Alternative crypto libraries
Despite some effort, our Nettle is a bit challenging for downstream users (discussion). I have researched alternative crypto libraries that we could support, possibly as a compile-time option.
-
openssl
: Theopenssl
crate provides a Rust-interface for the OpenSSL library. While also a C-dependency, OpenSSL is more commonly used, and the build process better understood (see also). From a cursory look, the API looks complete enough for our purposes. Unfortunately, the OpenSSL license is incompatible with our own, see here and #209 (closed). -
ring
:ring
is a subset ofBoringSSL
(hence the name), which is in turn a fork of OpenSSL. Unfortunately,ring
's functionality is too limited for our needs (doesn't implement RFC4880's 'MUST implement' algorithms). Furthermore, it has the same licensing problems asopenssl
. - "RustCrypto" - various crates, by the RustCrypto developers: I am not qualified to judge the quality, stability, and maintenance of these implementations. But given the fact that they are (or most seem to be) pure Rust implementations, and therefore young implementations, I'd be wary of using them.
-
botan
: A port tobotan
looks plausible, but Botan, being a C++ library, probably is even more challenging than Nettle. -
gcrypt
: For completeness, a port togcrypt
would likely be feasible, but libgcrypt at least as challenging to build as Nettle, so there is no point to that.
I went through all the crates tagged with the 'Cryptography' category. Did I miss any cryptography libraries worth considering?