search

cossacklabs / themis

Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
https://www.cossacklabs.com/themis
Apache License 2.0
1.87k stars 143 forks source link

Transparent hood #8

Closed cossacklabs closed 9 years ago

cossacklabs commented 9 years ago

Object returning a string with current cryptographic algorithm choices for current object.

cossacklabs commented 9 years ago

@mnaza, can't we just move all defines related to cipher choice to one .h file and reference that .h file everywhere in docs? Is there anything but clang madness which limits us from it?

cossacklabs commented 9 years ago

Still EC-part is left. Can we summon @ignat1 and @mnaza to talk about this issue a bit?

mnaza commented 9 years ago

Algorithms can be selected by adding make param: AUTH_SYM_ALG, SYM_ALG and RSA_KEY_LENGTH. Now supported only one ECurve and param for curve selection not needed.

gene-eu-zz commented 9 years ago

I've written the explanation: @secumod @mnaza let me know if I wrote everything correctly @vixentael @mobrio let me know if it's understandable

https://github.com/cossacklabs/themis/wiki/2.1-Building-and-installing

mnaza commented 9 years ago

Yes, everything is correct.

ignatk commented 9 years ago

+1

vixentael commented 9 years ago

@gene-eu yep, understandable.

But i don't really like these 'in most cases' words. It sounds as we're not sure that Themis is a working piece of software.

But we are sure.

I propose to get rid of these uncertain phrases: they are useless for end-users, hinting on possible problems without providing any solutions.

If there is a known set of cases 'what could possible go wrong' during installation, i suggest to create new paragraph Troubleshooting. It's common practice to describe possible pitfalls.

gene-eu-zz commented 9 years ago

agree, will fix

mobrio commented 9 years ago

I realise the doc is "Building and Installing" but for completeness perhaps mention make uninstall

In testing this I noticed that uninstall can fail because of it's dependencies: uninstall: phpthemis_uninstall rubythemis_uninstall pythonthemis_uninstall

If you have not installed phpthemis then no makefile will have been generated in src/wrappers/themis/php so the attempt to uninstall phpthemis with make distclean fails and causes the whole uninstall process to stop. I don't know if this would also apply similarly for python or ruby.

One possible "Troubleshooting" case is the need to: sudo make install

A more esoteric "Troubleshooting" case is OS X 10.11 SIP (aka Rootless). The makefile itself now does all the right things and all you need to do is: make phpthemis_install PREFIX=/usr/local

However, the phpize generated ./configure uses ```php-config --extension-dir''' to determine the final destination for phpthemis.so. The default /usr/bin/php-config will return something like /usr/lib/php/extensions/no-debug-non-zts-20121212 ... which is non-writable with SIP.

A solution to this (there may be others) is to:

  1. Create a directory such as /usr/local/lib/php/extensions/sipfix
  2. Copy /usr/bin/php-config to /usr/local/bin/php-config and amend it to reference the new directory
  3. make phpinstall PREFIX=/usr/localwill now install /usr/local/lib/php/extensions/sipfix/phpthemis.so
  4. In php.ini set extension= /usr/local/lib/php/extensions/sipfix/phpthemis.so (i.e. use the full path)
vixentael commented 9 years ago

@mobrio awesome findings! :+1:

gene-eu-zz commented 9 years ago

done

gene-eu-zz commented 9 years ago

@mobrio, this is slightly different issue, I'm moving it to separate ticket.