curve25519-dalek unmaintained #63

npmccallum · 2022-07-15T13:31:35Z

I filed a PR against curve25519-dalek to update dependencies:

However, it appears that the crate is unmaintained and forces old dependencies all downstreams. There are numerous PRs requesting dependency updates that have all been ignored: https://github.com/dalek-cryptography/curve25519-dalek/pulls

I recommend we drop this curve OR make it optional until such time as a practical implementation can be made.

The text was updated successfully, but these errors were encountered:

jedisct1 · 2022-07-15T16:04:29Z

There's curve25519-dalek-ng, a fork that resulted from an internal drama, but the last release is actually older than curve25519-dalek.

An alternative would be to use BoringSSL (that supports X25519 and Ed25519).

tarcieri · 2022-07-15T16:33:47Z

We've had some previous requests to fork the dalek crates under @RustCrypto.

If that sounds interesting to you, it'd be helpful if you could leave a note about your use cases on this issue: RustCrypto/elliptic-curves#497

jedisct1 · 2022-09-20T15:56:48Z

ed25519-dalek was replaced with ed25519-compact.

- Note: `x25519-dalek` is broken. It depends on zeroize `=1.3`, but crates like rsa depend on newer versions of zeroize. - See WebAssembly/wasi-crypto#63 , dalek-cryptography/x25519-dalek#92 . - Resolve this by using `x25519-dalek-ng`, which fixes this issue. This is a common workaround, and is also used by, for instance OpenMLS: https://github.com/openmls/openmls/blob/3ff090fd4881cb796d4688f7f174929a7521dbf1/openmls_rust_crypto/README.md?plain=1#L3 - Fixes #910.

rjzak mentioned this issue Jul 18, 2022

Web Assembly target support enarx/steward#26

Closed

rjzak mentioned this issue Aug 2, 2022

Set up wasi-crypto working group? #73

Open

poljar mentioned this issue Aug 11, 2022

Upgrade x25519-dalek to 2.0.0-pre.1 matrix-org/vodozemac#81

Closed

jedisct1 closed this as completed Sep 20, 2022

Provide feedback