On 5/15/14 5:08 AM, Partha Debnath wrote: > I want to know if there is any other implementation of the same to > start with which requires bare minimum implementation to achieve it . > > Currently we have OpenSSL and NSS in C++, is there any other security > package besides this in C++ which is more comprehensive.
I think OpenSSL should be sufficient. You'll need to build functions for HKDF and HAWK out of the SHA256 hash and HMAC functions that OpenSSL provides. You'll also need PBKDF2-HMAC-SHA256, which I *think* is included in OpenSSL (but I could be wrong). It's pretty easy to build out of SHA256, though. Since you're using C++, you could also use the excellent "Crypto++" library (http://www.cryptopp.com/). It has a class named PKCS5_PBKDF2_HMAC that should handle the PBKDF2 needs. I'm not a C++ programmer but I'm told that Crypto++ is pretty easy to use and very solid. You should use the test vectors in https://github.com/mozilla/fxa-auth-server/wiki/onepw-protocol#test-vectors to make sure your implementation matches the specification. The python code in https://github.com/mozilla/fxa-python-client was used to create those vectors, which might be another useful resource. good luck! -Brian _______________________________________________ Dev-fxacct mailing list [email protected] https://mail.mozilla.org/listinfo/dev-fxacct
