Hi Thomas, On 2018-03-06 00:57, Thomas Levine wrote: > If you copy (vendor) an encryption/decryption algorithm into your source > code, then you are relying on more than libc. So perhaps you could > expand your dependencies to libraries with acceptable licensing or > to libraries that are widely available. For example, OpenBSD 6.2 > provides blowfish. Also, GnuPG libgcrypt is far more involved than you > require, but it is still appropriately licensed.
Licensing is not a problem, I know there are appropriately licensed crypto libraries out there. My problem is simple - I never worked with crypto before and there's too many choices. It's like your wife sending you to the store to buy her new shoes - who would have any idea which one to pick? There's just too many choices for someone who doesn't have the foggiest idea what's going on. E.g. you mention libgcrypt, looking at the index page https://www.gnupg.org/related_software/libgcrypt/ there's about 57 algorithms. As a start, which type of algo do I need? Blowfish is in the symmetric cypher family, there's 11 there with 20 modes (w/e mode means). As a personal preference I would rather use a bsd or mit licensed project though. > I can't help myself from adding to the distracting tangents. > > pw by Dashamir Hoxha has some of the features of present discussion. > http://dashohoxha.fs.al/pw/man/ > > It is derived from password-store. > > It stores passwords in an encrypted tarball instead of inside the normal > filesystem. Like pass-tomb, this has the effect that file hierarchy > doesn't show up in the filesystem. The use case I'm heading for is more similar to pass, I don't mind if the hierarchy is visible (to those who have permissions anyway). Thank you for your input! -- ------------ Peter Nagy ------------