Re: RSA and libcrypto
Re: RSA and libcrypto
- Subject: Re: RSA and libcrypto
- From: Jens Alfke <email@hidden>
- Date: Tue, 14 Jan 2014 09:20:04 -0800
On Jan 14, 2014, at 1:19 AM, email@hidden wrote:
> As Jens comments the security APIs are ridiculously opaque.
> Perhaps this is seen as a necessity in the serious world of crypto - perhaps it is just hard to avoid. However, it is a liability.
Crypto is inevitably sort of complex, but Apple’s to blame for some bad (and downward-trending) API design and poor documentation. Other crypto APIs that I’ve seen are much clearer.
> By comparison libcrypto is pretty straightforward.
> The only problem with retaining it is the extra complexity involved in integrating the static library build into the project and upgrading the source.
My reservation about using libcrypto would be key storage. The Keychain is a pretty great thing — a secure place to store keys that’s well-integrated into the OS. I don’t know how OpenSSL stores keys, but if it’s using some other mechanism, it’s probably less secure.
This thread should probably move to apple-cdsa (which is the fittingly-obscure name for the security/crypto mailing list.)
—Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden