Re: Royalty free crypto library?

From: Gleb Esman (gesman@sympatico.ca)
Date: 04/18/03


From: "Gleb Esman" <gesman@sympatico.ca>
Date: Fri, 18 Apr 2003 12:56:40 -0700

Thanks Bryan. I guess i cannot use GnuPG team's Libgcrypt if i plan to
charge for my software?
And yes, i need to sign a piece of text (with private key) and verify (with
public key) function. Nothing else really.
I'll check Crypto++, i hope they'll have a good help file and royalty free
arrangement for commercial products as well.
My challenge is to find the way to wrap a multitude of functions with
mysterious names and purpose into 2 simple wrappers for sign and verify.
I've checked a few packages but their docs for non-crypto-geniuses wasn't
too helpful.

Gleb Esman

"Bryan Olson" <bryanjugglercryptographer@yahoo.com> wrote in message
news:1a517b5.0304180416.1dfa0c41@posting.google.com...
> Gleb Esman wrote:
>
> > I am working on email enhancement filter that would include simple
> > public/private key based authentication. I am neither math, nor crypto
> > expert. I would like to have 2 functions:
> > Generate_public_and_private_pair_of_keys (...);
> > Encrypt_Decrypt_data_buffer (void *public_or_private_key, char *buffer,
int
> > buffer_size);
> >
> > I'd like to use royalty free code without violating anyone legal or
patent
> > rights. I do not need super strong encryption, but of course the
stronger
> > the better.
> >
> > Is it possible? Could anyone help me in that (without laughing) ?
>
> Ha ha ha. Oh, sorry.
>
> First, the class act in free crypto libraries is Wei Dai's
> Crypto++, which you can find at:
>
> http://www.eskimo.com/~weidai/cryptlib.html
>
>
> A possible alternative would be GnuPG team's Libgcrypt, but the
> current version is a beta release. See:
>
> http://www.gnu.org/directory/security/libgcrypt.html
>
> The library is under the GLPL, so you can use for free, even in
> non-open software. (Gnu Privacy Guard itself is free under the
> GPL, so it's free and all derivative works must also be free.
> That's an over-simplification, see the GPL and GLPL for the
> real conditions.)
>
>
> Keep an open mind about what functions you need. You mention
> authentication (and don't mention privacy), so really you want a
> sign function and a verify function. Useful software always
> needs enhancement, so build crypto features on established
> standards and methods.
>
>
> --
> --Bryan



Relevant Pages

  • Re: SOLVED! (Once again problems with wildcards/generic methods)
    ... Hash: SHA1 ... You need GnuPG to verify this message ... parameter, as wildcards are sufficient. ...
    (comp.lang.java.help)
  • [security fix] Libgcrypt and GnuPG
    ... a GnuPG version with a *Libgcrypt version < 1.6.0*, ... mount the described side-channel attack on Elgamal encryption subkeys. ... To check whether you are using a vulnerable Libgcrypt version, ... Check the supplied OpenPGP signature. ...
    (gnu.announce)
  • Re: XMMS not playing MP3s
    ... You need GnuPG to verify this message ... >>Like the subject header says... ... Whenever I try playing, the ...
    (linux.redhat)
  • Re: [OT] Posting styles
    ... have you managed to validate your own signed mail yet? ... I am able to verify my own signatures. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Quote of the day
    ... > Hash: SHA1 ... You need GnuPG to verify this message ...
    (comp.os.linux.misc)