Open source
Clipperz and AGPL
Most of Clipperz source code is released under an AGPL v3 license. The preamble below clearly explains the benefits of such a license for web developers.
The GNU Affero General Public License (AGPL) is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software.
[…] Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software.
A secondary benefit of defending all users’ freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate.
[…] However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public.
The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version.
Cryptography and open source
A fundamental assumption in cryptanalysis, first enunciated by August Kerckhoffs in the nineteenth century, is that the secrecy must reside entirely in the key. Kerckhoffs assumes that the cryptanalyst has complete details of the cryptographic algorithm and implementation. It was reformulated by Claude Shannon as “the enemy knows the system”.
There’s been a lot of debate by security practitioners about the impact of open source approaches on security. Clipperz stays on the side of security expert Bruce Schneier when he says: “In the cryptography world, we consider open source necessary for good security; we have for decades. Public security is always more secure than proprietary security. For us, open source isn’t just a business model, it’s smart engineering practice.”
And along the same lines is Vincent Rijmen, co-author of the AES algorithm: “Not only because more people can look at it, but, more importantly, because the model forces people to write more clear code, and to adhere to standards. This in turn facilitates security reviews.” (from LinuxSecurity.com)
How to contribute to Clipperz open source projects
If you are a coder …
- Get Clipperz source code from SourceForge
- Start small, with one-line changes to existing code
- Start off commenting existing code where it needs it
- Write some documentation on the architecture of the code
- Learn how to use all the tools (CVS, diff, patch, ..)
- Experiment by making changes to your local copy of the code
- Test your code thoroughly before you submit it
- Adhere to the maintainer’s coding and formatting standards
- Don’t get discouraged when your patches are rejected
If you are not a coder …
- Submit bug reports
- Suggest new features and make other comments
- Help write good documentation
- Translate the documentation into another language
- Read existing documentation, follow the examples, and make corrections
- Correct spelling and grammar mistakes in documentation
- Create diagrams, screen-shots, and graphics for documentation
- Help other people learn how to use Clipperz software and services by answering questions on forums, discussion groups and mailing lists
- Donate some money to the projects
(thanks to Scott Granneman)
Clipperz Community Edition
Clipperz Community Edition allows you to host on your own server a web service identical to Clipperz online password manager. It’s open source and released under an AGPL license.
But why would you prefer running Clipperz Community Edition from your own server instead of using the online service provided by its developers?
- “Clipperz security architecture is great, but I prefer to store my data on my hardware. I just feel better this way!”
- “Clipperz password manager could be very useful in my department, but our internal policies does not allow to store data, even encrypted data, on an external server.”
- “I would like to modify the look & feel of Clipperz and embed this powerful password manager within my family intranet.”
- “Clipperz works nicely, but I would love to play with the source code in order to improve feature X and add new features Y and Z.”
- …
Whatever is your motivation, we would love to hear from you about how and where you use Clipperz Community Edition. Get in contact!
Please note that Clipperz Community Edition is not suitable for mass deployments since it lacks several critical capabilities such as bot protection. If you want to offer Clipperz password manager to a wide audience, please wait for the upcoming Provider Edition.
In any case if you want to use Clipperz’s software in a commercial, for-profit environment, please contact us to inquire about licensing options for commercial applications.
Requirements
- PHP 5
- MySQL
Download
Clipperz Community Edition is available from SourceForge.net.
License
Clipperz offers three versions of its software, the Community Edition, the Provider Edition and the Commercial Edition. All share a large body of source code.
Community and Provider Edition are open source, while the Commercial Edition has a commercial license. This dual-license strategy is now common with commercial open source software.
Clipperz Community Edition use the AGPL v3 open source license that lets you offer your software to all who wish to use, modify and distribute it freely. The AGPLv3 open source license allows you to use Community Edition at no charge under the condition that if you use Clipperz code in an application that you distribute, the complete source code for your application must be available and freely redistributable under reasonable conditions.
With this license, you can download, inspect, develop and test Clipperz code. Many organizations do exactly this before they contact us regarding a commercial license.
In layman’s terms, the Community Edition can be freely used for many purposes. The most notable exception is if you change or add to the code and you use the software as the basis of an Internet or network-based service, you must publish your code or buy a commercial license.
Here are some guidelines as to whether an open source or commercial license is right for you:
- If your software is licensed under a GPL-compatible Free Software License as defined by the Free Software Foundation or approved by OSI, then use our open source Community Edition.
- If you plan to distribute a proprietary application or service, and you are not licensing and distributing your source code under GPL and AGPLv3, you need to purchase a commercial license from Clipperz.
- If you are unsure, we suggest that you contact us to discuss your situation.
Javascript Crypto Library
The JavaScript Crypto Library provides web developers with an extensive and efficient set of cryptographic functions. The library aims to obtain maximum execution speed while preserving modularity and reusability. The library is released as open source under an AGPL license. If you are a web developer and into Javascript check it out!
Features
The Javascript Crypto Library presently includes:
- the fastest AES-256;
- the only available Javascript implementation of:
- a robust and efficient SHA-2 hash function.
Our online password manager makes heavy use of the cryptographic functions that are included in the library. But even if you are not interested in writing whole zero-knowledge web applications, you can exploit browser-based cryptography to improve the security of specific portion of your code. As an example, you could consider replacing your present authentication system with SRP.
Acknowledgments
Javascript implementations of cryptographic algorithms have been around for years. Some of the pioneers in this field were: John Walker, Chris Veness, Paul Andrew Johnston and Leemon Baird. They all realized that Javascript could turn the browser into a new and ubiquitous “number crunching” tool that comes pre-installed on every modern computer. Even if they mostly wrote code for educational purposes, their work was an important inspiration to us.
Future developments
Recently we’ve approached elliptic curve cryptography (ECC). The code already included in the library is still very slow and incomplete. We would love to improve it and develop all the components of a public-key cryptographic system based on elliptic curves. It’s an ambitious and complex plan. Any volunteer to help?
Download
The Javascript Crypto Library is available from SourceForge.net.
License
The Javascript Crypto Library is released under an AGPL v3 license.