Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request]: Create a cryptography wrapper library for AT Protocol #88

Open
MasterJ93 opened this issue Jan 11, 2025 · 0 comments
Open

[Feature Request]: Create a cryptography wrapper library for AT Protocol #88

MasterJ93 opened this issue Jan 11, 2025 · 0 comments
Assignees
@MasterJ93
Labels
new feature New feature or request

Comments

@MasterJ93
Copy link
Owner

MasterJ93 commented Jan 11, 2025
edited
Loading

Summary

A new library for the secp256r1 and secp256k1 elliptic curves will be needed for anything related to AT Protocol's cryptography needs.

Pain points

The main goal of ATProtoKit is to be a complete Swift implementation of the AT Protocol. That is, all parts of the AT Protocol would be able to be written in Swift. Part of that is cryptography, which ATProtoKit lacks at this time.

This feature will create a new library, named ATCryptography. This library will eventually be moved to its own, separate repo for individual work.

According to the AT Protocol specifications, there are two forms of cryptography that it supports: p256 and k256. While p256 is supported with Apple's built-in CryptoKit, p256 is not. Therefore, we'll need to use a Swift package for this. The best candidate so far appears to be swift-secp256k1. The only issue as it stands is that it only supports Swift 6.0, which limits what can be done. While ATProtoKit will not be dropping support for Swift 5.9 or 5.10, some uncomfortable sacrifices might be made (with the worst case being that any form of p256-related tasks will be locked behind Swift 6.0).

I am open to having someone create a library that supports p256 in the form that AT Protocol accepts and that works in Swift 5.9 and above. However, cryptography is a bit above my pay grade at this time, so I won't be able to participate in that.

It would be nice for a security researcher to pitch in and read the code to ensure it meets security standards, but the likelihood of that happening isn't high.

Considered Alternatives

No response

Is this a breaking change?

No

Library Examples

Bluesky's own crypto package within their repo would essentially need to be studied and replicated in the best way possible while adhering to Swift's standards in safety and adhering to the Swift API Design Guidelines.

Additional Context

The reason for calling it ATCryptography instead of ATProtoCrypto is due to the current negative connotations with the word, given that the average person might think of cryptocurrencies instead of the actual security method of cryptography. To be clear, ATProtoKit does not endorse the use of cryptocurrencies any form, just as much as the AT Protocol doesn't endorse it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MasterJ93 MasterJ93

Labels
new feature New feature or request
Projects
ATProtoKit
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MasterJ93