electrum icon indicating copy to clipboard operation
electrum copied to clipboard
verified publisher icon spesmilo

dependencies: document again choice between pycryptodomex/cryptography

Open SomberNight opened this issue 4 years ago • 4 comments

Before upgrading dnspython to 2.0 in #6828, we have supported both pycryptodomex and cryptography as crypto backends. We use dnspython for DNSSEC, and also some other things. The DNSSEC part of dnspython is an optional extra which requires cryptography. This is why we removed the choice of pycryptodomex as a backend: we would need cryptography for DNSSEC anyway.

Note that DNSSEC is only used for OpenAlias, which itself is probably only used by a handful of people. We have considered removing OpenAlias support as then we could also remove DNSSEC, see #6232.

Recently cryptography (since version 3.4) started using Rust code, which necessitates having a Rust compiler if building from source. Some people complained this is problematic for them.

With this PR, we restore the choice between pycryptodomex and cryptography. (Though the code that can utilise either backend has not even been removed, it is in crypto.py) We support having either dependency; with the caveat that DNSSEC is only available if cryptography is available.

SomberNight avatar Apr 08 '21 18:04 SomberNight

reminder to self; maybe change text here: https://github.com/spesmilo/electrum/blob/a99e0d9e17c66229572786b19c92bdb049793262/contrib/requirements/requirements.txt#L11-L13

SomberNight avatar Jun 23 '21 18:06 SomberNight

Note that DNSSEC is only used for OpenAlias, which itself is probably only used by a handful of people. We have considered removing OpenAlias support as then we could also remove DNSSEC, see https://github.com/spesmilo/electrum/issues/6232.

Annoyingly, bip-0353 (if we wanted to support that) also requires DNSSEC.

SomberNight avatar Dec 02 '25 23:12 SomberNight

Note that DNSSEC is only used for OpenAlias, which itself is probably only used by a handful of people. We have considered removing OpenAlias support as then we could also remove DNSSEC, see #6232.

Annoyingly, bip-0353 (if we wanted to support that) also requires DNSSEC.

yes, we want to keep dnssec for BIP353

ecdsa avatar Dec 03 '25 08:12 ecdsa

apparently dnspython has migrated from pycryptodome to cryptography in 2018. before that they supported both. see https://github.com/rthalley/dnspython/pull/319

ecdsa avatar Dec 03 '25 09:12 ecdsa