Nicolas Stalder

Might I suggest changing the device choices to reflect availability of dev boards? For instance, in the `stm32l4` series, the two main Nucleos are NUCLEO-L476RG and NUCLEO-L432KC, so it would...

@sosthene-nitrokey can you please rebase/force-push on main (fixing fake merge conflicts), then feel free to merge.

The difference between "shared secret" and "symmetric key" is quite important, and IMHO we should try and uphold it in our type system. The point is that the output of...

It's just a typo, ASN1 is definitely BE.

Very cool! I'd be happy to collaborate on merging this (and fixing the bugs it finds). Wondering if `wycheproof/eddsa_test.json` should be in the repo itself, or fetched by some command?

In case you're still interested in this @enrikb, I've started to add X25519 as well (to enable a native recipient for `age`, an eventual WireGuard interface, and some other use...

@enrikb this is really nice work! I took the liberty of creating a PR myself https://github.com/ycrypto/salty/pull/11, with disposition to merge. Very much agree that testing on host is useful, the...

I'm sorry :) Indeed excited hehe. I have to change the API a little to accomodate both Ed255 and X255, so if I merge your status quo now, you can...

Regarding malleability of signatures that Wycheproof Ed25519 tests complain about: https://docs.rs/ed25519-dalek/1.0.1/ed25519_dalek/struct.PublicKey.html#method.verify_strict. I'm not too hot about adding malleability checks by default, as it's not clear to me what security this...

I'd like to do a new release. The problem is that the `wycheproof*` dependency libraries aren't published (and probably shouldn't currently be), so `salty` can't be published. But without them...