Difference between revisions of "Pccipher"

From ProgClub
Jump to: navigation, search
 
(46 intermediate revisions by 8 users not shown)
Line 1: Line 1:
Pccipher is the ProgClub encryption software. That's the software that allows you to encrypt and decrypt data in PHP and Javascript. It's compatible with 32-bit and 64-bit implementations of PHP, and should work in any Javascript capable web-browser. For other projects see [[Projects]].
+
Pccipher is the ProgClub encryption software. That's the software that allows you to encrypt and decrypt data in PHP and Javascript. It's compatible with 32-bit and 64-bit implementations of PHP, and should work in any Javascript capable web-browser. Pccipher is [http://www.schneier.com/blowfish-products.html listed on computer security expert Bruce Schneier's web-site]. For other projects see [[Projects]].
  
 
== Project status ==
 
== Project status ==
Line 10: Line 10:
  
 
* [[User:John|John]]
 
* [[User:John|John]]
 +
 +
All contributors have agreed to the terms of the [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]]. This excludes any upstream contributors who tend to have different administrative frameworks.
  
 
Upstream contributors for the phpjs library used by pccipher/js.
 
Upstream contributors for the phpjs library used by pccipher/js.
Line 17: Line 19:
 
Upstream contributors for the jQuery library used by pccipher/js.
 
Upstream contributors for the jQuery library used by pccipher/js.
  
* John Resig, http://jquery.com/
+
* John Resig, http://jquery.com/ and the [http://jquery.org/team/ jQuery team]
  
 
Upstream contributors for the QUnit library used by pccipher/js.
 
Upstream contributors for the QUnit library used by pccipher/js.
  
 
* [https://github.com/jquery/qunit/blob/master/qunit/qunit.js QUnit contributors]
 
* [https://github.com/jquery/qunit/blob/master/qunit/qunit.js QUnit contributors]
 +
 +
Upstream contributors for the SimpleTest library used by pccipher/php.
 +
 +
* [http://www.simpletest.org/ SimpleTest contributors]
  
 
== Copyright ==
 
== Copyright ==
  
Copyright 2011, [[Pccipher#Contributors|Contributors]]. Dual licensed under the [[MIT license|MIT]] and [[GPL]] licenses.
+
Copyright 2011, [[Pccipher#Contributors|Contributors]]. Dual licensed under the [[MIT license|MIT]] or [[GPL]] licenses.
 +
 
 +
Pccipher uses the [http://phpjs.org phpjs] library which is dual licensed under the MIT or GPL licenses.
 +
 
 +
Pccipher uses the [http://jquery.org/ jQuery] library which is dual licensed under the MIT or GPL licenses.
 +
 
 +
Pccipher uses the [http://docs.jquery.com/QUnit QUnit] library which is dual licensed under the MIT or GPL licenses.
  
Pccipher uses the [http://phpjs.org phpjs] library which is dual licensed under the MIT and GPL licenses.
+
Pccipher uses the [http://www.simpletest.org/ SimpleTest] library which is licensed under the LGPL.
  
Pccipher uses the [http://jquery.org/license/ jQuery] library which is dual licensed under the MIT and GPL licenses.
+
== Download ==
  
Pccipher uses the [http://docs.jquery.com/QUnit QUnit] library which is dual licensed under the MIT and GPL licenses.
+
You can download the latest version of pccipher from the following URL:
 +
 
 +
http://www.progclub.org/download/pccipher/pccipher-latest.tar.gz
 +
 
 +
You can look in the [http://www.progclub.org/download/pccipher/ download directory] for specific releases.
  
