It may still be too early for me to ask such question. I would like to know if it’s acceptable to publish an open source paid/subscription application in FDroid?
My application(Non-Android at current moment and uses Windows) which consists of total endpoint encrypted(does not involve any user’s secret on server side which includes password/passphrase and uses only PKCS[Public Key Cryptography System]) file storage and a secure database client application(does not really need to post to FDroid due to it’s mostly used in server/application) which both uses PayPal instead of Google or IOS store payment.
Currently my application requires certain fixes and patches before I can work on Android version through Xamarin. It also currently runs in PayPal Sandbox instead of production environment.
Here’s my application:
I would like to know if my projects can upload to F-Droid when the time’s right because … it is POSS instead of FOSS…
The FOSS part covers the code, not the functionality. We have apps that connect to sites, either if you need to pay or not for an account is something else, not the point of F-Droid. Better yet, it might be a good thing for FOSS, to make it sustainable.
Are there any official format for signing the application and releasing the public key? Can I just use libsodium open source cryptography library to do it instead of relying on OpenSSL or certificate or PGP? In C#, there’re 3 suitable data types to distribute the signed application and public key which are Byte-Unsigned 8 bits integer array in C#/Byte-Signed 8 bits integer array in Java, Char and String, majority of cryptography community settle down on using Base64 encoded string to distribute any cryptography related content, does the public key and signed application needs to be in Base64 encoded string?
(Let me know if I should make a new post instead of posting here).
I would like the people on F-Droid with either Linux/Windows machine to be a tester in using my applications. I really need suggestions or feedbacks from you guys on how I can make it better.
@Chewhern
Some (armchair) feedback:
For the web version:
there are many GET requests which ought to be POST
using .txt files for a database will become a headache later on, use a real DB. furthermore I suspect these files are inadvertently made publicly accessible!
source files are missing license header
consider moving the systemd unit from the readme into a .service.example file
filtering for valid characters in SecureIDGenerator seems questionable, just encode the raw bytes instead perhaps?
there are many hardcoded hostnames
in Program.cs you have “validation data” that is random bytes? that seems absurd
consider using SRI where possible
many files are just stubs? perhaps note them with comments?
why is Required_Files a zip and not just included as is in the repo?
why does it need to run as root?
For the non web version:
import function can be used to write out of self
lots of redundant code, please DRY
Other things:
none of your docs concisely explain what exactly this is or why someone would use it
add some screenshots maybe
consider learning the basics of git instead of having many copies of different versions in the repository
you have some docs that are .pdf files??? make them plaintext please
Majority of the requests are indeed GET requests, I feel like this might be okay? I need some experience on why I should be using POST instead of GET…
It’ll certainly be a headache…, in a later version(server code), I will be switching some parts to DB. but combination of files and DB might be the way I do things… Regardless if DB or files or a combination of both, integrity issue in cybersecurity(The C.I.A aspects) won’t go away… with confidentiality maxed out … I don’t think making them publicly available/accessible is an issue. Educate me regarding on this matter. This issue are you referring to is it server’s code or the linux client code?
Do you mind giving me an example like how I can add the license header?
These are nothing up my sleeve numbers in cryptography. There’re several ways to generate unique ASCII ID that exclude problematic characters that will cause compiling or running error, I choose it this way instead of converting it into HexaString (Libsodium function) or encode it into Base64 encoded string exclude all special characters. This ID by itself was responsible for generating publicly disclosable ID(In some sense, it’s also a strong random password) such as the file storage’s ID, user’s ID and ETLS session ID. It needs to be unique and not causing any trouble to the OS or the server. If there’re better ways in doing this let me know.
There’re indeed hardcoded hostnames… but given that not each user was tech-savvy or in simple words coming from programming background…, asking them to switch the hostnames or put the hostnames into a file in one way or the other the hardcoded issue may not be resolved… as files and folders need to generate on the fly. For example, let’s say currently the default host was xxx.com:5001, the reason why I said this hardcoded issue won’t go away is because if I put the xxx.com:5001 into the system so that it generates host.txt. By right the content in host.txt can be changed but given that this is generated by default… In my opinion, there’s no way that this can be resolve in a simple manner if other received the code and compile/run/launch. Educate me if there’s a simple way in doing this.
Thanks for letting me knowing this issue still exist. I have a hard time in designing an automatic ETLS session deletion process. I may need to rework on this issue(server code) so that the random challenge was generated by the server instead of the client as the deletion process will be using public key digital signature with challenge and respond(a true user secret-less way of authenticating with server with strong cryptography RNG by default).
Mind If I ask what is SRI? This application(linux) was running on client’s device instead of a public domain.
Majority of the files are indeed stub files but the server only host any files that are publicly disclosable. Alright, will do…
There’re several empty folders that I can’t create through including it in the repo because (my capability limitation) it seems to me there’s no way I can create empty folders and include the files as a zip seems to be a viable option to me. Educate me on this matter.
Sorry…, it’s my bad. It does not need to be run either as sudo privilege user or root user but it has to be any user that has proper ownership of the application and their own corresponding files/folders.
I will include some documents as to why people would use it. The reason behind this application seems to be clear to me. To eliminate any need of using password/passphrase or any forms of user secrets on server side because in my document I have made a statement which is both users and developers may not know what they are doing. In most cases, if an attacker get the hashed form of a password(regardless properly deal and processed), the chances is if they are able to crack one, the cracked password/passphrase may be the passwords in their social account(Facebook/Meta), bank account, google account, microsoft account, github account and this list goes on… This is a chain reaction that definitely will occur as long as the server or the services(service provider’s server) involve with user’s secret. That’s why for both privacy and security community, the server/service provider in the long run mustn’t use any of the user’s secret in logging in or performing encryption/decryption on user’s behalf when the service asked for user’s secret such as password/passphrase(this’s also the reason why my application encrypts and decrypts on user’s device instead of server[Storage] and only user’s device can decrypt[Database]).
Confidentiality/privacy can only be achieved if both party knows what they are doing. By making the server user secret-less, it’s not in adversary or hacker’s interest as the server has lost the value to be attacked. This application or my other application relies on cryptography RNG to ensure each key(symmetric encryption key and private/public key) was generated with strength equal to a random strong password. As the server stores only the publicly disclosable information, finding the user’s private key through public key was impossible(before big alien quantum computer). If relying on cryptography RNG, it means that any private or symmetric encryption key mustn’t be lost else there’s no way to recover.
There may be more reasons why server needs to achieve almost perfect user secret-less is the only option in the long run for both privacy and security community… I will put my reasoning and what exactly this is in the documents.
What could be the screenshots people want? I may need an idea else… I don’t know what kind of screenshot should I take.
Alright, will do.
Your plaintext is it refers to text file such as .txt ? or can be other format?
, because I wasn’t sure if I can make it work on Android yet… regardless if it’s using Xamarin or plain Android…