ivmaykov
commented
1 year ago Note: don't approve this yet. I need to manually test it with the ncipher jar and make sure there is no BC version conflict in case it bundles its own BC.
Closed ivmaykov closed 1 year ago
ivmaykov
commented
1 year ago Note: don't approve this yet. I need to manually test it with the ncipher jar and make sure there is no BC version conflict in case it bundles its own BC.
ivmaykov
commented
1 year ago Manually tested that signtx-test works with real ncipher jar and real HSM. Will test init-nvram and wallet creation next.
ivmaykov
commented
1 year ago Manually tested wallet initialization and finalization. Will test init-nvram next.
ivmaykov
commented
1 year ago Manually tested init-nvram.
All tests have passed, I think this is safe to merge.
Spongycastle is an unmaintained fork of bouncycastle which hasn't seen a release for 6 years. The BC release that the latest spongycastle is forked from has 5 known CVEs, so spongycastle presumably has them too. Let's not use abandonware, known-vulnerable libraries for our crypto primitives.