 
== Source code ==
 
== Source code ==
 +
 +
The repository can be browsed online:
 +
 +
http://www.progclub.org/pcrepo/pccipher
  
 
The code for pccipher is publicly available from svn:
 
The code for pccipher is publicly available from svn:
Line 42: Line 62:
  
 
  https://www.progclub.org/svn/pcrepo/pccipher/trunk
 
  https://www.progclub.org/svn/pcrepo/pccipher/trunk
 
The repository can be browsed online:
 
 
http://www.progclub.org/pcrepo/pccipher
 
  
 
== Links ==
 
== Links ==
Line 67: Line 83:
 
* [https://github.com/jquery/qunit qunit on github]
 
* [https://github.com/jquery/qunit qunit on github]
  
== TODO ==
+
=== SimpleTest related information ===
 +
 
 +
* [http://www.simpletest.org/ SimpleTest: Unit Testing for PHP]
 +
* [https://simpletest.svn.sourceforge.net/svnroot/simpletest/simpletest/trunk/ SimpleTest svn repo]
 +
 
 +
=== Javascript encryption related information ===
 +
 
 +
Before using the pccipher javascript encryption library, it would behove you to read this article: [http://www.matasano.com/articles/javascript-cryptography/ Javascript Cryptography Considered Harmful]. As it points out, security through encryption in Javascript is pretty much impossible. That said, there are some benefits to using a Javascript encryption scheme, such as protecting user data even if the user saves a copy of the page as a HTML file on their hard-drive, and there is *some* value in using the Javascript encryption library as an obfuscator that will stop the less determined intruder. There was some [http://www.progclub.org/pipermail/list/2011-August/000017.html more discussion] about this on the ProgClub list that you might be interested in checking out or participating in.
 +
 
 +
== Tasks ==
 +
 
 +
=== TODO ===
  
 
Things to do, in rough order of priority:
 
Things to do, in rough order of priority:
  
* Find a Javascript testing framework and use it and write unit tests
+
* serialize/deserialize initial state in PHP (check it helps)
* Integrate with SimpleTest and write unit tests
+
* json for initial state in JavaScript? (Might be slower. Should investigate.)
* Document usage processes for Javascript and PHP
+
* inline functions in JavaScript to improve performance
 
* Use the 'pccipher' namespace for phpjs
 
* Use the 'pccipher' namespace for phpjs
* Package in .zip and .tar.gz download files
+
* Flesh out the unit tests
 
* Integrate with PHP mcrypt?
 
* Integrate with PHP mcrypt?
 +
* Compatible implementations in other languages
 +
* Twofish?
  
[[Category:TODO]]
+
=== Done ===
 
 
== Done ==
 
  
 
Stuff that's done. Latest stuff on top.
 
Stuff that's done. Latest stuff on top.
  
 +
* [[User:John|JE]] 2012-07-08: inlined functions in PHP to improve performance
 +
* [[User:John|JE]] 2011-10-30: fixed pccipher_encrypt and pccipher_decrypt functions
 +
* [[User:John|JE]] 2011-08-16: packaged in .tar.gz download files
 +
* [[User:John|JE]] 2011-08-16: documented usage process for Javascript and PHP
 +
* [[User:John|JE]] 2011-08-16: integrated SimpleTest testing framework for PHP
 +
* [[User:John|JE]] 2011-08-16: integrated QUnit testing framework for Javascript
 
* [[User:John|JE]] 2011-08-16: fixed formatting to use \x02 .. \x03 wrapper
 
* [[User:John|JE]] 2011-08-16: fixed formatting to use \x02 .. \x03 wrapper
 
* [[User:John|JE]] 2011-08-16: removed key crc, and added algorithm code
 
* [[User:John|JE]] 2011-08-16: removed key crc, and added algorithm code
Line 89: Line 122:
 
* [[User:John|JE]] 2011-08-16: created the project in svn
 
* [[User:John|JE]] 2011-08-16: created the project in svn
 
* [[User:John|JE]] 2011-08-16: created project page
 
* [[User:John|JE]] 2011-08-16: created project page
 +
 +
== Tests ==
 +
 +
=== Javascript tests ===
 +
 +
You can run the Javascript tests for the latest stable release at:
 +
 +
http://www.progclub.org/pccipher/js/test/test.html
 +
 +
And the latest development snapshot (i.e. trunk) at:
 +
 +
http://www.progclub.org/pccipher-dev/js/test/test.html
 +
 +
=== PHP tests ===
 +
 +
Note: the PHP testing links have been removed, because they place the server under load, and at the moment ProgClub is being slashdotted by http://programming.reddit.com/ and we can't have everyone clicking on them!
 +
 +
Update: We're not being slashdotted anymore, but I think I'll leave the links out anyway. If you're clever you'll be able to find them for yourself. Better to run the tests on your own system.
 +
 +
OK, OK. Here are the tests:
 +
 +
https://www.progclub.org/pccipher-dev/php/test/
  
