ePoint System / News: Recent posts

The development of ePoint System is no longer done via SourceForge. We have moved everything to our own server:
https://www.epointsystem.org/trac

A simple FastCGI server for issuing ePoints that has been alpha-tested for ten months is now deemed to be ready for general beta-release.
It's been written in C and tested with Apache 1.3 mod_fastcgi.

This is a feature-freeze release before 1.0
Code cleanup, Bug fixing, Keyserver bug workaround,
String-to-keypair, Modification Detection Code
Enjoy!

The quick check for symmetric key integrity constitutes a serious vulnerability under certain circumstances, when using ePointPGP in server applications.

In short, by repeated attempts at decrypting a number of carefully chosen fake ciphertext messages purporting to have been encrypted with the same symmetric key as the attacked message, the attacker can gain enough information from the fact whether or not it has passed the quick check to decrypt the first two bytes in the next block (and then those in all subsequent blocks).... read more

Major bugfix and code/API cleanup

Major bugfix release, experimental key generation code

mod_payment + Apache is an easy micropayment solution for web-based services. While it has been developed in conjunction with the ePoint project, mod_payment can be used independently. This apache module is NOT suitable for the administration of on-line purchases of physical objects.

Minor enhacements over v0.4. No features added.

Beta release; everything is supposed to work. Features: electronic signature verification and password-based encryption-decryption

Cleanup, bugfixes and compressed stream support

Major code and design cleanup. Sensible underliing I/O model (Stream based). New feature: password based decryption.

ePointPGP is an ultralightweight OpenPGP suite for java
that builds on the existing crypto-providers rather than
implementing a new one.
Suitable for applets without policy changes.
One design goal is to make it as "stipable" as possible -- to avoid unnecessary dependencies in order to provide only the required functionality, nothing more.
At this stage, only signature verification works. Testing is needed.

The first usable software package from the ePoint project is ready for testing. The command line utility "contract" is used to fill out templates (rather trivial task, the shell can do it itself), while "extract" can extract variable values from text files generated by "contract". This is a more challenging task with many pitfalls.
The package is intended for high-security applications, so extensive testing is needed.