Extract plug_crypto into a separate project

[josevalim]

Plug will still depend on it but making it a project means other projects can use the key generation, signing and encryption too.

/cc @GriffinMB @voltone @idyll

[whatyouhide]

Working on this.

[wojtekmach]

pinging @mobileoverlord; crypto code from Hex has been extracted into https://github.com/hexpm/pbcs so maybe there's some overlap here too.

[mobileoverlord]

pbcs is an implementation of the PCKS #5 for password based encryption. The Plug.Crypto.KeyGenerator is also an implementation of this. I am only familiar with Plug.Crypto from a cursory look as I am not using it directly myself, but it appears like there is overlap.

[idyll]

Do we think that we'd possibly include a PKCS#7 or CMS implementation here as well eventually?

Asking because I feel like the PKCS#5 and PKCS#7 stuff probably should belong to Elixir instead of plug. (not as part of the language though, because we'd want to be able to update them independently for security reasons.)

Erlang (and hence Elixir) has some gaps in its crypto support. I think a crypto package under the Elixir makes sense to start filling the gaps in.

Personally I work with a lot of iOS apps I and it's a bit of a chore to extract the signature, verify certs, etc. with the current stuff that's available. Apple's App signing is all based on PCKS#7.

[josevalim]

@idyll the goal here is to extract what is in Plug into something reusable. Our implementation is more about user-level API than wrapping certain algorithms (although we do use certain algos behind the scenes). Implementing PKCS#7 though probably makes sense for the pkcs package though (which is a sep discussion).

[idyll]

Right, so should PKCS#5 go there as well? That's all I'm thinking.

The rest makes sense to me.

[whatyouhide]

@idyll can you open an issue to discuss this in https://github.com/elixir-plug/plug_crypto?

[josevalim]

@whatyouhide I think that @idyll should open up an issue on pkcs and not plug_crypto. :)

[idyll]

I am going to start with a proposal in the Elixir mailing list.

[whatyouhide]

Closing this as now https://github.com/elixir-plug/plug_crypto exists. Thanks all! 💟