I spoke to @tobhe for a crypto review. Unfortunately Crypt::Perl::Ed25519 is not base on crypto RFCs. It is a port from Javascript and the math appears dubious [0].
Static analyzer results on libcryptx-perl are not happy, but fixable-- especially after reducing the codebase. If libtomcrypt were updated to upstream's most recent commit instead of version, it *might* be a cleaner implementation for minimization. Ideally we could use crypto software we already maintain, like OpenSSL. Please consider creating and maintaining a wrapper for `Crypt::OpenSSL::Ed25519` as a fourth option. The wrapper would be for [1]. The maintainers of libmail-dkim-perl might switch over if we do this :) [0] https://metacpan.org/release/FELIPE/Crypt-Perl-0.38/source/lib/Crypt/Perl/Ed25519/Math.pm [1] https://www.openssl.org/docs/man3.0/man7/Ed25519.html -- You received this bug notification because you are a member of Debian Perl Group, which is subscribed to libcryptx-perl in Ubuntu. https://bugs.launchpad.net/bugs/2046154 Title: [MIR] libcryptx-perl (libmail-dkim-perl dependency) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libcryptx-perl/+bug/2046154/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~pkg-perl-maintainers Post to : [email protected] Unsubscribe : https://launchpad.net/~pkg-perl-maintainers More help : https://help.launchpad.net/ListHelp
