-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolve calls to deprecated crypto APIs #168
Comments
I'd recommend just throwing when compressed points are passed... and not doing the point compression, and that would eliminate the warning. |
The challenge is that point compression requires extra functionality from crypto libraries. In this case access to low-level crypto primitives is needed to implement the point compression in COSE. In this case the underlying crypo library has deprecated the ability to access the needed APIs. It needs to be determined who needs this functionality. In order to support it, the client-side (i.e. the IoT device) also needs to implement point compression. t_cose, as an popular COSE libary, does not support point compression. Other libraries might offer support but we need more input from developers, who want to use the point compression functionality. Point compression has long been subject to IPRs and the standardization community has therefore been reluctant to use it in their specifications. See, for example, TLS. The situation has changed and the patents are older than 20 years now. The use cases where the bandwidth reduction for ECC public keys are, however, small and primarily focused on devices that are connected using low-power radio technologies, such as LoRaWAN or 6TISCH mesh networks. By removing the feature we would trigger those communities that care about this issue to come back and let us know what they need. They might also be able to help with implementing the feature. |
I found a workaround. |
@shizhMSFT, is this something your team can help resolve the warning? |
@SteveLasker This issue is now pending on #185. Could you initiate the discussion and move #185 to a proper milestone? |
Thanks, @shizhMSFT. Both #168 and #185 are now assigned to v1.3.0. We can pull it into 1.2 if we'd like. |
What is the areas you would like to add the new feature to?
Go-COSE Library
Is your feature request related to a problem?
The golang 1.21 was just released and it marks most of the APIs in the crypto/elliptic package deprecated.
It impacts the following code in our code base:
go-cose/key.go
Line 720 in 4451940
What solution do you propose?
No solutions yet.
What alternatives have you considered?
May be https://pkg.go.dev/filippo.io/nistec?
Any additional context?
No response
The text was updated successfully, but these errors were encountered: