[project @ akuchling-20050509212057-55ab47f8ceaba662]

[project @ 2005-05-09 14:20:54 by akuchling]
Remove Demo/ directory -- the code is old and possibly misleading, and no one is going to modernize it

1 files changed, 0 insertions, 96 deletions

diff --git a/Doc/pycrypt.tex b/Doc/pycrypt.tex
index 926c422..1e38640 100644
--- a/Doc/pycrypt.tex
+++ b/Doc/pycrypt.tex
@@ -1065,102 +1065,6 @@ the number of words in \var{string} must be a multiple of 6.
 
 
 %======================================================================
-\section{The Demonstration Programs}
-
-The Python Cryptography Toolkit comes with various demonstration
-programs, located in the \file{Demo/} directory.  None of them is
-particularly well-finished or suitable for serious use.  Rather,
-they're intended to illustrate how the toolkit is used, and to provide
-some interesting possible uses.  Feel free to incorporate the code (or
-modifications of it) into your own programs.
-
-\subsection{Demo 1: \file{cipher}}
-
-\file{cipher} encrypts and decrypts files.  On most Unix systems, the
-\file{crypt} program uses a variant of the Enigma cipher.  This is not
-secure, and there exists a freely available program called ``Crypt
-Breaker's Workbench'' which helps in breaking the cipher if you have
-some knowledge of the encrypted data.
-
-\file{cipher} is a more secure file encryption program.  Simply list
-the names of the files to be encrypted on the command line.
-\file{cipher} will go through the list and encrypt or decrypt them;
-\file{cipher} can recognize files it has previously encrypted.  The
-ciphertext of a file is placed in a file of the same name with
-'\samp{.cip}' appended; the original file is not deleted, since I'm
-not sure that all errors during operation are caught, and I don't want
-people to accidentally erase important files.
-
-There are two command-line options: \programopt{-c} and
-\programopt{-k}.  Both of them require an argument.  \code{-c
-\var{ciphername}} uses the given encryption algorithm
-\var{ciphername}; for example, \code{-c des} will use the DES
-algorithm.  The name should be the same as an available module name;
-thus it should be in lowercase letters.  The default cipher is IDEA.
-
-\code{-k \var{key}} can be used to set the encryption key to be used.
-Note that on a multiuser Unix system, the \code{ps} command can be
-used to view the arguments of commands executed by other users, so
-this is insecure; if you're the only user (say, on your home computer
-running Linux) you don't have to worry about this.  If no key is set
-on the command line, \file{cipher} will prompt the user to input a key
-on standard input.
-
-
-\subsubsection{Technical Details}
-
-The encrypted file is not pure ciphertext.  First comes a magic
-string; this is currently the sequence \samp{ctx} and a byte
-containing 1 (the version number of \file{cipher}).
-This is followed by the null-terminated name of the encryption
-algorithm, and the rest of the file contains the ciphertext.  
-
-The plaintext is encrypted in CBC mode.  The initial value for the
-feedback is always set to a block filled with the letter 'A', and then
-a block of random data is encrypted.  This garbage block will be
-discarded on decryption.  Note that the random data is not generated
-in a cryptographically secure way, and this may provide a tiny foothold for
-an attacker.
-
-After the random block is generated, the magic string, length of the
-original file, and original filename are all encrypted before the file
-data is finally processed.  Some extra characters of padding may be
-added to obtain an integer number of blocks.  This padding will also
-be discarded on decryption.  Note that the plaintext file will be
-completely read into memory before encryption is performed; no
-buffering is done.  Therefore, don't encrypt 20-megabyte files unless
-you're willing to face the consequences of a 20-megabyte process.
-
-Areas for improvements to \file{cipher} are: cryptographically secure
-generation of random data for padding, key entry, and buffering of
-file input.
-
-
-\subsection{Demo 2: \file{secimp} and \file{sign}}
-
-\file{secimp} demonstrates an application of the Toolkit that may be
-useful if Python is being used as an extension language for mail and Web
-clients: secure importing of Python modules.  To use it, run
-\file{sign.py} in a directory with several compiled Python files
-present.  It will use the key in \file{testkey.py} to generate digital
-signatures for the compiled Python code, and save both the signature and
-the code in a file ending in \samp{.pys}.  Then run \code{python -i
-secimp.py}, and import a file by using \code{secimport}.  
-
-For example, if \file{foo.pys} was constructed, do
-\code{secimport('foo')}.  The import should succeed.  Now fire up Emacs
-or some other editor, and change a string in the code in \file{foo.pys};
-you might try changing a letter in the name of a variable.  When you run
-\code{secimport('foo')}, it should raise an exception reporting the
-failed signature.  If you execute the statement \code{__import__ =
-secimport}, the secure import will be used by default for all future
-module imports.  Alternatively, if you were creating a restricted
-execution environment using \file{rexec.py}, you could place
-\code{secimport()} in the restricted environment's namespace as the
-default import function.
-
-
-%======================================================================
 \section{Extending the Toolkit}
 
 Preserving the a common interface for cryptographic routines is a good