Closed KleMiX closed 3 years ago
lachlanbell
commented
4 years ago Thanks for the suggestion! Server-side Swift was not a use case I had considered; abstracting away the crypto backend certainly is a logical step for such uses with differing dependencies. I’ll look into it, thanks again!
KleMiX
commented
4 years ago Swift Crypto was just announced, this would be perfect to use - https://swift.org/blog/crypto/
lachlanbell
commented
4 years ago I've been messing around Swift Crypto today, looks like a great fit. Cheers!
mrgrauel
commented
3 years ago @lachlanbell how is it going?
lachlanbell
commented
3 years ago Hi! Thanks for re-surfacing this. Given that Swift Crypto and CryptoKit are ostensibly API-compatible, with a few changes @mustsait’s PR #18 should work for this. I’ll get started on those very soon.
lachlanbell
commented
3 years ago Solved by #18. SwiftOTP now uses Swift Crypto as a backend on Linux and SwiftPM installations, and CryptoKit for Carthage and CocoaPods on Apple platforms.
I've added the test target to the Swift package as well, with a corresponding Linux CI environment. It all works, so the library should work fine with Swift Crypto on Linux.
lukeredpath
commented
3 years ago @lachlanbell is there any chance you could provide an alternative product, e.g. SwiftOTP-CryptoKit that explicitly uses CryptoKit instead of SwiftCrypto? We're using the library in an iOS project using SPM to manage our dependencies and it seems unnecessary to have a dependency on SwiftCrypto when CryptoKit is available. I'd be happy to open a PR.
EDIT: I just tried this in a fork and unfortunately there doesn't seem to be a way of doing this - you can have a separate "SwiftOTP-CryptoKit" product in the package file that doesn't link to Crypto but SPM will still fetch the dependency anyway, even if you're using a target that doesn't depend on it. There's also no way to provide an alternative package.swift file either as far as I can see.
lukeredpath
commented
3 years ago @lachlanbell yes, SPM can work with alternate branches which could help here, but it looks like that branch is using CryptoSwift, not CryptoKit. I'm trying to get rid of the CryptoSwift dependency from our project and would rather not replace it with another unnecessary one (SwiftCrypto).
lachlanbell
commented
3 years ago (Apologies for the previous response; I misunderstood your query at first 😅) On Apple platforms swift-crypto just re-exports the CryptoKit API, without adding substantial extra code. If that's a concern for your project I can make a separate branch directly importing CryptoKit instead.
lukeredpath
commented
3 years ago @lachlanbell if its not actually importing any code into the target and just using CryptoKit then that's probably fine, its a shame it has to clone swift-crypto but probably not the end of the world.
Consider making separate package without any dependencies, just some abstract protocols for working with crypto stuff. This would make possible to have SwiftOTP packages with dependencies to SwiftCrypto, OpenCrypto or CryptoKit (#16 might be related). Since Vapor 4 doesn't have TOTP replacement as of now, this library would be great for using in Vapor. Right now I had to copy sources to my project and modify them directly. Still library looks great, thanks!