Re: [racket-users] Cryptography routines in Racket
Hey Ryan! This is great, and looks like it really was what I was looking for! You seem to have made a ton of progress on all sorts of stuff that would have honestly taken me ages to get to the equivalent level. ;) Re: the missing commits and etc, waiting till mid-January is a-ok with me... maybe what would be a good idea is if in mid-January you're able to get the latest stuff pushed up there, you could ping me and I could help test the system? I could also test before then on the current code, but maybe it's just best for me to wait. (I'm planning on writing an implementation of the Linked Data Signatures standard-in-progress in Racket. I've already got a working json-ld expander and compactor... what I was missing was what seems like exactly the work you've done here on the crypto library.) Thanks for all your work on this! - Christopher Lemmer Webber Ryan Culpepper writes: > I have a crypto library in progress that I haven't released yet. The > repo is at https://github.com/rmculpepper/crypto, but the repo is > missing a lot of local commits and I won't be able to fix it until > mid-January. > > If you want to try out the old version, you'll also need asn1-lib from > rmculpepper/asn1 at commit a32ee72. > > Ryan > > > On 12/31/17 10:33 AM, Christopher Lemmer Webber wrote: >> Hello all, >> >> So I've been making a lot of progress in porting my tooling over to >> Racket, and it's been a blast. Horray! However, I do a lot of work on >> stuff that involves using quite a bit of cryptography, and it doesn't >> seem that there's a general purpose cryptography library available for >> Racket. Am I right in that? Particularly, I need to use asymmetric >> (public key) cryptography tooling for encryption/signatures and also >> HMAC signatures. >> >> I'm guessing I probably need to write one. My thoughts are that I >> should probably use the Racket FFI library and use openssl (maybe >> gnutls?) but I'm not really sure. I haven't touched the FFI yet... >> >> However, it does look like Racket already ships with some of the right >> bits. racket/collects/openssl/ contains a swath of relevant openssl >> tooling, just apparently not all the bits for general public key >> cryptography and etc. >> >> I'm happy to dive into hacking... the purpose of this email is mostly to >> check if work has already been done here other than what I found above >> and what I should coordinate with :) >> >> Thanks! >> - Christopher Lemmer Webber >> -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] Cryptography routines in Racket
I have a crypto library in progress that I haven't released yet. The repo is at https://github.com/rmculpepper/crypto, but the repo is missing a lot of local commits and I won't be able to fix it until mid-January. If you want to try out the old version, you'll also need asn1-lib from rmculpepper/asn1 at commit a32ee72. Ryan On 12/31/17 10:33 AM, Christopher Lemmer Webber wrote: Hello all, So I've been making a lot of progress in porting my tooling over to Racket, and it's been a blast. Horray! However, I do a lot of work on stuff that involves using quite a bit of cryptography, and it doesn't seem that there's a general purpose cryptography library available for Racket. Am I right in that? Particularly, I need to use asymmetric (public key) cryptography tooling for encryption/signatures and also HMAC signatures. I'm guessing I probably need to write one. My thoughts are that I should probably use the Racket FFI library and use openssl (maybe gnutls?) but I'm not really sure. I haven't touched the FFI yet... However, it does look like Racket already ships with some of the right bits. racket/collects/openssl/ contains a swath of relevant openssl tooling, just apparently not all the bits for general public key cryptography and etc. I'm happy to dive into hacking... the purpose of this email is mostly to check if work has already been done here other than what I found above and what I should coordinate with :) Thanks! - Christopher Lemmer Webber -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [racket-users] Cryptography routines in Racket
I've had to do a lot of various crypto tools stuff from Racket (for consulting projects for which writing and validating a pure Racket implementation couldn't be cost-justified), and usually created separate Linux processes for off-the-shelf programs. The "openssl" basket contains a lot of tools, and I've encountered at least a few real-world situations when I needed to use unlikely-sounding ones in Racket production code. I wonder how much work to make a Racket openssl-super-fun-pak package that provides FFI or subprocess bindings to *all* the tools, and which would be tested, and have some trustworthy party overseeing changes to it. Or, if anyone is looking for a different winter or spring break project, you could implement some crypto algorithms efficiently in pure Typed Racket, and probably not using any "unsafe" features. (Warning: The standards for reusable crypto code are higher than for many other kinds of code. Even though Racket is a safer language than C, you still have to be very careful about correctness, and about side ways information can leak. To get the best learning experience, and to be the most useful to others, I suggest not treating this like a school assignment, when the top priority is to get A grades in all your simultaneous classes with not enough time, but as a mission-critical engineering responsibility.) Or do pure Racket implementations of pixmap (e.g., PNG) manipulation algorithms, since it seems that no one can write a popular image library in C that isn't a neverending fountain of security vulnerabilities. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.