Alternative to cryptonite/crypton? #108
Comments
|
Is there an alternative library that provides all the primitives JOSE needs? That's the first question. Even if there is, it would be a huge undertaking to implement. |
Probably the only one is https://hackage.haskell.org/package/HsOpenSSL What primitives does JOSE need exactly? |
|
For JWS & signed JWT:
HsOpenSSL at this time seems only to support RSASSA-PKCS1v1.5 and HMAC (with all relevant digests). It also seems to be quite a nuisance to load keys (I might have missed something though). What features and algorithms do you need? If your company is willing to pay, please reach out and we can discuss in more detail (see my git commits for email address to use). |
|
See crypton |
frasertweedale
changed the title
|
@geraldus jose already switched to crypton (which was a hard fork of cryptonite because it was unmaintained) in v0.11. The ask in this issue is to support fundamentally different backends (e.g. thunk to OpenSSL or some other verified or FIPS-certified crypto implementation). It is a valid ask, but unless/until someone provides something with an interface substantially similar to or compatible with crypton[ite], it is too much work for me to do for free. If someone wants to pay, I am open to it. *edit: * it looks like the botan effort will try to provide a crypton compat interface for drop-in replacement (see https://haskell-cryptography.org/blog/botan-first-milestone/#development-of-a-drop-in-interface-replacement-for-crypton). When this arrives, I will re-evaluate! |
I don't want to use cryptonite and other related libraries. There's some discussion about that here: https://mail.haskell.org/pipermail/libraries/2020-August/030671.html
So... can someone say if there's a way to switch out cryptonite for something else and maybe put it behind a cabal flag?
The text was updated successfully, but these errors were encountered: