Workable encryption in Tcl??

From: Geoff Caplan (geoff_at_variosoft.com)
Date: 07/31/04

  • Next message: scorpion53061: "VT100 and IBM3151 and F5" 
    Date: Sat, 31 Jul 2004 01:46:09 +0100

    Hi folks

    Run into a tiresome problem right at the start of my project. I simply
    need a way to exchange encrypted information between a Tcl client on
    Windows and a PHP application on Debian.

    On the PHP side this is no problem at all. Despite having zero
    cryptographic knowledge, I had the crypto library installed via a
    Debian package and some test code working within ten minutes, using
    the excellent PHP online manual.

    With Tcl, on the other hand, I've been trying to find a solution for
    some hours now, without success. If there is a mature library out
    there, it is hard to find.

    Any suggestions would be most welcome - if Tcl can't meet this basic
    requirement my career as a Tcler will be nipped in the bud. For a
    language with such strong networking capabilities, the poor state of
    the encryption libraries seems odd - it really shouldn't be this hard
    to get something set up?!

    ActiveTcl for Windows may be batteries included, but it doesn't
    include a single secure cypher that I can discover. I presume that
    this is because of the bizarre US export regulations, but other
    communities have got around this by locating the restricted code on
    European servers...

    The Tcllib docs mention an RC4 library, but this seems to be missing
    in both the Active State and the sourceforge distros.

    So then I went looking for a crypto package on the Tcl wiki.

    The most viable option seems to be TclDES. This is, at least, an
    active project, but it is a pre 1.0 release and is in pure-Tcl (which
    must surely be *SLOW*). The documentation is intimidating, to put it
    mildly, and there are no usage examples. As an alternative to
    abandoning Tcl altogether I may be forced to use this, but it is
    hardly ideal.

    There is a Windows Blowfish binary in Kitten, but the version number
    is 0.1, there appears to be no documentation and the author is
    uncredited. I can't use this as a mission critical library...

    Finally, there is Trfcrypt. This appears to be an abandoned personal
    project (site last updated in 2001) and the only Windows binary I can
    find is for Win95. It uses the MS C compiler, so to compile it, I
    would have to find and download the .Net SDK, the MS Platform SDK and
    figure out how to get the C++ compiler working (I don't have C skills)
    - all in the hope that the code will work with more recent and future
    Windows releases...

    There are links to one or two other projects but they all seem to be
    dead or depreciated.

    I am aware of the tls OpenSSL library, but SSL is overkill for this
    project and will add needless complexity. All I need is a standard
    symmetric cypher.

    All rather discouraging. I'm beginning to get an inkling of why the
    profile of Tcl is so much lower than the other major dynamic
    languages... Other communities seem to put much higher priority on the
    accessibility, maintenance and documentation of mission-critical
    libraries - the contrast with PHP, for example, is stark!

    Any advice would be most welcome.

  • Next message: scorpion53061: "VT100 and IBM3151 and F5"
    • Quantcast