I know from 4X you updated the lic system but your changes are not clear, is this the case for the CLI version as well?
does the cli version also have the same limiations and if so how do we include any future lic with the cli version.
if not then that's cool but do you have any plans in the future to change the lic opitons of the cli version.
I only asking as the site isn't clear, also all your cli switch's are missing from the website I had to view your git, please update
the page to include the switch's and what they mean
EG:
-e = encrypt
-d = decrypt
-p = password
No where on this page does it make clear and does not state what flags/switch's it supports.
AESCrypt CLI Limits?
-
paulej
- Posts: 635
- Joined: Sun Aug 23, 2009 7:32 pm
- Location: Research Triangle Park, NC, USA
- Contact:
Re: AESCrypt CLI Limits?
Yes, the CLI version requires a license. The license is a file that can be placed in your home directory in one of several places. For the CLI version, it's also possible to place it in the same directory as the CLI program. That's useful for when storing it on external media.
Documentation is available via "man" on Linux/Unix systems. On all platforms, the "-?" option will show detailed usage information.
Paul
Documentation is available via "man" on Linux/Unix systems. On all platforms, the "-?" option will show detailed usage information.
Paul
Re: AESCrypt CLI Limits?
Thanks for your reply Paul but problem is that means I have to download and agree to whatever terms you have of use before knowing if the tool is what I want without he switchs.
Since you already have it on your github pages you could just copy the switch information over to your main website.
Right now this and a few other things means I wont by buying a lic.
Reason of this is the point of a cli version is to intergreat it in to work flow, and if I wanted to do this I have to stare it with the key, something I paid for it's not something I would be happy about.
I do like your project as the source and you offer some good options but I used to sing your software back in the 3x days for the cli but now I can't I have to tell them sorry you need your lic I know many programs that use your AES in the background what will never be able to support the 4x software.
Maybe consider changing the CLI version to donation but that's up to you.
I have learnt what I need and sadly means I have to look else where but keep it up for now I might be walking else where but same time the project is pretty cool
Since you already have it on your github pages you could just copy the switch information over to your main website.
Right now this and a few other things means I wont by buying a lic.
Reason of this is the point of a cli version is to intergreat it in to work flow, and if I wanted to do this I have to stare it with the key, something I paid for it's not something I would be happy about.
I do like your project as the source and you offer some good options but I used to sing your software back in the 3x days for the cli but now I can't I have to tell them sorry you need your lic I know many programs that use your AES in the background what will never be able to support the 4x software.
Maybe consider changing the CLI version to donation but that's up to you.
I have learnt what I need and sadly means I have to look else where but keep it up for now I might be walking else where but same time the project is pretty cool
-
paulej
- Posts: 635
- Joined: Sun Aug 23, 2009 7:32 pm
- Location: Research Triangle Park, NC, USA
- Contact:
Re: AESCrypt CLI Limits?
Not every switch is documented on the CLI help page, but the basic functionality is:
https://www.aescrypt.com/command_line.html
While every option could be discussed at length, most people are looking for a brief overview, and that's why it's written as it is.
In terms of usage, what I do for automated environments (e.g., system backup and such) is place the key in /etc. It's not required to specify the location of key. On start, it will look in a few places and then continue. Is that what you meant by starting with a key?
I understand if you're not interested to buy a license, but programmers need to eat like everyone else.
https://www.aescrypt.com/command_line.html
While every option could be discussed at length, most people are looking for a brief overview, and that's why it's written as it is.
In terms of usage, what I do for automated environments (e.g., system backup and such) is place the key in /etc. It's not required to specify the location of key. On start, it will look in a few places and then continue. Is that what you meant by starting with a key?
I understand if you're not interested to buy a license, but programmers need to eat like everyone else.
Re: AESCrypt CLI Limits?
Well your incorrect about I not interested in paying for your tool if things was handled a little different.
Reason on, your tool offered a really good cli tool and lets say we have our own tool that uses it, we get the user to download
it or the tool downloads it for them but it's on there permision.
Me the open source dev that's making no money from his project wants to lets say donate to your project and I know like I said people doing
this part from the donate part as I never seen a donate button but I keep on going they are using v2 or v3 I think at the time it was v2.
But your new version is v4 the end user then tries to use it and it say's NOPE 30 days are up jimmy. The dev is unable to include some kind of
donaiton key, we can't promote your work because the one tool that should be able to is now locked now like a GUI app
I also just tired complining it myself, I didn't want to strip out your lic because I do think you need to get your thinks but the way you going about
it you cut out EVERYONE part from a end user or enterpize any middle man that would or could of got you that eyes on are gone.
I myself looked at your project back in the V2 days and you did have posts and things about it been iincluded in other projects but been fair and everything and how they got the files included.
But with V4 it's all gone, truth it feels like you feel the cli is a dirty part of the project what you find useful for your needs and big devs but not useful to anyone else I don't get this.
I am not upset with you I am confused as this tool as a place and a need and it's NOT end users and it's not some stuff enter dev it's us middle men the ones that would love to have your logo/url back to your site in our abouts or links to your site you know.
And back in the V2 days you had something that would support this option but now it's a nar pay or leave, I know there is other tools but your was good and is good, V4 tests have been pretty good the reg calls are small and only to your trail check what is nice and clean.
I would say, add a 3rd option for open source users to donate to you and complie the tool themsleves maybe that's the extra leg work you make them do, you already have this option anyway with the flag what does not include aescrypt_lm if set.
Maybe adding this flat as a switch also would another cool way of doing it so that open source peeps can well show you off man.
Your work isn't fully open source I get this but open source projects do need closed tools at times with the right lic's included.
