As we already discussed in #81, pkijs has some bugs and doesn’t properly support PKCS#12, so we should switch over to https://github.com/digitalbazaar/forge. This has some security implications, since forge implemented TLS completely in Javascript instead of relying on the tested and audited webcrypto API. However, since pkijs would require us to implement and maintain significant parts of the crypto ourselves, I think the tradeoff is worth it, especially considering this library is aimed at users who use it with test devices specifically for that purpose, where the security requirements aren’t as high.
I think using forge might be more secure, even though we'll need to rely on their implementation of TLS.
(instead of openssls’/nodejs’)
@baltpeter said:
I mean, tbh I'm not too concerned about security here. We'll literally be autoinstalling a tweak that disables all SSL verification on the devices and we're encouraging users to keep the default root:alpine password. People really shouldn't be using their test devices for anything serious regardless of this supervision thing (though maybe we should mention that in the READMEs).
@zner0L said:
Yes, but I think the supervision in particular could also be useful for non-jailbroken users, in which case I would like it to be secure enough. Though for now I do agree.
As we already discussed in #81, pkijs has some bugs and doesn’t properly support PKCS#12, so we should switch over to https://github.com/digitalbazaar/forge. This has some security implications, since forge implemented TLS completely in Javascript instead of relying on the tested and audited webcrypto API. However, since pkijs would require us to implement and maintain significant parts of the crypto ourselves, I think the tradeoff is worth it, especially considering this library is aimed at users who use it with test devices specifically for that purpose, where the security requirements aren’t as high.
See also this communication from the matrix channel:
@zner0L said:
@baltpeter said:
@zner0L said: