Index: license.terms =================================================================== RCS file: license.terms diff -N license.terms --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ license.terms 27 Nov 2004 06:48:19 -0000 @@ -0,0 +1,39 @@ +This software is copyrighted (c) 2003, 2004 by Mac A. Cody. All rights +reserved. The following terms apply to all files associated with +the software unless explicitly disclaimed in individual files or +directories. + +The authors hereby grant permission to use, copy, modify, distribute, +and license this software for any purpose, provided that existing +copyright notices are retained in all copies and that this notice is +included verbatim in any distributions. No written agreement, license, +or royalty fee is required for any of the authorized uses. +Modifications to this software may be copyrighted by their authors and +need not follow the licensing terms described here, provided that the +new terms are clearly indicated on the first page of each file where +they apply. + +IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY +FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES +ARISING OUT OF THE USE OF THIS SOFTWARE, ITS DOCUMENTATION, OR ANY +DERIVATIVES THEREOF, EVEN IF THE AUTHORS HAVE BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. + +THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ANY WARRANTIES, +INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS SOFTWARE +IS PROVIDED ON AN "AS IS" BASIS, AND THE AUTHORS AND DISTRIBUTORS HAVE +NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR +MODIFICATIONS. + +GOVERNMENT USE: If you are acquiring this software on behalf of the +U.S. government, the Government shall have only "Restricted Rights" +in the software and related documentation as defined in the Federal +Acquisition Regulations (FARs) in Clause 52.227.19 (c) (2). If you +are acquiring the software on behalf of the Department of Defense, the +software shall be classified as "Commercial Computer Software" and the +Government shall have only "Restricted Rights" as defined in Clause +252.227-7013 (c) (1) of DFARs. Notwithstanding the foregoing, the +authors grant the U.S. Government and others acting in its behalf +permission to use and distribute the software in accordance with the +terms specified in this license. Index: readme.txt =================================================================== RCS file: readme.txt diff -N readme.txt --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ readme.txt 27 Nov 2004 06:48:19 -0000 @@ -0,0 +1,115 @@ +TclDES: Munitions-grade Tcl scripting! (Version 0.8) + +What is it? + +TclDES is a pure-Tcl implementation of the NIST Data Encryption Standard +(DES). The package can perform encryption and decryption using either the +standard DES algorithm or the triple-DES (3DES) algorithm. All four +DES modes are supported: Electronic Code Block (ECB), Cipher Block +Chaining (CBC), Cipher Feedback (CFB), and Output Feedback (OFB). TclDES +is a port of a Javascript implementation of DES/3DES (ECB and CBC modes) +by Paul Tero, of Shoppable in the United Kingdom. + +With TclDES 0.8, the initialization vector used in DES CBC, OFB, and CFB +modes is now passed by reference (i.e. variable name) rather than by value. +This allows for the CBC mode to supports ciphertext block feed-forward +from procedure call to procedure call. The encryption of a message can +now be split between multiple invocations of the procedure. This also +applies for the OFB and CFB modes with the feedback block. The feedback +facility provided in TclDES 0.7 has been removed and is now deprecated. +As a result, the programming interface has changed slightly for TclDES 0.8. +In addition the des::createKeys procedure now checks for DES weak keys, +forcing an error if the submitted key matches one of them. + +The TclDES distribution now contains the document "A Guide To TclDES". +This document provides an overview of the DES and 3DES algorithms, the +various modes of operation for DES/3DES, and installation and usage +instructions for the TclDES library. + + +Why is TclDES a munition? + +Under the International Traffic in Arms Regulations (ITARs), encryption +software and hardware are considered munitions along with guns, tanks, +nuclear, biological, and chemical weapons. Encryption can potentially be +used by adversaries to conceal their communications from the United States +government. As a result, export of encryption software and hardware +requires licensing and approval by the U.S. government. + +Fortunately, export restrictions have been eased significantly in recent +years. This is due to several reasons. For one, the large amount of +commerce now occuring on the Internet requires that encryption be widely +available. With commerce equating to money, there is a strong desire by +the U.S. government for American companies to remain competitive. Another +reason is that it has become virtually impossible to control the flow of +cryptographic software into and out of the United States. Many books on +encryption, containing source code, are readily available. Ironically, +these books have no restrictions on export due to the 1st Ammendment of +the U.S. Constitution. Also, the availablility of many encryption +packages (such as OpenSSL and PGP) make the entire effort of controlling +encryption export rather moot. + + +How is TclDES being made available then? + +This source code is being made publicly available and TclDES has been +registered with the U.S. Dept. of Commerce Bureau of Industry and +Security (BIS) under export license exception TSU (Technology and +Software Unrestricted) for export out of the United States. To qualify +for this exception, the sources to TclDES must be made available with +minimial or no cost. To satisfy this requirement, the TclDES sources +are licensed under the same Open Source license as Tcl (BSD). Details +can be found in the TclDES source code. + +While license exception TSU allows for the export of TclDES out of the +United States, the import of the strong encryption (3DES) contained +within TclDES into other countries could be an issue. The BIS Export +Administration Regulations (EARs) and the Wassenaar Arrangement allow +for the unrestricted export (no licensing required) of symmetric key +encryption with key lengths of 56 or fewer bits. The Wassenaar +Arrangement is signed by 33 founding countries, which includes most of +the major industrialized nations. To satisfy this restriction and make +a pure-Tcl implementation of DES as widely available as possible, I have +created a version of the source code with the 3DES capabilities stripped +out. This version is called TclDESjr. It is available as a separate +package. + +The source code of TclDES is platform independent, though current +development is on a Slackware Linux 9.1 system with Tcl/Tk 8.4.6. +Documentation is in the form of a man page (tcldes.n) and an HTML +document (tcldes.html). The HTML document was generated from the man +page using the man2html utility. + + +Installation and Use + +To install the TclDES library, simply copy the library directory +tclDES0.8 and its contents to a directory whose path is listed in the +Tcl auto_path variable. Alternately, the path to the TclDES library +can be added to the auto_path variable. + +Once the installation is done, the TclDES library can be loaded into +the in interpreter as follows: + + package require tclDES + +This will create the ::des namespace. Note that the namespace and +internal commands conflict with the TclDESjr package. Both packages +should not be loaded into the same interpreter. + + +Future goals and Feedback + +TclDES is now considered to be feature complete with a stable interface. +Suggestion for feature additions or enhancements are still welcome, +though. After a trial period of testing and feedback on the code and/or +documentation, it is anticipated that the package will be pushed to +version 1.0 and further development will cease. It is hoped that this +complete implementation of the DES standard will become part of the +tcllib distribution at that time. + +For comment and suggestions, I can be contacted at +mcody users.sourceforge.net. + +Home page: http://tcldes.sourceforge.net +SourceForge Summary page: http://www.sourceforge.net/projects/tcldes