More seriously, because LAMP stacks are ubiquitous, well understood and well supported by vendors. Also, the output of this code is trivial to use or replicate in most other languages - in fact, I've got some fragments of C source lying around for a similar system, that was intended for a command-line tool that would interoperate with a distant ancestor of Lockbox.
That concern for future interop possibilities is the main reason it stores secrets in JSON - which is one reason, along with abysmal character encoding practices by many developers, that the key and ciphertext is all ASCII-safe. A 30% bump in output size is more than offset by never having to care what transport those strings are moving through.
More seriously, because LAMP stacks are ubiquitous, well understood and well supported by vendors. Also, the output of this code is trivial to use or replicate in most other languages - in fact, I've got some fragments of C source lying around for a similar system, that was intended for a command-line tool that would interoperate with a distant ancestor of Lockbox.
That concern for future interop possibilities is the main reason it stores secrets in JSON - which is one reason, along with abysmal character encoding practices by many developers, that the key and ciphertext is all ASCII-safe. A 30% bump in output size is more than offset by never having to care what transport those strings are moving through.