 
== Notes for implementers ==
 
== Notes for implementers ==
Line 94: Line 149:
 
If you are interested in incorporating the ProgClub pccipher into your project, here's what you need to know:
 
If you are interested in incorporating the ProgClub pccipher into your project, here's what you need to know:
  
=== For Javascript ===
+
=== Javascript implementation ===
  
TODO: explain Javascript integration
+
An example Javascript implementation:
 +
 
 +
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 +
                      "http://www.w3.org/TR/html4/loose.dtd">
 +
  <html>
 +
  <head>
 +
    <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
 +
    <script type="text/javascript" src="http://www.progclub.org/pccipher/js/lib/phpjs/phpjs.js"></script>
 +
    <script type="text/javascript" src="http://www.progclub.org/pccipher/js/src/pccipher.js"></script>
 +
 +
    <script type="text/javascript">
 +
    $(document).ready(function(){
 +
 +
    var key = "my key (*your* key should be longer and more random)";
 +
    var text = "my text";
 +
    var data = pccipher_encrypt( text, key );
 +
    text = pccipher_decrypt( data, key );
 +
 +
    alert( text );
 +
 +
    });
 +
    </script>
 +
   
 +
  </head>
 +
  <body>
 +
    <h1>Pccipher example</h1>
 +
  </body>
 +
  </html>
 +
 
 +
=== PHP implementation ===
 +
 
 +
You probably want to setup an svn:externals to:
 +
 
 +
http://www.progclub.org/svnro/pcrepo/pccipher/tags/latest
  
=== For PHP ===
+
Then you can use the PHP library with something like this:
  
TODO: explain PHP integration
+
  <?php
 +
 +
  error_reporting( E_ALL );
 +
  ini_set( 'display_errors', 'On' );
 +
 +
  require_once( dirname( __FILE__ ) . '/path/to/pccipher/php/src/pccipher_auto.php' );
 +
 +
  $key = "my key (which isn't half as randomly awesome as *your* key will be)";
 +
  $text = "my text";
 +
  $data = pccipher_encrypt( $text, $key );
 +
  $text = pccipher_decrypt( $data, $key );
 +
 +
  echo "<p>" . $text . "</p>";
 +
 +
  ?>

Latest revision as of 16:15, 11 December 2017

Pccipher is the ProgClub encryption software. That's the software that allows you to encrypt and decrypt data in PHP and Javascript. It's compatible with 32-bit and 64-bit implementations of PHP, and should work in any Javascript capable web-browser. Pccipher is listed on computer security expert Bruce Schneier's web-site. For other projects see Projects.

Project status

Released! But there's still stuff TODO.

Contributors

Members who have contributed to this project. Newest on top.

All contributors have agreed to the terms of the Contributor License Agreement. This excludes any upstream contributors who tend to have different administrative frameworks.

Upstream contributors for the phpjs library used by pccipher/js.

Upstream contributors for the jQuery library used by pccipher/js.

Upstream contributors for the QUnit library used by pccipher/js.

Upstream contributors for the SimpleTest library used by pccipher/php.

Copyright

Copyright 2011, Contributors. Dual licensed under the MIT or GPL licenses.

Pccipher uses the phpjs library which is dual licensed under the MIT or GPL licenses.

Pccipher uses the jQuery library which is dual licensed under the MIT or GPL licenses.

Pccipher uses the QUnit library which is dual licensed under the MIT or GPL licenses.

Pccipher uses the SimpleTest library which is licensed under the LGPL.

Download

You can download the latest version of pccipher from the following URL:

http://www.progclub.org/download/pccipher/pccipher-latest.tar.gz

You can look in the download directory for specific releases.

