XML-Encryption for iPhone/iPad

  • Hi there,

    I know that there is no possibility to encrypt and protect the XML-Code for iDevices yet, so I open this thread to hopefully make it possible!

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
    Klaus
    I really do appreciate your hard work and effort you put into krpano, Klaus, but the possibility to protect our work is absolutely essential and should become highest priority in development! New functions and bug fixing is always great and also necessary, but with lower priority.
    Without a working encryption it´s almost impossible to sell our work if it´s content is beyond standard and containing new functions and/or ideas. Also it´s absolutely impossible to develope and sell XML only-Plugins, because the complete sourcecode is published everytime it is used.

    Based on that, may I ask if and when we can expect a possibilty to encrypt the XML-Code for iDevices?
    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

    Beside that, I´d travel the web searching a way to encrypt the XML-File before publishing it and decrypt it on the fly using Javascript. And I found a project called "Javascrypt" (http://www.fourmilab.ch/javascrypt/ ), which may do the trick (DEMO ).
    Here´s the main idea how this could work:
    1) encrypt the XML offline using a random-key and javascrypt
    2) embed the javascrypt.js-file into the HTML-File and call the encrypted XML
    3) decrypt the XML-File using the keyfile and send the decrypted code directly to krpano

    Unfortunately I´m no Javascript- nor HTML-Programmer and this is beyond my knowledge and possibilities. But I think together it should be possible!

    Best regards,
    Nupsi

  • It would still be possible to sell very complex HTML5-tours without any new features or bugfixes, ahoeben^^, because krpanoiphone.js is yet remarkable stable and functional. But without a working encryption it´s pretty hard to sell complex tours and/or self written XML-Plugins. And even for customers it´s quite a problem if the product they´re payed for is´nt protected in any way!

    That´s not really a drama if it´s "just" a normal tour, because that´s pretty easy to do for everyone. But selling everything beyond standard is almost impossible. And I´m not asking for a CIA-proof encryption here *g* Just something that we don´t have to deliver the bare naked code.

    Best regards,
    Nupsi

  • How exactly would this work?
    Wouldn't it be a trival to bypass any encryption?
    1. It must be decoded with javascript.
    2. The Javascript to do this is visible.
    I've thought about it quite a bit, and don't see a logical method.
    Though its probably just as trivial to decrypt the flash version.
    Anyone with enough knowledge to decrypt your xml probably doesn't give a hoot about it.

  • I disagree too. Why?

    1) Most people get the code from this forum, klaus or the examples. There are only a few that make exceptional stuff. If the code is complex, you won't understand it without having advanced knowledge of krpano, if the code is simple, then you couldve done it anyways
    2) Javascript code can be easily encrypted and minified (look for YUI compressor)
    3) Who is going to steal your stuff? You have to understand krpano, to see the value of a script. No photographer would want compressed tiled images, no contracter would want a tour so specific for another client, no tourmaker would understand the code. There is only 1 public that could steal code, and thats the users of krpano, and well, see point 1.

    If you make a website, all the images, logo, text etc are all full accessable. Nowadays developers hardly bother protecting their code like javascript. It's just an extra step to perform in the workflow. And we realize that its no use. For instance, I want to make a facebook app, I look at the code of facebook.com. I read some blogs of problems people ran intoo and incorperate that. Why should I protect that code?

  • Hi Zephyr,

    I agree with you in a few points, or at least I can see your pov, but it should´nt be overgeneralized, though. I really can´t tell how much krpano-users do exceptional stuff or how much get their code mostly from this forum and the examples, but there are krpano-users who does "exceptioal stuff", to stick to your expression, and need an active encryption.

    And no offends at all, Zephyr, but I´m no fan of generalized arguments like "no one needs that". You obviously not, which I envy you for. But I bet that every plugin-coder, everyone who does exceptional stuff and not to forget my clients would hardly disagree. There is a need for encryption, as the huge amount of posts containing the kprotect-tool shows. And please don´t get me wrong, I´m a huge fan of sharing and the open source-philosophy and would love a world where no encryption, no locks and no laws are needed, but that´s just not the world we´re living in. Sadly enough!

