In ZIP File Format Specification v6.3.5 there is 7.3 Single Password - Central Directory Encryption.
It seems that only on application support this feature SecureZip by PKWARE. Does anyone know how exactly this feature is implemented? I am looking for any working sources and language of this feature; I am planning to add this feature to my application.
The OP is already aware, but for others who find this question in the future...
To my knowledge, there are no open source implementations.
The central directory encryption functionality is patented. Contact zipformat#pkware.com with legal questions or to obtain a license.
Source: I'm an engineer at PKWARE
Related
I'm looking all through the pact.io site and I can't seem to find anything about licensing.
What type of license does Pact/Pack Broker service use? Apache? MIT? GPL?
Maybe I'm dense but I cannot seem to find any licensing information on the site.
It's nowhere on the website, but it's very easy to find on the github. https://github.com/pact-foundation/pact.io/blob/documentation/LICENSE
TLDR: It's MIT licensed.
Adding to #sgillen's answer (which for the Broker is correct).
Each Pact language implementation may have their own license depending on who authored it in the first place. In most cases, it's MIT, but Pact JVM for example is Apache 2.0.
Each GitHub repository will have the license information there - it is the definitive source of truth.
I am finishing a Tower Defense game that will be published to Apple Store and Google Play. The project is built in Cocos2d-X and I am afraid about the protection of my assets. So, I would like to know if there is any option/feature in Cocos2d-X to allow encryption?
I found that TexturePacker provides encryption for Cocos2d, but I have not seen any similar option for Cocos2d-X.
Please I need help for some one that already have implemented such a task.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I'm developing an application with the Qt open source edition. As I don't want to deliver the Microsoft Visual Visual C(++) redistributables, I'd like to use a static-linked version of Qt.
The Qt licensing information says that I "should" develop with a commercial Qt license if I want to use static linking in my application, although when I use the configure -static command for building a static Qt library the command prompt asks me if I use the commercial or open source version of Qt.
So it is possible to build Qt with the open source version? Do I need the commercial edition to use static linking? I won't sell the application.
EDIT April 2016
Actually, I have recently been reading in depth about LGPL, and asking some experts on the subject. Turns out that the inability to use static linking for Qt in closed source applications is more of a cultivated legend and has nothing to do with reality.
What LGPL requires is the possibility for the end user to relink the application against a different version of the library. Using dynamic linking is one way to achieve that, but you can just as easily provide your object files, this way you don't have to open your source and the LGPL requirement is still satisfied.
On the Qt website there are 2 legal FAQs and in neither of them is it directly stated that you can't do it. Just as it is not stated that you can. However, there are at least several instances of implying a vague legal threat in case that you do. I think there is a good explanation for all of those - they can't say that you can't do it without publishing a practical lie which may as well have negative legal repercussions for them, and they are willing to discourage doing that rather than encourage it, as it has the potential to force more people into purchasing a commercial license.
So in short, yes you can, and you most definitely should as lately Qt has become a living deployment hell, plus as of Qt 5.7 in a static build, QML files are tucked neatly in the executable rather than being out on the file system, for anyone to tamper with. Just make sure that:
your Qt build only contains modules, licensed under LGPL, and nothing GPL
the about section of your app mentions that it is using Qt and contains a link to where you can download the application's object files
include all the respective license files with your application
Lastly, your application actually has to be "relinkable", that is, it must be able to work with a compatible library version that provides the necessary functionality. Which means that if you have made modifications to Qt before building it, you must provide those in the form of source code as well, but only the modifications to Qt, not your application's source code.
Update:
Here is an excerpt directly from the GNU FAQ:
For the purpose of complying with the LGPL (any extant version: v2,
v2.1 or v3):
(1) If you statically link against an LGPL'd library, you must also provide your application in an object (not necessarily source)
format, so that a user has the opportunity to modify the library and
relink the application.
That states it pretty clear.
The old, original answer:
It is possible to build Qt statically as long as your application is open-source and you provide the source. If you want to keep your source closed, you either need an expensive commercial license, or you need to use dynamic linking.
BTW using a static build of Qt is pretty nice, for Qt5 I get about 7-8 MB executable with no external dependencies, which is much better than the 20+ MB of additional dll's you have to ship with a dynamically linked app.
For more information, you can take a look at this video: Making the correct license choice when developing with Qt
All in all, can it be done? 100% yes. Should it be done? It depends, for personal/testing/learning purposes it is 100% OK, however if you plan to distribute production grade software, be that commercially or not, open source or not, you'd better first consult with a lawyer. The whole subject is unnecessarily complicated, subject to interpretation, so that the consultation with a lawyer becomes more expensive than a pricey commercial license.
