Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecTransform is deprecated in macOS 12 #53

Open
michaeljtsai opened this issue Apr 29, 2022 · 8 comments
Open

SecTransform is deprecated in macOS 12 #53

michaeljtsai opened this issue Apr 29, 2022 · 8 comments

Comments

@michaeljtsai
Copy link

I don't think there are any other macOS APIs that currently support DSA. Time to bring back OpenSSL or is there a smaller third-party library that does DSA?
@glebd
Copy link
Owner

glebd commented May 2, 2022

That's unfortunate. OpenSSL sounds like the easiest option.

@DivineDominion DivineDominion mentioned this issue Jul 1, 2022
Closed
@DivineDominion
Copy link
Collaborator

https://github.com/krzyzanowskim/OpenSSL might be the best dependency for this, no?

Other resources

My last personal encounter with OpenSSL was in https://github.com/SwiftGit2/SwiftGit2 -- it has an ugly way to build OpenSSL with build scripts that I regularly forget how to change :)

In contrast, https://github.com/light-tech/LibGit2-On-iOS sports a build script that builds OpenSSL with a single function. That can take a while, though!

https://github.com/nferruzzi/openssl pointed to

@DivineDominion DivineDominion mentioned this issue Oct 14, 2022
Merged
@DivineDominion
Copy link
Collaborator

Swift package we might use:
https://github.com/krzyzanowskim/OpenSSL

@jeff-h
Copy link

jeff-h commented Jan 19, 2023

Does this mean the current release of Cocoafob doesn't work on macOS 12+?

@DivineDominion
Copy link
Collaborator

@jeff-h It still works fine, but it's discouraged. As with most Apple API deprecations, this should be around for a couple of years, and might never be removed completely to not break old programs.

@apparentsoft
Copy link

There's the https://github.com/apple/swift-crypto library that appears to do digests (SHA1, for example). Could it be used?
By the way, my apps still use the OpenSSL-based verifier. I was looking to update it to not use OpenSSL and have discovered that it's not a good idea at this point :).

@DivineDominion
Copy link
Collaborator

@apparentsoft Does Apple CryptoKit or swift-crypto sport backwards-compatible DSA? Then this would be a good idea :)

@michaeljtsai
Copy link
Author

I don’t think they support DSA, on the grounds that it’s too old and insecure. Personally, I still like it for license purposes because the signatures are short.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@glebd @DivineDominion @apparentsoft @jeff-h @michaeljtsai