Commits on Jan 26, 2022

1. Remove sodium-native optional dependency …

   This commit addresses the following issues:
   
   stellar#339
   stellar#404
   
   Changes:
   
   - removal of optional sodium-native native compiled module
   - promotion of existing version of
   tweetnacl-js to handle all sign/verify duties
   
   Removal of the optional dependency greatly simplifies the
   code in `src/signing.js` and removes all native compilation
   issues that have negatively impacted developers for at least
   two years when using modern versions of NodeJS.
   
   This commit does not choose to prefer a new method of signing,
   it simply delegates that task to the existing primary signature
   library (tweetnacl-js) in all cases. This also has the pleasant
   side-effect of greatly simplifying the signature code removing
   what had been described in the code comments as
   being "a little strange".
   
   The actual signature generate/sign/verify functions remain
   completely unchanged from prior code and have been refactored
   only to simplify the code.  This also has the pleasant side
   effect of allowing any security audits of this code, or the
   associated tweetnacl-js library, to have far less surface
   area to examine.
   
   Cryptographic 'agility', as previously existed here to address
   theoretical performance issues, is considered a security anti-pattern.
   
   All existing gulp test suites pass when tested with Node version 14.18.2

   

   grempe committed Jan 26, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for ae920d8
   • Browse repository at this point

   Copy the full SHA

   ae920d8 View commit details

   Browse the repository at this point in the history