I am not sure if I am getting what I wanting to say across very well, I know for one me and a few others did contact you back in the day for this kinds of things was possible but the newer builds just don't let us do this anymore and I don't see any downloads for the older versions.
I might be mistaken or you have fully changed your path you wanted to have your software what is all your right to do.
Personally if it was just my own use I don't see the problem for a key but AES tooling isn't a single person use, as the end user you sending that file needs it to decrypt it and basic storage I can see a local user this day and age this isn't a thing we use it in everything and been able to make sure our encrypt and decrypt options are the same is important.
Please consider this maybe donation version or a flag to disable the trial option form cli mod only.
Please also don't think I don't love your work there is a reason I came back to your tool many years later
Reason on, your tool offered a really good cli tool and lets say we have our own tool that uses it, we get the user to download
it or the tool downloads it for them but it's on there permision.
Me the open source dev that's making no money from his project wants to lets say donate to your project and I know like I said people doing
this part from the donate part as I never seen a donate button but I keep on going they are using v2 or v3 I think at the time it was v2.
But your new version is v4 the end user then tries to use it and it say's NOPE 30 days are up jimmy. The dev is unable to include some kind of
donaiton key, we can't promote your work because the one tool that should be able to is now locked now like a GUI app
I also just tired complining it myself, I didn't want to strip out your lic because I do think you need to get your thinks but the way you going about
it you cut out EVERYONE part from a end user or enterpize any middle man that would or could of got you that eyes on are gone.
I myself looked at your project back in the V2 days and you did have posts and things about it been iincluded in other projects but been fair and everything and how they got the files included.
But with V4 it's all gone, truth it feels like you feel the cli is a dirty part of the project what you find useful for your needs and big devs but not useful to anyone else I don't get this.
I am not upset with you I am confused as this tool as a place and a need and it's NOT end users and it's not some stuff enter dev it's us middle men the ones that would love to have your logo/url back to your site in our abouts or links to your site you know.
And back in the V2 days you had something that would support this option but now it's a nar pay or leave, I know there is other tools but your was good and is good, V4 tests have been pretty good the reg calls are small and only to your trail check what is nice and clean.
I would say, add a 3rd option for open source users to donate to you and complie the tool themsleves maybe that's the extra leg work you make them do, you already have this option anyway with the flag what does not include aescrypt_lm if set.
Maybe adding this flat as a switch also would another cool way of doing it so that open source peeps can well show you off man.
Your work isn't fully open source I get this but open source projects do need closed tools at times with the right lic's included.
I am not sure if I am getting what I wanting to say across very well, I know for one me and a few others did contact you back in the day for this kinds of things was possible but the newer builds just don't let us do this anymore and I don't see any downloads for the older versions.
I might be mistaken or you have fully changed your path you wanted to have your software what is all your right to do.
Personally if it was just my own use I don't see the problem for a key but AES tooling isn't a single person use, as the end user you sending that file needs it to decrypt it and basic storage I can see a local user this day and age this isn't a thing we use it in everything and been able to make sure our encrypt and decrypt options are the same is important.
Please consider this maybe donation version or a flag to disable the trial option form cli mod only.
Please also don't think I don't love your work there is a reason I came back to your tool many years later
-
paulej
- Posts: 635
- Joined: Sun Aug 23, 2009 7:32 pm
- Location: Research Triangle Park, NC, USA
- Contact:
Re: AESCrypt CLI Limits?
I fully understand your concern, but the legacy AES Crypt was aging. Some of the security procedures were becoming weak given advancements in brute-force attacks. I also had a very extensive list of backlog items, many of which "under the hood" kinds of things.
So, we set about rewriting AES Crypt mostly from scratch, especially the lower-layer libraries. Some of the Windows GUI code remained, but that was about it. We created AES Crypt v4 to be fully backward-compatible (as always), but it's also a commercial endeavor. We could not expend the time and resources otherwise.
For example of "under the hood" features, when you enter a password, the key derivation function is employed, a random key is generated, etc., it is all done in such a way as to maximize security. Every bit of memory allocated by AES Crypt that stores file data or keying material is securely erased. Every bit of the code was rewritten top-to-bottom and it's still being developed. We've had a few iterations since 4.0 was released about a year ago, and we're still making improvements, adding platform support, etc.
As for the CLI support, that is actually the first version created with v4. It got top priority, because it is used by me an enterprise customers for background processes (e.g., backing up data for secure cloud storage).
I'm really not sure what to say about the move to a commercial model, but most users have been OK with it. Most people appreciate the product from before and the fact I'm afforded an opportunity to continue doing this in my new role.
So, we set about rewriting AES Crypt mostly from scratch, especially the lower-layer libraries. Some of the Windows GUI code remained, but that was about it. We created AES Crypt v4 to be fully backward-compatible (as always), but it's also a commercial endeavor. We could not expend the time and resources otherwise.
For example of "under the hood" features, when you enter a password, the key derivation function is employed, a random key is generated, etc., it is all done in such a way as to maximize security. Every bit of memory allocated by AES Crypt that stores file data or keying material is securely erased. Every bit of the code was rewritten top-to-bottom and it's still being developed. We've had a few iterations since 4.0 was released about a year ago, and we're still making improvements, adding platform support, etc.
As for the CLI support, that is actually the first version created with v4. It got top priority, because it is used by me an enterprise customers for background processes (e.g., backing up data for secure cloud storage).
I'm really not sure what to say about the move to a commercial model, but most users have been OK with it. Most people appreciate the product from before and the fact I'm afforded an opportunity to continue doing this in my new role.