paulmillr
commented
1 year ago there is no need to use asn.1. You should switch to noble-curves. They have been audited. In comparison, last audit of secp was almost 2 years ago.
Open Akamig opened 1 year ago
paulmillr
commented
1 year ago there is no need to use asn.1. You should switch to noble-curves. They have been audited. In comparison, last audit of secp was almost 2 years ago.
Akamig
commented
1 year ago @paulmillr Oh, I thought it could be too big using whole curves library when I was writing this issue, but then I just found out your library is tree-shaking friendly! that just seems to fit the bill then.
last audit of secp was almost 2 years ago.
AH
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. Thank you for your contributions.
https://github.com/paulmillr/noble-secp256k1/pull/92 The recently merged PR on @noble/secp256k1 seems dropping all DER related methods, including
fromDER(),toDERRawBytes().toDERHex().So we may need some action about this part, @paulmillr suggested using
noble-curveswhich is including secp256k1 'and' DER processing logic, Or, we might be able to cover this with asn.1.js I guess?Also, High-S detection / S normalization now seems to be integrated as part of
prepSig()https://github.com/paulmillr/noble-secp256k1/blob/ec7b5731808538c7cc32cba3234822a003958345/index.ts#L249 so yous might want to look into._Originally posted by @Akamig in https://github.com/planetarium/libplanet/pull/2962#discussion_r1141582842_