Pccipher
Pccipher is the ProgClub encryption software. That's the software that allows you to encrypt and decrypt data in PHP and Javascript. It's compatible with 32-bit and 64-bit implementations of PHP, and should work in any Javascript capable web-browser. Pccipher is listed on computer security expert Bruce Schneier's web-site. For other projects see Projects.
WARNING: I wrote this mostly just for fun. It's Bruce Schneier's Blowfish algorithm in a compatible 32-bit PHP, 64-bit PHP, and JavaScript implementation. I'm not sure if it has the security vulnerability that was discovered in some implementations of blowfish. I don't have time to investigate and I hope that won't matter because no one should be using this software for anything serious.
Project status
Released! But there's still stuff TODO.
Contributors
Members who have contributed to this project. Newest on top.
All contributors have agreed to the terms of the Contributor License Agreement. This excludes any upstream contributors who tend to have different administrative frameworks.
Upstream contributors for the phpjs library used by pccipher/js.
Upstream contributors for the jQuery library used by pccipher/js.
- John Resig, http://jquery.com/ and the jQuery team
Upstream contributors for the QUnit library used by pccipher/js.
Upstream contributors for the SimpleTest library used by pccipher/php.
Copyright
Copyright 2011, Contributors. Dual licensed under the MIT or GPL licenses.
Pccipher uses the phpjs library which is dual licensed under the MIT or GPL licenses.
Pccipher uses the jQuery library which is dual licensed under the MIT or GPL licenses.
Pccipher uses the QUnit library which is dual licensed under the MIT or GPL licenses.
Pccipher uses the SimpleTest library which is licensed under the LGPL.
Download
You can download the latest version of pccipher from the following URL:
http://www.progclub.org/download/pccipher/pccipher-latest.tar.gz
You can look in the download directory for specific releases.
Source code
The repository can be browsed online:
http://www.progclub.org/pcrepo/pccipher
The code for pccipher is publicly available from svn:
http://www.progclub.org/svnro/pcrepo/pccipher/tags/latest
Or privately available for read-write access:
https://www.progclub.org/svn/pcrepo/pccipher/trunk
Links
Before using the pccipher javascript encryption library, it would behove you to read this article: Javascript Cryptography Considered Harmful. As it points out, security through encryption in Javascript is pretty much impossible. That said, there are some benefits to using a Javascript encryption scheme, such as protecting user data even if the user saves a copy of the page as a HTML file on their hard-drive, and there is *some* value in using the Javascript encryption library as an obfuscator that will stop the less determined intruder. There was some more discussion about this on the ProgClub list that you might be interested in checking out or participating in.
Tasks
TODO
Things to do, in rough order of priority:
- serialize/deserialize initial state in PHP (check it helps)
- json for initial state in JavaScript? (Might be slower. Should investigate.)
- inline functions in JavaScript to improve performance
- Use the 'pccipher' namespace for phpjs
- Flesh out the unit tests
- Integrate with PHP mcrypt?
- Compatible implementations in other languages
- Twofish?
Done
Stuff that's done. Latest stuff on top.
- JE 2012-07-08: inlined functions in PHP to improve performance
- JE 2011-10-30: fixed pccipher_encrypt and pccipher_decrypt functions
- JE 2011-08-16: packaged in .tar.gz download files
- JE 2011-08-16: documented usage process for Javascript and PHP
- JE 2011-08-16: integrated SimpleTest testing framework for PHP
- JE 2011-08-16: integrated QUnit testing framework for Javascript
- JE 2011-08-16: fixed formatting to use \x02 .. \x03 wrapper
- JE 2011-08-16: removed key crc, and added algorithm code
- JE 2011-08-16: copied in existing code (support for Blowfish on PHP and Javascript)
- JE 2011-08-16: created the project in svn
- JE 2011-08-16: created project page
Tests
Javascript tests
You can run the Javascript tests for the latest stable release at:
http://www.progclub.org/pccipher/js/test/test.html
And the latest development snapshot (i.e. trunk) at:
http://www.progclub.org/pccipher-dev/js/test/test.html
PHP tests
Note: the PHP testing links have been removed, because they place the server under load, and at the moment ProgClub is being slashdotted by http://programming.reddit.com/ and we can't have everyone clicking on them!
Update: We're not being slashdotted anymore, but I think I'll leave the links out anyway. If you're clever you'll be able to find them for yourself. Better to run the tests on your own system.
OK, OK. Here are the tests:
https://www.progclub.org/pccipher-dev/php/test/
Notes for implementers
If you are interested in incorporating the ProgClub pccipher into your project, here's what you need to know:
Javascript implementation
An example Javascript implementation:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script> <script type="text/javascript" src="http://www.progclub.org/pccipher/js/lib/phpjs/phpjs.js"></script> <script type="text/javascript" src="http://www.progclub.org/pccipher/js/src/pccipher.js"></script> <script type="text/javascript"> $(document).ready(function(){ var key = "my key (*your* key should be longer and more random)"; var text = "my text"; var data = pccipher_encrypt( text, key ); text = pccipher_decrypt( data, key ); alert( text ); }); </script> </head> <body> <h1>Pccipher example</h1> </body> </html>
PHP implementation
You probably want to setup an svn:externals to:
http://www.progclub.org/svnro/pcrepo/pccipher/tags/latest
Then you can use the PHP library with something like this:
<?php error_reporting( E_ALL ); ini_set( 'display_errors', 'On' ); require_once( dirname( __FILE__ ) . '/path/to/pccipher/php/src/pccipher_auto.php' ); $key = "my key (which isn't half as randomly awesome as *your* key will be)"; $text = "my text"; $data = pccipher_encrypt( $text, $key ); $text = pccipher_decrypt( $data, $key ); echo "<p>" . $text . "</p>"; ?>