Source code

The repository can be browsed online:

http://www.progclub.org/pcrepo/pccipher

The code for pccipher is publicly available from svn:

http://www.progclub.org/svnro/pcrepo/pccipher/tags/latest

Or privately available for read-write access:

https://www.progclub.org/svn/pcrepo/pccipher/trunk

Links

Blowfish related information

phpjs related information

jQuery related information

QUnit related information

SimpleTest related information

Javascript encryption related information

Before using the pccipher javascript encryption library, it would behove you to read this article: Javascript Cryptography Considered Harmful. As it points out, security through encryption in Javascript is pretty much impossible. That said, there are some benefits to using a Javascript encryption scheme, such as protecting user data even if the user saves a copy of the page as a HTML file on their hard-drive, and there is *some* value in using the Javascript encryption library as an obfuscator that will stop the less determined intruder. There was some more discussion about this on the ProgClub list that you might be interested in checking out or participating in.

Tasks

TODO

Things to do, in rough order of priority:

  • serialize/deserialize initial state in PHP (check it helps)
  • json for initial state in JavaScript? (Might be slower. Should investigate.)
  • inline functions in JavaScript to improve performance
  • Use the 'pccipher' namespace for phpjs
  • Flesh out the unit tests
  • Integrate with PHP mcrypt?
  • Compatible implementations in other languages
  • Twofish?

Done

Stuff that's done. Latest stuff on top.

  • JE 2012-07-08: inlined functions in PHP to improve performance
  • JE 2011-10-30: fixed pccipher_encrypt and pccipher_decrypt functions
  • JE 2011-08-16: packaged in .tar.gz download files
  • JE 2011-08-16: documented usage process for Javascript and PHP
  • JE 2011-08-16: integrated SimpleTest testing framework for PHP
  • JE 2011-08-16: integrated QUnit testing framework for Javascript
  • JE 2011-08-16: fixed formatting to use \x02 .. \x03 wrapper
  • JE 2011-08-16: removed key crc, and added algorithm code
  • JE 2011-08-16: copied in existing code (support for Blowfish on PHP and Javascript)
  • JE 2011-08-16: created the project in svn
  • JE 2011-08-16: created project page

Tests

Javascript tests

You can run the Javascript tests for the latest stable release at:

http://www.progclub.org/pccipher/js/test/test.html

And the latest development snapshot (i.e. trunk) at:

http://www.progclub.org/pccipher-dev/js/test/test.html

PHP tests

Note: the PHP testing links have been removed, because they place the server under load, and at the moment ProgClub is being slashdotted by http://programming.reddit.com/ and we can't have everyone clicking on them!

Update: We're not being slashdotted anymore, but I think I'll leave the links out anyway. If you're clever you'll be able to find them for yourself. Better to run the tests on your own system.

OK, OK. Here are the tests:

https://www.progclub.org/pccipher-dev/php/test/

Notes for implementers

If you are interested in incorporating the ProgClub pccipher into your project, here's what you need to know:

Javascript implementation

An example Javascript implementation:

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
                     "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
   <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
   <script type="text/javascript" src="http://www.progclub.org/pccipher/js/lib/phpjs/phpjs.js"></script>
   <script type="text/javascript" src="http://www.progclub.org/pccipher/js/src/pccipher.js"></script>

   <script type="text/javascript">
   $(document).ready(function(){

   var key = "my key (*your* key should be longer and more random)";
   var text = "my text";
   var data = pccipher_encrypt( text, key );
   text = pccipher_decrypt( data, key );

   alert( text );

   });
   </script>
   
 </head>
 <body>
   <h1>Pccipher example</h1>
 </body>
 </html>

PHP implementation

You probably want to setup an svn:externals to:

http://www.progclub.org/svnro/pcrepo/pccipher/tags/latest

Then you can use the PHP library with something like this:

 <?php

 error_reporting( E_ALL );
 ini_set( 'display_errors', 'On' );

 require_once( dirname( __FILE__ ) . '/path/to/pccipher/php/src/pccipher_auto.php' );

 $key = "my key (which isn't half as randomly awesome as *your* key will be)";
 $text = "my text";
 $data = pccipher_encrypt( $text, $key );
 $text = pccipher_decrypt( $data, $key );

 echo "<p>" . $text . "</p>";

 ?>