Switch to cryptography for RSA and ECDSA algorithms #51
Conversation
Consolidated testing variables for has_rsa and has_ecdsa into has_crypto. Updated README and dependencies in tox.ini
|
@mark-adams this is huge and an awesome improvement. Also thanks for the speed comparison, I'l definitely include that in the release notes. Wondering if this should be treated as a new major version, since we are changing the main requirement. I was wondering if installing cryptography on Heroku worked. It seems that as of a couple of months ago it does. The Python buildpack has a cryptography build step to deal with |
|
Also, @progrium since this might possibly be considered a "large" change. What are your thoughts? |
|
If it changes or breaks the existing API or behavior, it's a new major On Sat, Dec 20, 2014 at 6:21 AM, José Padilla notifications@github.com
Jeff Lindsay |
|
@progrium API doesn't change at all, just its internal requirement |
|
Right. I think it's a minor version. On Sat, Dec 20, 2014 at 11:01 AM, José Padilla notifications@github.com
Jeff Lindsay |
|
So does that mean 0.4 or 0.3.3? |
|
0.4 On Sat, Dec 20, 2014 at 11:19 AM, Mark Adams notifications@github.com
Jeff Lindsay |
|
Cool. I was just making sure. Since the project hadn't had a 1.0 yet, I wasn't sure. Added the commit incrementing the version. |
Switch to cryptography for RSA and ECDSA algorithms
|
@mark-adams thanks again, just released this as v0.4.0 on PyPI. |
Currently, pyjwt uses
PyCrypto(last release 2013-10) andecdsain order to support RSA and ECDSA algorithms. Instead of dealing with two dependencies, I propose switching to using the cryptography library for the following reasons:PyCryptocryptographylibrary uses OpenSSL for most of its cryptographic functions which is trusted, very familiar, and well maintained.cryptographyis more actively maintained. (PyCryptohasn't seen any updates in over a year)The attached commits swap out PyCrypto and ecdsa for cryptography. There are no public API changes to pyjwt. All existing test cases pass without issue.