node.forge and crypto

[richardschneider]

node-forge is being used because it supports PKCS 7 and 8. One major drawback is that it only uses RSA private keys.

libp2p-crypto should be enhanced to support PKCS 8 (encrypted private keys).

[daviddias]

Yes, please always augment libp2p-crypto first rather than importing other crypto libraries.

[richardschneider]

@diasdavid Rolling our own crypto is not recommened. libp2p-crypto should be a wrapper around crypto primitives. That said, PKCS 7 and 8 are not primitives and I agree with you.

[daviddias]

libp2p-crypto should be a wrapper around crypto primitives.

It is what it is currently and I'm just encouraging to continue to be just that.

[richardschneider]

Keychain needs the following from a crypto library

• ipfs key requirements
  • PKCS 1, RSA key generation
  • PKCS 5, PBKDF2 (derived password)
  • PKCS 8, Encryption/Decryption of private key with password (pem)
• ipfs crypto requirements
  • PKCS 7, Create/Read CMS data
  • X.509, Create certificate for a key

It would be nice to have support for DSA, ECDSA, ed25519 key types.

[richardschneider]

@diasdavid I've searched npmjs and only found two packages that support PKCS 8 with a password; jsrsasign and node-forge.

"extracting PKCS 8 code" to add to libp2p-crypto is not practical. There are too many internal dependencies in both packages to make it easy.

[richardschneider]

libp2p-crypto now supports PBKDF2.