. To ensure there is no confusion at processing time what
files are actually being processed, the logging window shows the
full, absolute filename. This is so that the whole collection of files,
with its MD5 file(s), can be moved together across networks and
drives (notably CDROMs) and continue to be able to be run
unaltered. This is important since it is the digest of the MD5 file that
will often be formally recorded and this must not change. If the
MD5 file is saved remote from the file collection and shares no path
elements then full pathnames will be saved.

MD5 files can themselves be dragged and dropped onto MD5tool or
can be associated with it. This is a quick way of recalculating the
message digests of a group of files. The lists of files can be added to
by dragging and dropping further files onto the logging window.
MD5tool checks all the time to see if a file already has an entry. If so,
then it will check whether the digest matches. The time stamp of any
changed file is updated and the ':' colon is changed to a '*' asterisk
as a more persistent change flag. All files that have had an MD5
calculation performed are highlighted whether they have changed
or not.

Adjustments to the files in the logging window can be made by
selecting one or more files and then picking a command from the
right-click pop-up menu. Major adjustments and window saving
operations are undertaken by the menu bar commands.

MD5 files are just ASCII text files and can be edited if necessary.
Comments can be added by inserting comment lines beginning with
'#' hash. Beware: the file line syntax must not be altered if
processing is to be reliable.

The List digest calculated is exactly the same as would be calculated
if the contents were saved in a file and submitted to MD5tool. The
digest of a prior MD5 file can be checked this way by control-
dragging it to MD5tool and then requesting its digest.

Using MD5 files

The MD5 files provide a time-stamped log which associates files and
their content. Provided it is itself logged, it will provide evidence of
the state of the files at that time. Writing the message digest of the
MD5 log file itself in a formal laboratory note book should be
sufficient proof.

Any dispute regarding what the state of the files are at a particular
time will depend on showing that the file in question has the same
message digest (i.e. content) as the one that was claimed to be in
existence at the time. As files are likely to undergo considerable
change through a project it is important to durably archive them. It
may not be clear initially which files may be key in disputes that
may arise years later. What will be important is proving beyond
reasonable doubt that the file had the content it did at the time it is
claimed.

In addition, either (a) the MD5 log files must be kept either in
hardcopy or (b) their digests must be kept in hardcopy with the
MD5 files kept in the electronic archive. If the latter approach is
used then the validity of the digests in the MD5 file is dependent on
showing that it itself has the correct digest too.

Currently, the only recognised means of maintaining a
chronological record is to use a laboratory notebook. Writing the
128-bit digests into the log book is somewhat error prone so
printouts of the digests can be fastened into notebooks provided
that it is done durably and the insertions are properly endorsed.

Credits

MD5tool was created by Steven Blackburn using Borland C++
Builder round the RSA MD5 public-domain core. It was initially
conceived as a Windows-based IPR protection device by Adrian
Pickering.

---------

Expert use

The digest of an .md5 file can be created by explicitly loading the file
by option List/Add and .md5 file. Alternatively, do a control-drag-
and-drop from your file source.

If the .md5 contains many files and you wish to check just a few,
then explicitly File/Open Without Processing the .md5 file. The files
to check can then be dragged and dropped on the window in the
usual way to identify the files in the list and check their digests.

If an .md5 file is needed that contains root-relative or device-
absolute paths then ensure that the list is saved in a location that
shares no common element to the file collection pathnames. The
List/Calculate List Digest should be undertaken after the file is
written so that MD5tool knows what form the file pathnames have
taken.

The List/Force Recalculate option regenerates all the digests as if all
the files had been submitted from new. List/Recalculate simulates
dropping an .md5 file of the window contents on the tool.

Use and Comments

There are no restrictions on the non-commercial and educational use
of MD5tool. If you wish to use the program for your own gain we
ask you to respect copyright and, therefore, please ask for
permission.

We welcome your comments on the usefulness of MD5tool and, in
particular, any problems you find in its use. Please mail your
comments to Adrian Pickering at jap@ecs.soton.ac.uk. Please insert
the word 'MD5tool' in your subject heading.

JAP
14 September 1999

-----------

Known bugs:

1. The date format setting in Windows must be of the form nn/nn/nn
i.e. do not use the 4-digit year setting.