Implement Network.Ricochet.Crypto

Jugendhackt / haskell-ricochet

(WIP/Experimental) Ricochet implementation as Haskell Library.

GNU General Public License v3.0

22 stars 0 forks source link

Implement Network.Ricochet.Crypto #29

Closed froozen closed 9 years ago

froozen commented 9 years ago

We will need a module with nice crypto-related utility functions. One thing we need is the generation of 1024-Bit private RSA keys in base64 for network-anonymous-tor.

photm5 commented 9 years ago

Well, I’m not so sure anymore if there’s everything we need in HsOpenSSL, since it’s not a complete binding...

photm5 commented 9 years ago

One thing we need is the generation of 1024-Bit private RSA keys in base64 for network-anonymous-tor.

What does that mean? DER-encoded and then base64? We definitely need DER-encoding for the ricochet protocol anyways. I found a PR that adds DER-encoding to HsOpenSSL, but it’s not been merged yet, so we might need to maintain our own fork...

photm5 commented 9 years ago

Oh, the DER-encoding in that PR seems to be for certificates, so I’m not sure if that’s of use.

froozen commented 9 years ago

It doesn't seem to be maintained anymore. Kind of a bummer. Maintaining a fork would suck really hard.

sternenseemann commented 9 years ago

I think this screws HsOpenSSL for the moment.

Since we are an experimental project why not use (experimental) saltine?

photm5 commented 9 years ago

Because it doesn’t have everything we need, too. We could, however see whether we have everything if we take RSA from saltine, and sha256 etc. from HsOpenSSL.

sternenseemann commented 9 years ago

We can depend on multiple libraries since we will have our own abstraction layer.

photm5 commented 9 years ago

Oh, we won’t be able to take RSA from saltine, as its signing uses ECC. See #23.

photm5 commented 9 years ago

I just made a PR that adds DER en/decoding to HsOpenSSL. I don’t think the maintainer is going to merge it though. What do you guys think about binding to openssl in our repo? (That would essentially mean copying the RSA module from HsOpenSSL, in order to save us the work of maintaining a whole fork.)

froozen commented 9 years ago

It wouldn't be neat, but if that's the best way to go, we'll just have to do it.

sternenseemann commented 9 years ago

I don't like the idea of using OpenSSL at all actually.

froozen commented 9 years ago

What would you propose doing instead then?

sternenseemann commented 9 years ago

I don't know frankly.

photm5 commented 9 years ago

Oh, we need DER encoding/decoding of private keys for Tor... I’ll need to add that...