ePoint System / News: Recent posts

Development moved!

The development of ePoint System is no longer done via SourceForge. We have moved everything to our own server:
https://www.epointsystem.org/trac

Posted by Daniel A Nagy 2008-03-11

ePoint issuer server "redcent": initial release

A simple FastCGI server for issuing ePoints that has been alpha-tested for ten months is now deemed to be ready for general beta-release.
It's been written in C and tested with Apache 1.3 mod_fastcgi.

Posted by Daniel A Nagy 2005-08-02

ePointPGP java package v0.8 released

This is a feature-freeze release before 1.0
Code cleanup, Bug fixing, Keyserver bug workaround,
String-to-keypair, Modification Detection Code
Enjoy!

Posted by Daniel A Nagy 2005-04-08

Comments on OpenPGP encryption vulnerability

The quick check for symmetric key integrity constitutes a serious vulnerability under certain circumstances, when using ePointPGP in server applications.

In short, by repeated attempts at decrypting a number of carefully chosen fake ciphertext messages purporting to have been encrypted with the same symmetric key as the attacked message, the attacker can gain enough information from the fact whether or not it has passed the quick check to decrypt the first two bytes in the next block (and then those in all subsequent blocks).... read more

Posted by Daniel A Nagy 2005-02-24

ePointPGP java package v0.7 released

Major bugfix and code/API cleanup

Posted by Daniel A Nagy 2005-02-04

ePointPGP java package v0.6 released

Major bugfix release, experimental key generation code

Posted by Daniel A Nagy 2004-11-13

mod_payment Apache micropayment module v0.1 (beta) released

mod_payment + Apache is an easy micropayment solution for web-based services. While it has been developed in conjunction with the ePoint project, mod_payment can be used independently. This apache module is NOT suitable for the administration of on-line purchases of physical objects.

Posted by Daniel A Nagy 2004-09-15

ePointPGP java package v0.5 released

Minor enhacements over v0.4. No features added.

Posted by Daniel A Nagy 2004-08-28

ePointPGP java package v0.4 (beta) released

Beta release; everything is supposed to work. Features: electronic signature verification and password-based encryption-decryption

Posted by Daniel A Nagy 2004-03-07

ePointPGP java package v0.3 released (pre-beta)

Cleanup, bugfixes and compressed stream support

Posted by Daniel A Nagy 2004-03-05

ePointPGP java package v0.2 released

Major code and design cleanup. Sensible underliing I/O model (Stream based). New feature: password based decryption.

Posted by Daniel A Nagy 2004-03-05

ePointPGP java package released (Alpha)

ePointPGP is an ultralightweight OpenPGP suite for java
that builds on the existing crypto-providers rather than
implementing a new one.
Suitable for applets without policy changes.
One design goal is to make it as "stipable" as possible -- to avoid unnecessary dependencies in order to provide only the required functionality, nothing more.
At this stage, only signature verification works. Testing is needed.

Posted by Daniel A Nagy 2004-02-27

Template Suite Ready for Testing

The first usable software package from the ePoint project is ready for testing. The command line utility "contract" is used to fill out templates (rather trivial task, the shell can do it itself), while "extract" can extract variable values from text files generated by "contract". This is a more challenging task with many pitfalls.
The package is intended for high-security applications, so extensive testing is needed.

Posted by Daniel A Nagy 2004-02-23