Open saper opened 2 years ago
As a side note: I maintain a (by now considerably divergent) fork of certvalidator
for one of my own projects, and there I moved my cryptographic operations to pyca/cryptography
. I essentially only use oscrypto
to interact with the system trust list now.
Both libraries have their strong and weak points, but I found that for the configurations and environments that I wanted to support, pyca/cryptography
was a better fit. For me, the main arguments were: (a) pyca/cryptography
has broader built-in algorithm support, in particular for EdDSA and parameterised RSASSA-PSS, (b) pyca/cryptography
is a project with more resources behind it at this point in time. I also didn't mind only supporting recent Python versions or having direct native dependencies, but YMMV.
Switching the "mainline" modularcrypto suite to pyca/cryptography
would be a massive breaking change and isn't likely to happen (it would also have many potentially undesirable side effects), but maybe it makes sense to make that change in your copy of the library.
Requires eddsa_verify support is oscrypto to work
Test material: RFC 9126: S/MIME Example Keys and Certificates