search

The-DevX-Initiative / RCIG_Coordination_Repo

A Coordination repo for all things Rust Cryptography oriented
https://cryptography.rs
260 stars 34 forks source link

Suggest adding Themis into high-level libs #28

Closed vixentael closed 3 years ago

vixentael commented 3 years ago

Would you be interested in adding Themis?

That's a general purpose lib, 6yo, with rust-themis wrapper. C core (stable), multiple wrappers supported by the same team, so 100% compatible, tons of docs and examples.

Rust wrapper was added by @ilammy ~2.5 yrs ago and stable since then. Docs, crate.

Under the hood Themis uses OpenSSL/BoringSSL/LibreSSL, etc, and provides crypto-systems for popular use cases – secure cell for aead (similar to libsodium's secure box); secure comparator for zkp-based authN; secure message for sending messages to peers (ecdh+aead).

tarcieri commented 3 years ago

Based on a quick look I think it's probably a better fit for "Collections of Cryptographic Primitives"

The current distinguishing factor between the two categories is a built-in system for key management (which is a debatable qualifier, but the one currently in use), i.e. some sort of keyring/keystore functionality which manages keys on the user's behalf.

As far as I can tell keys in Themis are initialized from raw bytestrings and the user is expected to provide some way of securely persisting them.

vixentael commented 3 years ago

That's true – Themis provides key generation utilities (general doc, rust docs) and a passphrase-based API with KDF under the hood. But it doesn't provide key storing APIs — it's up to user where/how to store generated keys.

I'd argue against "Collections of Cryptographic Primitives". Because from my perspective OpenSSL is a good example of collection (aka "space shuttle of crypto libraries" (c) Matthew Green), while Themis doesn't give a way to use crypto-primitives directly, rather gives a pre-configured APIs (for example, cell.encrypt(passphrase, data) instead of all-the-troubles-of-AES-GCM-params).

But it's up to you, of course, I can update PR to move it to collection of primitives category.

tarcieri commented 3 years ago

I think given our current categorization "Collections of Cryptographic Primitives" is a better fit.

However, since you bring up OpenSSL we also have a "Platform / Framework Bindings" category which the openssl crate is presently under. It's a bit lumped in with various OS framework bindings.

vixentael commented 3 years ago

I think given our current categorization "Collections of Cryptographic Primitives" is a better fit.

Agree. Updated PR, moved Themis there.

tarcieri commented 3 years ago

Thanks!