sigstore-rs icon indicating copy to clipboard operation
sigstore-rs copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Refactor: switch to `ring` library

Open flavio opened this issue 2 years ago • 4 comments
trafficstars

Description

A long time ago we moved away from the ring crate to a constellation of pure-rust cryptographic libraries. We did the switch because the ring library did not build for certain architectures (like s390x and webassembly).

This limitation has been addressed by latest versions of the library. Moreover, we have recently reintroduced the ring dependency to implement TUF trustroots.

Moving back to ring would reduce the list of dependencies we have, making the codebase easier to understand and to maintain.

I think these are the dependencies we should be able to remove:

  • ecdsa
  • ed25519
  • ed25519-dalek
  • elliptic-curve
  • p256
  • p384
  • pkcs1
  • pkcs8
  • rsa

flavio avatar Nov 14 '23 07:11 flavio

@flavio @lukehinds ToB is willing to pick this up!

jleightcap avatar Dec 07 '23 17:12 jleightcap

@jleightcap: awesome, who should assign this issue to?

flavio avatar Dec 11 '23 13:12 flavio