    Best regards,
    Nupsi *smile*

  • Hi Nupsi,

    I'm not trying to overgeneralize. But I see Klaus as 1 person, that needs to program that stuff ;) I rather see other features to be developed.

    If you ask people/prgrammers/clients, "Do you want the tour be more secure?" ofcourse they will say yes! But in my opinion krpano code is secure enough. You can use YUI Compressor/minifier to encrypt javascript files (like how krpano.js is encrypted). The xml doesnt need encrypting because its a load of code that no "non-krpano'r" understand. A client wouldnt care about that.

    I've worked with krpano for about 5-6 years now. And never did a client ask for better protection (and we're talking about 100's of clients). The only thing we maybe thought about protecting were the photos, but then again, who wants tiled compressed images. It happened only once,that the client took our photo's and let another party create a tour because they could offer something we couldnt. And that was our fault, since our quote didnt rule that out (ofcourse our quote changed afterwards). Now the photo stays in propery of us and the client "rents" our intelletual property ;p

    the reason I dont protect my code, is because it's quite complex. I call actions that generate plugins, that call events with numbers and numbers stand for panorama id's which would load other id's and if number of id's is greater then 1 then generate other plugins etc etc. It would take you days even if I give you the xml. And if you could understand it all, you would probally easily create the same system without the code :P

    My point is, safety and protection is a little bit overrated. I'm not talking about an ideal Opensource world (you put time in the code, others should atleast take some effort in stealing your code). Complete protection is never possible. You dont have to see code, to steal ideas. I once made an accordionmenu in krpano tour, a great way to show content without covering the panorama, it was not much after people recreated the idea (and Ive been even asked to recreate it ;p).

    A little anekdote. Someone once told me about the first synthesizer. It was humble, had some features. People wanted more sounds, more ways to alter the sound, etc So the creator added 100's more buttons. Confusing the users, and sales went down. Afterwords (I think it was yamaha) created the same features, but put it under a rotating dial. 100's of features under 2 dials and 10 buttons. And it became one of the most sold synthesizers. My point: Features dont make a tour or a great coder, in the end it's how you present it. Not every demand should be honored. Someone could steal the same feature, but present it differently.

  • ow, I dont think I said "no one needs that". Sure there are cases which would need protection (photos from cars, where the rights belong to the car dealer). Its just not a feature 90% of the users would/could need (although they think so, and thats my point... that thought is wrong).

  • Hi Zephyr *smile*

    ow, I dont think I said "no one needs that". Sure there are cases which would need protection (photos from cars, where the rights belong to the car dealer). Its just not a feature 90% of the users would/could need (although they think so, and thats my point... that thought is wrong).

    I did´nt meant to put words into your mouth. What I meant was that phrases like these: "No photographer would want..., no contracter would want...., no tourmaker would understand..., although they think so... that thought is wrong)" are far too generalized. For every rule there is an exception!

    And I don´t really care about protecting the images. KRPANO does a great job tiling the images into hundreds of small pieces, if you want to, and that´s enough protection for me. Plus it´s not like I´m shooting the first moon-panorama *g* Everyone with a cam an few minutes of spare time can do a panorama. But combining all the images, graphics, sounds, effects, plugins, videos and animations into a beautiful piece of art, that´s where the real magic happens. And all I´m asking for is a possibility to protect that work - besides the fact that my clients asked for a protection. And to bring it to the point: They´re paying my bills! Lucky you, if you´re not in a similar situation.

    Best regards,
    Nupsi

  • Hello,


    In the meantime that krprotect for tours for idevices is being developed, my quesrion is:


    1. Can we give the client, the unprotected files for the tour like the html, xml, etc, to be published in the client's website ?

    2. If so, what about the iphone license, i understand this is needed by the tour, can we give it also unprotected.


    Thank you very much and best regards,

    Manuel

  • Hi Manuel,

    you really have no other choice than giving your client the unprotected XML and krpanoiphone.js with your included license. But you don´t give your client the krpanoiphone.license-file! If you create an iphone-pano with the krpano-tools, than you get a krpano.js-file with your license already embedded and that´s the one you deliver your clients with the tour. This file is´nt protected either, but at least it´s not too obvious *wink*

    Best regards,
    Nupsi

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!