I have a couple of questions. The easy ones first.
1. Does the license of GPL applies to all of the files included?
2. I would like to include your library in the project (make it easier for people vs. requiring them download them separately.)
3. When pushing the public key from the server using the PHP OpenSSL functions (openssl_encrypt()) I am not able to decrypt the data using the dummy.aes.encryptText() function.
The PHP openssl_encrypt function requires the following arguements:
string openssl_encrypt ( string $data , string $method , string $password ] )
When using the dummy.aes.encryptText() function from your libraries I use it like so:
options.aes.encryptText(plain, pass, {nBits:256,salt:'16bytes'})
Any insights or pointers are greatly appreciated as I am trying to eliminate the dreaded mitm vectors. If your interested in the project I have it hosted at https://www.github.com/jas-/jQuery.pidCrypt
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1. Because of the nature of the GPL it is enough that one file in the library is of that license type to make it mandatory for the whole library. The licenses of the individual files are embedded in each file.
2. You may very well include the library in your project. It is then of course completely up to you to keep your inclusion up to date.
Great I do appreciate your feedback. I will look into the AES-CBC differences on the PHP lists.
In terms to proper implementation of the libraries I was wondering if peer review is possible? These libraries are very easy to use, and the project I have been working on makes it easier, however because I am not 100% certain of the implementation do you, or could you take a look at a demonstration I have put together to ensure I am using them properly?
Well that won't work, it seems I may have to just provide the user resources to your libraries for inclusion to comply with my countries crypto regulations dictated here. http://www.bis.doc.gov/encryption/
Thanks again for your time
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have a couple of questions. The easy ones first.
1. Does the license of GPL applies to all of the files included?
2. I would like to include your library in the project (make it easier for people vs. requiring them download them separately.)
3. When pushing the public key from the server using the PHP OpenSSL functions (openssl_encrypt()) I am not able to decrypt the data using the dummy.aes.encryptText() function.
The PHP openssl_encrypt function requires the following arguements:
string openssl_encrypt ( string $data , string $method , string $password ] )
When using the dummy.aes.encryptText() function from your libraries I use it like so:
options.aes.encryptText(plain, pass, {nBits:256,salt:'16bytes'})
Any insights or pointers are greatly appreciated as I am trying to eliminate the dreaded mitm vectors. If your interested in the project I have it hosted at https://www.github.com/jas-/jQuery.pidCrypt
Hi,
1. Because of the nature of the GPL it is enough that one file in the library is of that license type to make it mandatory for the whole library. The licenses of the individual files are embedded in each file.
2. You may very well include the library in your project. It is then of course completely up to you to keep your inclusion up to date.
3. The OpenSSL salt is 8 bytes, not 16 bytes, see http://www.cipherbox.org/wiki/index.php/Documentation#OpenSSL_encrypted_data
Also the User Contributed Notes in the documentation at http://www.php.net/manual/en/function.openssl-encrypt.php suggest that they may have mixed up IV and salt, since the IV is always 16 bytes long.
But since PHP is not our strong suit, I think you should rather discuss the PHP openssl_encrypt function with a developer of PHP.
Great I do appreciate your feedback. I will look into the AES-CBC differences on the PHP lists.
In terms to proper implementation of the libraries I was wondering if peer review is possible? These libraries are very easy to use, and the project I have been working on makes it easier, however because I am not 100% certain of the implementation do you, or could you take a look at a demonstration I have put together to ensure I am using them properly?
http://demo.in-my-cloud.com/jQuery.pidCrypt/example.html it is the same project available at https://www.github.com/jas-/jQuery.pidCrypt
Thanks for your time!
Well that won't work, it seems I may have to just provide the user resources to your libraries for inclusion to comply with my countries crypto regulations dictated here. http://www.bis.doc.gov/encryption/
Thanks again for your time
Hmm, it looks as your source code is publicly available you can self classify as 5D002. http://www.bis.doc.gov/encryption/decision_tree.pdf and §740.13 e http://edocket.access.gpo.gov/cfr_2011/janqtr/pdf/15cfr740.13.pdf