Support for PHP Secure Communications Library (phpseclib)

I am not really sure if this is really worth the trouble. It would be cool. But the use case is pretty small. People that don't have MCrypt but will take the time to download a new library.

See #639782: Create Encrypt 2.0 stable release

If you're downloading a Drupal module downloading one other library doesn't seem like that far of a stretch.

That said, why not just replace mcrypt calls with phpseclib calls? phpseclib calls mcrypt if it's available and uses its own implementation if mcrypt isn't available. Why have anyone download a new library at all?

The idea of the module is to provide as much security with as little effort as possible. Requiring a user to download PHPSecLib in order to get any kind of real security, when they probably have the native MCrypt function, is not in the direction I would like to go with this.

I like the idea of putting in PHPSecLib support, but I just don't think its all that necessary.

Like I said, you could just include it. This talk of having people downloading it when it can be included just seems silly.

If you find a code snippet on php.net do you copy / paste it, yourself, into your source code or do you say "because I didn't write it, users have to be the ones to copy / paste it!". This seems analogous. Why have users include it manually when you could include it for them in the main release?

Because dealing with third-party code in the Drupal CVS is very murky and often frowned upon. Here are the policies:
http://drupal.org/licensing/faq#q1
http://drupal.org/licensing/faq#q2

PHPSecLib is LGPL, not GPL, and I am not sure if that is compatible, but 99% times if it's not GPL, it's not going into the Drupal CVS repo.

Well, looking into LGPL (http://en.wikipedia.org/wiki/GNU_Lesser_General_Public_License) is compatible with GPL. I would like to start a ticket with the webmaster or infrastructure queue first, just to make sure.

Committed to 7.x-2.x.