Cryptography library

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Cryptography library

Lachlan Gunn
Hello,

Has a consensus yet been reached regarding which crypto library/ies are going to be used with base Julia going forward?  I see that the issue regarding OpenSSL licensing (https://github.com/JuliaLang/julia/issues/10763) is still open.

Another project of mine demands that I write an OpenPGP parser/verifier, which could perhaps be useful for the package verification work that I've let slip for a while.  Though it might be somewhat unwise to use homebrew crypto-related (though not the actual crypto) code in Pkg, I would like to keep that door open.  Currently I'm using Crypto++ for the actual signature verification, but obviously it's easier to change library now than later.

Thanks,
Lachlan
Reply | Threaded
Open this post in threaded view
|

Re: Cryptography library

Avik Sengupta

I don't think there has been any discussions on adding a crypto library to base yet. I doubt there will be a formal consensus unless there is a practical proposal.  However, all the web stack code has currently standardised on MbedTLS. That seems to work well, and is the best option right now. 

https://github.com/JuliaWeb/MbedTLS.jl

Regards
-
Avik


On Thursday, 10 March 2016 01:25:19 UTC, Lachlan Gunn wrote:
Hello,

Has a consensus yet been reached regarding which crypto library/ies are going to be used with base Julia going forward?  I see that the issue regarding OpenSSL licensing (<a href="https://github.com/JuliaLang/julia/issues/10763" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FJuliaLang%2Fjulia%2Fissues%2F10763\46sa\75D\46sntz\0751\46usg\75AFQjCNGbaLra4EhG6eVNqqa6VbB2to59WA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FJuliaLang%2Fjulia%2Fissues%2F10763\46sa\75D\46sntz\0751\46usg\75AFQjCNGbaLra4EhG6eVNqqa6VbB2to59WA&#39;;return true;">https://github.com/JuliaLang/julia/issues/10763) is still open.

Another project of mine demands that I write an OpenPGP parser/verifier, which could perhaps be useful for the package verification work that I've let slip for a while.  Though it might be somewhat unwise to use homebrew crypto-related (though not the actual crypto) code in Pkg, I would like to keep that door open.  Currently I'm using Crypto++ for the actual signature verification, but obviously it's easier to change library now than later.

Thanks,
Lachlan
Reply | Threaded
Open this post in threaded view
|

Re: Cryptography library

Lachlan Gunn
Thanks very much.  I've rewritten around MbedTLS then.

On Thursday, 10 March 2016 17:49:24 UTC+10:30, Avik Sengupta wrote:

I don't think there has been any discussions on adding a crypto library to base yet. I doubt there will be a formal consensus unless there is a practical proposal.  However, all the web stack code has currently standardised on MbedTLS. That seems to work well, and is the best option right now. 

<a href="https://github.com/JuliaWeb/MbedTLS.jl" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FJuliaWeb%2FMbedTLS.jl\46sa\75D\46sntz\0751\46usg\75AFQjCNFwrrfaAEmFWKGr4X4JDp75qm5iMw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FJuliaWeb%2FMbedTLS.jl\46sa\75D\46sntz\0751\46usg\75AFQjCNFwrrfaAEmFWKGr4X4JDp75qm5iMw&#39;;return true;">https://github.com/JuliaWeb/MbedTLS.jl

Regards
-
Avik


On Thursday, 10 March 2016 01:25:19 UTC, Lachlan Gunn wrote:
Hello,

Has a consensus yet been reached regarding which crypto library/ies are going to be used with base Julia going forward?  I see that the issue regarding OpenSSL licensing (<a href="https://github.com/JuliaLang/julia/issues/10763" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FJuliaLang%2Fjulia%2Fissues%2F10763\46sa\75D\46sntz\0751\46usg\75AFQjCNGbaLra4EhG6eVNqqa6VbB2to59WA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\75https%3A%2F%2Fgithub.com%2FJuliaLang%2Fjulia%2Fissues%2F10763\46sa\75D\46sntz\0751\46usg\75AFQjCNGbaLra4EhG6eVNqqa6VbB2to59WA&#39;;return true;">https://github.com/JuliaLang/julia/issues/10763) is still open.

Another project of mine demands that I write an OpenPGP parser/verifier, which could perhaps be useful for the package verification work that I've let slip for a while.  Though it might be somewhat unwise to use homebrew crypto-related (though not the actual crypto) code in Pkg, I would like to keep that door open.  Currently I'm using Crypto++ for the actual signature verification, but obviously it's easier to change library now than later.

Thanks,
Lachlan