This has been asked before and I could not find an answer. So i'll ask it again.
"Just wondering if anyone knew of a commercial AES package that can be purchased and used in embedded C-platform systems..."
Yes, I do know that it can be found for free, but we would rather pay for it from a reputable company. Thanks for any help.
AES is one of those things you can safely take from a free source, I think. This is because it's an open algorithm that's fairly straightforward to implement, and there are numerous reference implementations to compare to. Furthermore, extensive packages of test vectors exist for free online which make packages simple to verify.
Eli
There is a great misconception that encryption code from a commercial vendor is of higher quality than the (open source) code used to generate the standard.
Regardless of where you get it, the implementation needs to be verified. Verification is the most time consuming part, and its complexity does not change when you buy a package.
But if you must, one "gold standard" for encryption is the BSafe package from RSA.
G.
But if you buy it from a commercial vendor you typically get good support as well.
When you need support for something like this you really need support "NOW!" and that you can depend on.
This is one of the failings of Free software. The support is patchy and depends on volunteers. Also YOU are liable for the integrity of things.
We are talking business. In business legal liability is a part of the picture. When you buy from a commercial suppler you can offset a lot of the liability.
The commercial company has a real interest in making sure the package works and has no flaws or holes. See comments above.
-- \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ \/\/\/\/\ Chris Hills Staffs England /\/\/\/\/ /\/\/ chris@phaedsys.org www.phaedsys.org \/\/\ \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
In my experience, the quality of support seems to depend on the relative size of the companies. Since I have worked mostly for small companies, the level of support I have received from larger commercial software suppliers has varied from bad to putrid, with a few delightful exceptions.
I have had outstanding support from several small companies that provide support for Open Source software, as well as smaller closed software suppliers.
Given a choice I would find an open source package that has this type of commercial support. This gives me the option of finding alternative support without forcing me to change the software if I have any problems with the support.
However - with over 20 years in the industry, I have never had a problem with the quality of support from any of the small companies supporting Open Source. I have had several go out of business, but I could always find an alternative source for the support.
Dealing with closed software I have had situations where the supplier would no longer support a product (they closed, were sold or stopped producing/supporting that version) and I had to do significant additional work to port to an alternative. I have also had cases where the level of support was so bad that I was forced to use an alternative (also at additional cost).
Have you ever read the commercial license agreements - most of them don't even guarantee that the software will run properly - only that it will run. All of the ones I have seen explicitly state that they accept no liability for anything that is produced using their product. Most of them won't even let you know what they changed when they make updates or corrections.
This applies to anyone trying to make a living/profit, as long as you are dealing with someone who does this as their job and not as a hobby you get the same level of interest in keeping the product working. I agree that many open source projects are not complete - they met the developers need and he made it available to others, but there are open source products and projects that compare favorably with closed source products and my experience has usually been better when I could choose from multiple companies to provide support for a (mostly) common source.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.