Extract plug_crypto into a separate project #766
Comments
|
Working on this. |
|
pinging @mobileoverlord; crypto code from Hex has been extracted into https://github.com/hexpm/pbcs so maybe there's some overlap here too. |
|
|
|
Do we think that we'd possibly include a PKCS#7 or CMS implementation here as well eventually? Asking because I feel like the PKCS#5 and PKCS#7 stuff probably should belong to Elixir instead of plug. (not as part of the language though, because we'd want to be able to update them independently for security reasons.) Erlang (and hence Elixir) has some gaps in its crypto support. I think a crypto package under the Elixir makes sense to start filling the gaps in. Personally I work with a lot of iOS apps I and it's a bit of a chore to extract the signature, verify certs, etc. with the current stuff that's available. Apple's App signing is all based on PCKS#7. |
|
@idyll the goal here is to extract what is in Plug into something reusable. Our implementation is more about user-level API than wrapping certain algorithms (although we do use certain algos behind the scenes). Implementing PKCS#7 though probably makes sense for the pkcs package though (which is a sep discussion). |
|
Right, so should PKCS#5 go there as well? That's all I'm thinking. The rest makes sense to me. |
|
@idyll can you open an issue to discuss this in https://github.com/elixir-plug/plug_crypto? |
|
@whatyouhide I think that @idyll should open up an issue on pkcs and not plug_crypto. :) |
|
I am going to start with a proposal in the Elixir mailing list. |
|
Closing this as now https://github.com/elixir-plug/plug_crypto exists. Thanks all! 💟 |
Plug will still depend on it but making it a project means other projects can use the key generation, signing and encryption too.
/cc @GriffinMB @voltone @idyll
The text was updated successfully, but these errors were encountered: