-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curve25519-dalek unmaintained #63
Comments
There's An alternative would be to use BoringSSL (that supports X25519 and Ed25519). |
We've had some previous requests to fork the dalek crates under @RustCrypto. If that sounds interesting to you, it'd be helpful if you could leave a note about your use cases on this issue: RustCrypto/elliptic-curves#497 |
|
- Note: `x25519-dalek` is broken. It depends on zeroize `=1.3`, but crates like rsa depend on newer versions of zeroize. - See WebAssembly/wasi-crypto#63 , dalek-cryptography/x25519-dalek#92 . - Resolve this by using `x25519-dalek-ng`, which fixes this issue. This is a common workaround, and is also used by, for instance OpenMLS: https://github.com/openmls/openmls/blob/3ff090fd4881cb796d4688f7f174929a7521dbf1/openmls_rust_crypto/README.md?plain=1#L3 - Fixes #910.
I filed a PR against
curve25519-dalek
to update dependencies:dalek-cryptography/curve25519-dalek#403
However, it appears that the crate is unmaintained and forces old dependencies all downstreams. There are numerous PRs requesting dependency updates that have all been ignored: https://github.com/dalek-cryptography/curve25519-dalek/pulls
I recommend we drop this curve OR make it optional until such time as a practical implementation can be made.
@rjzak @tarcieri
The text was updated successfully, but these errors were encountered: