Pccipher

From ProgClub
Jump to: navigation, search

Pccipher is the ProgClub encryption software. That's the software that allows you to encrypt and decrypt data in PHP and Javascript. It's compatible with 32-bit and 64-bit implementations of PHP, and should work in any Javascript capable web-browser. Pccipher is listed on computer security expert Bruce Schneier's web-site. For other projects see Projects.

Project status

Released! But there's still stuff TODO.

Contributors

Members who have contributed to this project. Newest on top.

All contributors have agreed to the terms of the Contributor License Agreement. This excludes any upstream contributors who tend to have different administrative frameworks.

Upstream contributors for the phpjs library used by pccipher/js.

Upstream contributors for the jQuery library used by pccipher/js.

Upstream contributors for the QUnit library used by pccipher/js.

Upstream contributors for the SimpleTest library used by pccipher/php.

Copyright

Copyright 2011, Contributors. Dual licensed under the MIT or GPL licenses.

Pccipher uses the phpjs library which is dual licensed under the MIT or GPL licenses.

Pccipher uses the jQuery library which is dual licensed under the MIT or GPL licenses.

Pccipher uses the QUnit library which is dual licensed under the MIT or GPL licenses.

Pccipher uses the SimpleTest library which is licensed under the LGPL.

Download

You can download the latest version of pccipher from the following URL:

http://www.progclub.org/download/pccipher/pccipher-latest.tar.gz

You can look in the download directory for specific releases.

Source code

The repository can be browsed online:

http://www.progclub.org/pcrepo/pccipher

The code for pccipher is publicly available from svn:

http://www.progclub.org/svnro/pcrepo/pccipher/tags/latest

Or privately available for read-write access:

https://www.progclub.org/svn/pcrepo/pccipher/trunk

Links

Blowfish related information

phpjs related information

jQuery related information

QUnit related information

SimpleTest related information

Javascript encryption related information

Before using the pccipher javascript encryption library, it would behove you to read this article: Javascript Cryptography Considered Harmful. As it points out, security through encryption in Javascript is pretty much impossible. That said, there are some benefits to using a Javascript encryption scheme, such as protecting user data even if the user saves a copy of the page as a HTML file on their hard-drive, and there is *some* value in using the Javascript encryption library as an obfuscator that will stop the less determined intruder. There was some more discussion about this on the ProgClub list that you might be interested in checking out or participating in.

Tasks

TODO

Things to do, in rough order of priority:

  • serialize/deserialize initial state in PHP (check it helps)
  • json for initial state in JavaScript? (Might be slower. Should investigate.)
  • inline functions in JavaScript to improve performance
  • Use the 'pccipher' namespace for phpjs
  • Flesh out the unit tests
  • Integrate with PHP mcrypt?
  • Compatible implementations in other languages
  • Twofish?

Done

Stuff that's done. Latest stuff on top.

  • JE 2012-07-08: inlined functions in PHP to improve performance
  • JE 2011-10-30: fixed pccipher_encrypt and pccipher_decrypt functions
  • JE 2011-08-16: packaged in .tar.gz download files
  • JE 2011-08-16: documented usage process for Javascript and PHP
  • JE 2011-08-16: integrated SimpleTest testing framework for PHP
  • JE 2011-08-16: integrated QUnit testing framework for Javascript
  • JE 2011-08-16: fixed formatting to use \x02 .. \x03 wrapper
  • JE 2011-08-16: removed key crc, and added algorithm code
  • JE 2011-08-16: copied in existing code (support for Blowfish on PHP and Javascript)
  • JE 2011-08-16: created the project in svn
  • JE 2011-08-16: created project page

Tests

Javascript tests

You can run the Javascript tests for the latest stable release at:

http://www.progclub.org/pccipher/js/test/test.html

And the latest development snapshot (i.e. trunk) at:

http://www.progclub.org/pccipher-dev/js/test/test.html

PHP tests

Note: the PHP testing links have been removed, because they place the server under load, and at the moment ProgClub is being slashdotted by http://programming.reddit.com/ and we can't have everyone clicking on them!

Update: We're not being slashdotted anymore, but I think I'll leave the links out anyway. If you're clever you'll be able to find them for yourself. Better to run the tests on your own system.

OK, OK. Here are the tests:

https://www.progclub.org/pccipher-dev/php/test/

Notes for implementers

If you are interested in incorporating the ProgClub pccipher into your project, here's what you need to know:

Javascript implementation

An example Javascript implementation:

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
                     "http://www.w3.org/TR/html4/loose.dtd">
 <html>
 <head>
   <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
   <script type="text/javascript" src="http://www.progclub.org/pccipher/js/lib/phpjs/phpjs.js"></script>
   <script type="text/javascript" src="http://www.progclub.org/pccipher/js/src/pccipher.js"></script>

   <script type="text/javascript">
   $(document).ready(function(){

   var key = "my key (*your* key should be longer and more random)";
   var text = "my text";
   var data = pccipher_encrypt( text, key );
   text = pccipher_decrypt( data, key );

   alert( text );

   });
   </script>
   
 </head>
 <body>
   <h1>Pccipher example</h1>
 </body>
 </html>

PHP implementation

You probably want to setup an svn:externals to:

http://www.progclub.org/svnro/pcrepo/pccipher/tags/latest

Then you can use the PHP library with something like this:

 <?php

 error_reporting( E_ALL );
 ini_set( 'display_errors', 'On' );

 require_once( dirname( __FILE__ ) . '/path/to/pccipher/php/src/pccipher_auto.php' );

 $key = "my key (which isn't half as randomly awesome as *your* key will be)";
 $text = "my text";
 $data = pccipher_encrypt( $text, $key );
 $text = pccipher_decrypt( $data, $key );

 echo "<p>" . $text . "</p>";

 ?>