search

randombit / botan

Cryptography Toolkit
https://botan.randombit.net
BSD 2-Clause "Simplified" License
2.49k stars 554 forks source link

BSI Project 481 #3108

Open securitykernel opened 1 year ago

securitykernel commented 1 year ago

German Federal Office for Information Security (BSI) commissions a project "Maintenance and further development of the cryptographic library Botan". In can be regarded as a successor to the concluded BSI project 197 "Development of a secure crypto library".

Aim of this issue is to make activities from BSI project 481 transparent to Botan maintainers and users.

Project Organization

BSI Project 481 is a development project commissioned by the German Federal Office of Information Security (BSI).

Main Activities

Updating and maintaining the cryptographic library Botan

The BSI development branch shall be updated to the current Botan version (main development branch) in alignment with the BSI.

Extending Botan with PQC algorithms

The implementation of Botan shall be extended by post-quantum cryptographic algorithms (based on NIST, IETF and TR-02102-1). BSI is in charge of selecting the particular algorithms. The candidates selected are FrodoKEM, Classic McEliece, CRYSTALS-Kyber, CRYSTALS-Dilithium, XMSS, LMS and Sphincs+.

Extending Botan with TLS 1.3 hybrid key agreement

A hybrid key agreement procedure in the TLS 1.3 stack shall be implemented (based on the TLS minimal standards of IETF and BSI).

Cryptographic documentation

The implemented algorithms shall be checked thoroughly as recommended by BSI. The documentation of the library shall be revised correspondingly, mainly cryptographic documentation.

securitykernel commented 1 year ago

The work package Extending Botan with PQC algorithms was slightly rescheduled. I updated all scheduled implementation dates in the linked issues.

securitykernel commented 6 months ago

With rescheduling of the work package Extending Botan with PQC algorithms, the project's duration was extended by 3 months, which I updated in the original description now.