On Sat, 28 Jun 2014 23:08:51 -0700, Charles <[email protected]>
wrote:
Is there a native D crypto library like Crypto++?
No. And for good reason. Building a cryptography library is an extremely
dificult proposition. Even after you've completed the build, you still
face a trust problem. You need to convince people that your library is not
subject to a myriad of side-channel attacks. The only way to do that is to
battle-test is, which requires that people use it in the first place. The
philosophy of the D community is to binding to more trusted and tested
libraries.
I currently am working on one such binding to the Botan library called
Titanium.
https://github.com/ellipticbit/titanium
https://github.com/randombit/botan/
Botan isn't as battle-tested as OpenSSL or Crypto++ but it was designed
from the ground up to mitigate or prevent the kind of problems that
OpenSSL is currently experiencing, and was implemented by someone who has
done multiple Cryptographic Module Verifications for NIST. I personally
went with Botan because it's relatively easy to create bindings for the
languages I use and API is relatively sane for a crypto library (I'm
looking at you OpenSSL).
--
Adam Wilson
GitHub/IRC: LightBender
Aurora Project Coordinator
