11:16 a.m.
On 2018-08-02 10:03, Steffen Klemer wrote:
Am Do, 02.08.2018 um 10:42 schrieb Ivan Kanakarakis
<ivan.kanak at gmail.com>:
Some observations:
Relying on openssl isn't necessarily a sign of quality and goodness..
One of the applications we have for SATOSA is eIDAS which will require
ECC and "non-standard" (eg OAEP) padding of RSA signatures.
As for maintainer size... I suspect whatever we choose we'll have to
take some responsability for ourselves
Cheers Leif
On Wed, 1 Aug 2018 at 23:28, Leif Johansson
<leifj at sunet.se> wrote:
I was looking at it yesterday and while I like the idea (and its
not-home-grown crypto using openssl as its backend) of the cryptography
module better compared to cryptodome, it seemed to lack some features.
Notably I couldn't find any mentioning of a high-level function for
signing something else then certificates -- everything asymmetric above
the 'hazmat'-layer just seemed to be concerned with key handling.
That besides both projects seem to be vital. Crpytodome seems to rely
mostly on one person, cryptography on 3 or 4. The latter is Apache OR
BSD licensed, cryptodome mixed BSD+Public Domain (and one submodule
Apache).
Overall I tended to go a bit deeper into Cryptography and see how hard
a port would be. Cryptodome-porting should be more or less free as it's
also a fork of pycrypto.
Any ideas before I go on? I just kept it around because I've never had
time to deal with it
but clearly you are right and we should switch to cryptodome.
pysaml2 has switched to pyca/cyptography.
Should we try to use that for pyXMLSecurity too?
Has anyone gone into a comparison and evaluation?