-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key pairs import/export/generation #12
Comments
Hi! Sorry for such a delay with the answer 🤦♂️
Do you mean using one-size-fits-all data types for all cryptographic backends? (That is, a data type for an "signing key".) Or for data types within a single algorithm with possible multiple backends? (That is, a data type for a "Ed25519 signing key".) I'm soft-opposed to the first idea; one of motivations behind the crate was type safety, which is hard to achieve with such all-encompassing types. Regarding the second idea, I'm more welcoming, but I'd like to elaborate on it still.
I don't think that exposing backend-specific types is a bad idea per se. In the current crate architecture, it's the developer responsibility to enable the backend, and the key management is (intentionally) moved out of the area of responsibility of the crate - backends (usually) know how to deal with keys secure, and introducing additional layer of abstraction just increases the risks of something going terribly wrong™, IMO. Regarding the tests specifically, this is issue specific to tests. I think in most of use cases the library user will deal with fewer backends than are supported by the library, and certainly won't have to deal with the "overlapping" backends for the same crypto algorithm. |
Hi! I meant the later. Having backend-independent types for a given algorithm. Creating a key currently requires diving into the documentation of unrelated crates. Switching backends (e.g. using This makes usage of |
Looking good! I'm wondering if |
Moved the remaining part of the issue to #26. |
Hi!
jwt_compact
provides helpers to generate symmetric keys forHS256
/HS384
/HS512
.However, it doesn't expose anything similar ECDSA/EdDSA/RSA signatures.
This forces applications to also import and use the low-level underlying implementations. Even in the
jwt-compact
test suite, this is not convenient, as individual tests have to be written according to every possible backend.Would you be opposed to exposing a backend-agnostic API to import, export and generate asymmetric keys?
The text was updated successfully, but these errors were encountered: