Consider replacing the `net.i2p.crypto:eddsa` with maintained alternative.

nats-io / nats.java

Java client for NATS

Apache License 2.0

569 stars 154 forks source link

Consider replacing the `net.i2p.crypto:eddsa` with maintained alternative. #1223

Open tomekl007 opened 2 months ago

tomekl007 commented 2 months ago

Proposed change

The net.i2p.crypto:eddsa used in the jnats has not been updated for five years. Maybe the library will need to be switched to a different one or replaced with custom code?

Use case

The dependant library is old and not maintained.

Contribution

No response

scottf commented 2 months ago

Are there any security issues with it? Are you aware of a suitable replacement?

laurentgo commented 1 month ago

Isn't bouncycastle a well-maintained security library for Java with support for EdDSA? Support within JDK was added in Java 15 (and not backported to Java 11)