Replace gcrypyt, libsodium, libargon2 with Botan #3200
Comments
|
Lowest Ubuntu version to have Botan is Bionic. |
|
I checked out latest master to see if there is anything else that would be missing. I noticed you are using Bcrypt-PBKDF for the SSH key support, which motivated me to finish adding support for that, I had written most of it last year but never got around to completing it randombit/botan#1990 Obviously you can't use that unless you're willing to require the latest (or for now, unreleased) version, but it'll be there later if you want it. Other things I noticed, all already directly supported or easily implemented using any version in 2.x release series: RSA |
|
This has been completed after much effort by myself. Ready for PR this weekend and deployment with 2.7.0. I want to thank @randombit for such amazing software that is incredibly well documented and the code is very readable. |
droidmonkey
changed the title
|
@randombit, any chance you can get version 2.11 or better deployed to Bionic (currently stuck at 2.4)? Less concerned about Xenial but Bionic is going to be around for a while. |
|
@droidmonkey Sorry missed this earlier. Do you mean a backport? TBH I think such a request would have more weight coming from the KeepassXC team. Another alternative would be to bundle an amalgamation build which is used whenever the underlying distro version is too old. Not ideal I admit. |
|
We are going to include in our ppa for xenial builders. I am not sure how to release a new version into an LTS distro, we have failed at getting our own software to be updated and it's not even a library... |
|
This was completed in #6209 |
|
When can we expect the first release with the Botan support? |
|
2.7.0 |
Summary
Botan has full 2d/2i/2id support. We also support AES, ChaCha and Twofish (among others) with all common modes (CBC, CTR, GCM, XTS, etc). PKCS #11 Support
POC version for NeoPG with botan and PKCS#11 and you can play around with that to get some idea how this works. I currently plan to implement this in NeoPG. (See #255 for PKCS#11 support)
Botan on GitHub: https://github.com/randombit/botan/
Context
Botan was audited by a team in 2015 who found some issues (which were all resolved) https://botan.randombit.net/releases/audit_1.11.18.pdf
Various bug reports have also been provided by different researchers and crypto engineers. I cannot know how carefully any one of them checked the whole library though. You can see all reported security issues botan.randombit.net/security.html
In 2017 it was reviewed and approved by the German BSI (Federal Office for Information Security) for government use https://bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Projektzusammenfassung_Botan.html and is used by open source projects such as strongSwan, ISC KEA, and Shadowsocks-qt5, and companies including Rockwell Automation, Panasonic, Mazda, IBM, Bosch, PSPDFKit, and Rohde & Schwarz among others randombit/botan/wiki/Users
Also FWIW I build and review cryptographic systems for a living. I have contributed changes to other libs including OpenSSL and mbedtls, and currently maintain the crypto code used in a FIPS validated HSM.
Maintainer is @randombit
The text was updated successfully, but these errors were encountered: