signatures icon indicating copy to clipboard operation
signatures copied to clipboard

dsa: introduce `serde`

Open sivizius opened this issue 1 year ago • 4 comments

This commits introduces the dependency serde to dsa. It is gated by two features: serde and serde_secrets. The first only derives Deserialize and Serialize for non-secret types like Signature. The latter additionally for SignatureKey, which should be used with caution, because it could allow accidentally leaking secrets.

sivizius avatar Oct 12 '24 19:10 sivizius

Draft, because serde_secrets should be implemented with serdect. Or any other "constant time" way.

sivizius avatar Oct 12 '24 19:10 sivizius

Yeah, it would be good to use serdect, similar to how ecdsa does it, especially since you're doing secret key serialization (i.e. SigningKey)

tarcieri avatar Oct 15 '24 12:10 tarcieri

Yeah, it would be good to use serdect, similar to how ecdsa does it, especially since you're doing secret key serialization (i.e. SigningKey)

I am actually working on an commit/PR which introduces another crate common with common types that can be used across all other crates, initially with two types: Bytes and SecretBytes which would move the zeroisation, (de)serialisisation, etc. into these type, thus harmonise (de)serialisation, etc.

sivizius avatar Oct 15 '24 14:10 sivizius

I'd prefer not to add superfluous crates. There shouldn't be that much duplication.

tarcieri avatar Oct 15 '24 14:10 tarcieri

Closing as stale

tarcieri avatar Nov 22 '25 01:11 tarcieri