The answer is Yes, if you are willing to open source your application.
According to the Qt-Project's own interpretation of the licenses they use, if you dynamically link to the Qt libraries your application can be either closed source or open. If you statically link, however, your application is subject to the terms of the LGPL.
The exact language the Qt Project uses is this:
In case of dynamic linking, it is possible, but not mandatory, to keep
application source code proprietary as long as it is “work that uses
the library” - typically achieved via dynamic linking of the library.
In case of static linking of the library, the application itself may
no longer be “work that uses the library” and thus become subject to
LGPL. It is recommended to either link dynamically, or provide the
application source code to the user under LGPL.
(http://qt-project.org/legal.html)
The suggestion in some of the other answers that the situation is "not at all clear" is simply untrue - The Qt Project has tried to be abundantly clear about in what circumstances usage of the LGPL license is permissible, and static linking is one of those as long as the app is also LGPL.
Since the original question specifies non-commercial (not necessarily open source), the asker will need to decide whether they can allow distribution under the LGPL (or GPL by extension, as the above page also says "LGPL can be converted to GNU General Public License").
I am going to create a mobile book store for a very specific group of people. Since ePub is just compressed HTML, it's not secure enough. Anyone can access it if I extract the files to SD card. I don't want users copy the E-books around because I sell them for money.
I can parse the file and save it to a database. But I wondered if there is standard way for managing ePub DRM?
Thanks,
Your best bet would be to use a DRM server solution. Adobe Content Server 4 is the leading system for this, used by Google Books, Barnes & Noble etc. though it can be a bit expensive to purchase a license and setup your own server. You can also use a SaaS service like EditionGuard to use it cost effectively, though you'll be using a shared environment in that case which may or may not fit your needs.
The Readium LCP DRM is on the market since 2017 and is now deployed in most countries. It is non-proprietary and does not break the accessibility of EPUB ebooks. It is replacing the obsolete Adobe DRM, step by step.
See https://www.edrlab.org/readium-lcp/ and more especially https://www.edrlab.org/readium-lcp/certified-apps-servers/ for more info.
What kind of protection you are looking for?
just watermarking because epub DRM is hard.
Password protection.
Encrypted files.
From what i know you are trying to do something which is in the area of R&D plus challeging, at one side you will need to develop content encryption engine and other side a reader which will read encrypted content, these readers should also be supported in major os and mobile plateforms.
What tools are available to encrypt or password-protect a file stored on the IFS?
*integrated file-system, accessible from Windows
You could setup object security so only certain users can view the file.
There are encryption tools available for purchase. There is also some built-in APIs for encrypting.
Here are some resources to look into:
Scenario: Key Management and File Encryption Using the Cryptographic Services APIs
The Next Step in Security
A Simple Encryption/Decryption Algorithm for Numbers
Cryptographic Services APIs
Most of these articles deal with encrypting data in a table, but the concepts should help you encrypt a file on the IFS.
Or you could simply encrypt the file from a Windows box with ccrypt or TrueCrypt (perhaps not what you are looking for). Both are free. As is GnuPG which has a windows port and is probably the best of the bunch.
Don't forget that iSeries with PASE can run many AIX programs as is.
ccrypt for AIX could almost definitely be made to run on the iSeries and be called from QSH. And similarly for GnuPG for AIX; it could be run on the iSeries itself.
There is PkZIP for the iSeries which can provide encryption.
You could also 'roll your own' encryption using Java Cryptography.
We are currently using Arpeggio, which is free. We used to use PKZip, but were able to replace that tool with the free Arpeggio software. Seems to work well
You can set the authority to the file so only users in one group have access to it. I think its option 9 I don't have access to a iseries at this moment.
You can pull a port of GnuPG from Scott Klement's website at : https://www.scottklement.com/gnupg/. We have been using it without issue for years.
A lot has changed since this question was asked! IBM i now has extensive support for open source software in PASE. Several of the other answers here mention packages that IBM now provides for no cost as RPMs, easily installable via yum (or the Access Client Solutions GUI, which includes a graphical front-end for yum). Here is just a sampling of IBM-packaged tools you could use for encryption of IFS files:
GnuPG
p7zip (POSIX version of 7-Zip, compatible with and mostly superior to PKZIP)
Python, Node.js, and other programming languages, with access to various encryption libraries
Note that the RPM-based packaging is only supported on IBM i 7.2 and above. (Some people have been able to get it working on 7.1, but this requires the right combination of PTFs and know-how.)
For those on older (and by now, far out of support) versions of IBM i and its predecessors, you may be able to use Scott Klement's ports of GnuPG and p7zip, or Per Gummedal's iSeriesPython.